l={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x12) [ 2002.523702][ T8754] binder_alloc: 8738: binder_alloc_buf, no vma [ 2002.552299][ T8763] binder: BINDER_SET_CONTEXT_MGR already set [ 2002.552580][ T8754] binder: 8738:8754 transaction failed 29189/-3, size 40-8 line 3147 [ 2002.560334][ T8763] binder: 8738:8763 ioctl 40046207 0 returned -16 14:40:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x4, 0x2001) bind$tipc(r3, &(0x7f0000000240)=@id={0x1e, 0x3, 0x1, {0x4e23, 0x2}}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000004000/0x1000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="660f5a3f3e0f01d1baf80c66b878b9108f66efbafc0ced0f2283440f20c066350b000000440f22c0baf80c66b8c617598e66efbafc0cec3e2e2e0f01cb0f2184baa000b80000efd37e00", 0x4a}], 0x1, 0x1, &(0x7f0000000200), 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, &(0x7f0000000340)=0xfffffffffffffc1f) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup(r0) getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x482, &(0x7f00000000c0)=""/25, &(0x7f0000000180)=0x19) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x9a, 0x0) 14:40:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x1ff, 0x4000) ioctl$SG_GET_REQUEST_TABLE(r3, 0x2286, &(0x7f0000000300)) [ 2002.673758][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2002.682508][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x3f00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x13) [ 2002.894878][ T8780] binder: 8776:8780 got transaction with invalid parent offset or type [ 2002.948843][ T8786] binder_alloc: binder_alloc_mmap_handler: 8776 20000000-20002000 already mapped failed -16 [ 2003.028729][ T8786] binder_alloc: 8776: binder_alloc_buf, no vma 14:40:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000000)=""/85) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="1c5813745a0000d51383722122856e9764012e1b4f9068996ff69f70be6df3a0a02ef89a3e31382ccbb3f34b2a28b46f5d016ce8394e8cbfc58d6f474e4a30ec99eb42c98a3364787b00bad3cd26ddd55a3df6e97ff93199ed6c92c5ce3293fceb44b149fb5f76cfd63df078e074a87a2781f75102ea8bcc0c28ce6e1aa386d890b38a97de7aca8ec3307e07b8f1b9ffb80d3775199117730d44e5bc5ea268217169d9d22b09ad24ac68918df20d27665eccf2660527d993bdcf0c4c78de80e570159cb2e1bd69c08428cdcac0790fc2e390ee4a216b2c73387c1fe9954b5cb7da378c59eff02ef42588ff821d3fc010ba2bb6b77c9d0a33ff1a5a65931efd680e1bb974ae9acce5d6d5470874969154f4572033652336fedd9049602683a9cf3fd5e529466b26eeb16ea826288a78f3e1b163d84672453b85bd2d28e61f9a9fe7fa75dc1a7edcab57860400750cec2ef763ff7f00001eaba853e90c1a2e800672cdf65af9e7259c13ff567c10c921fa35d073073f6d82e0733f7a94bd3f6f361fb06e7fe21fec3608ec5172db9b940a90cbdab0ba35c0147dade609827b3261f9342edd9f8a6bb6cbb110235858836fd054222286a88d36e851ef21f9910e3c9afffdad8514cc6f1e43b0e98b85b0f52e723eaf737ebcd61ae3488eeb9531c4b986eda0e981714364c34a9d230dee4bf917b3742b5cf4307ed8a5678cb02c1db964b3b18b90bcf8aa59ede0789641ef109123bf39de6f55ff8c35e3bbc16d690d401bacf8fae79e456edea65b2496d410508476bfdaa1ee283e525b07b965192182ad56829d7fe78fcb9c89e687a518c185a12a3e9a4735a15f2797122226b05170591bccb60805c822b7ea37da843ca5c0f54773ffd5d06b0d35c711748cb8ad8c972a7dd9a7b35a0ad96609cb289aaa688ea52ede5a846690e75fc06eee972c3fe9e7d8edb256d8d637ae6b2bfd"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x14) 14:40:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$EVIOCGUNIQ(r0, 0x80404508, &(0x7f0000000300)=""/4096) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x4800}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xac3, 0x0) ioctl$UI_DEV_CREATE(r3, 0x5501) [ 2003.218621][ T8799] binder: 8795:8799 got transaction with invalid parent offset or type [ 2003.292274][ T8807] binder_alloc: binder_alloc_mmap_handler: 8795 20000000-20002000 already mapped failed -16 14:40:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x15) [ 2003.359436][ T8799] binder: BINDER_SET_CONTEXT_MGR already set [ 2003.412960][ T8799] binder: 8795:8799 ioctl 40046207 0 returned -16 [ 2003.412980][ T8815] binder_alloc: 8795: binder_alloc_buf, no vma [ 2003.452200][ T8815] binder_transaction: 3 callbacks suppressed [ 2003.452217][ T8815] binder: 8795:8815 transaction failed 29189/-3, size 40-8 line 3147 14:40:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000040)) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813787c002000"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) ioctl$KVM_GET_DEBUGREGS(r2, 0x8080aea1, &(0x7f0000000180)) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2003.530650][ T8052] binder_release_work: 3 callbacks suppressed [ 2003.530657][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0) accept$inet(r3, &(0x7f0000000080), &(0x7f00000000c0)=0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(r0, &(0x7f0000000040)=ANY=[], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x4c00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x16) [ 2003.723968][ T8827] binder: 8826:8827 got transaction with invalid parent offset or type [ 2003.758770][ T8827] binder: 8826:8827 transaction failed 29201/-22, size 40-8 line 3317 [ 2003.796805][ T8837] binder_alloc: binder_alloc_mmap_handler: 8826 20000000-20002000 already mapped failed -16 [ 2003.836019][ T8827] binder: BINDER_SET_CONTEXT_MGR already set 14:40:09 executing program 4: r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='\xb0ppp0]\x00', 0xffffffffffffff9c}, 0x10) fdatasync(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000000), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x4b010100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1) fcntl$setstatus(r1, 0x4, 0x2000) [ 2003.870868][ T8827] binder: 8826:8827 ioctl 40046207 0 returned -16 [ 2003.890377][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2003.897184][ T8837] binder_alloc: 8826: binder_alloc_buf, no vma [ 2003.916050][ T8837] binder: 8826:8837 transaction failed 29189/-3, size 40-8 line 3147 14:40:09 executing program 2: r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2) setsockopt$inet6_udp_int(r0, 0x11, 0x0, &(0x7f00000000c0)=0xfffffffffffffbff, 0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="09000000000000000000000001ffffff07000000040000000600000003000000070000000000000000000000000000000d00004008000000020000007d000000040000000600000002000000000000000000000000000000010000c0010100000300000009000000b6f7537c0900000005000000000000000000000000000000010000c04c0000000500000000000000020000000200000000000000000000000000000000000000000000000500000002000000080000000700000002080000000000000000000000000000000000000700000005000000050000000101000083000000f9ffffffff0700000000000000000000000000000a0000c0040000000200000009000000080000002000000009000000000000000000000000000000000000400300000006000000010000000100000000020000ff00000000000000000000000000000006000000ff7f000006000000f9ffffffff0300006b0f000040020000000000000000000000000000"]) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="3f581374420000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2003.944419][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x17) 14:40:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x6000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x10000, 0x101040) readlinkat(r3, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=""/227, 0xe3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2004.136371][ T8852] binder: 8851:8852 got transaction with invalid parent offset or type [ 2004.144807][ T8852] binder: 8851:8852 transaction failed 29201/-22, size 40-8 line 3317 [ 2004.204204][ T8859] binder_alloc: binder_alloc_mmap_handler: 8851 20000000-20002000 already mapped failed -16 14:40:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = fcntl$dupfd(r1, 0x406, r1) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000180)={0x9, 0x1, {0x0, 0x2, 0x52c7, 0x1, 0x7f}}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x18) [ 2004.288463][ T8852] binder: BINDER_SET_CONTEXT_MGR already set [ 2004.329793][ T8852] binder: 8851:8852 ioctl 40046207 0 returned -16 14:40:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1c5813747c0000d5bcaa647048491451c8cb4ee86bc9f267f5f391085aad1076ea2787f048d9df5c67dd8dc1812fba7662c19fe4adb69eba826b4ccdc6cd4add573b2d2b63571d8dcc38407e67e6c1e296104c34ff252181cf04a2a4845b6b4e87b864d6d0048b27b0d1029bdf30ff7742841e45f4200d5e867d3e8db09973aefccb916f2d5f637ff56db8eea05b54797e6206efa31c98023004bfe0ba2a9d8cf6815f977db81f73578c9dc424f541e163b354df7d2a630c305a64b88ae5b148e5aae2eadada1088987e835010c249190adf6d3f"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x50800, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x114000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000280)='/dev/vcsa#\x00', 0x5, 0xd0080) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, &(0x7f0000000240)=0xffffffffffffff82) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2004.370603][ T8865] binder_alloc: 8851: binder_alloc_buf, no vma [ 2004.398384][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2004.408203][ T8865] binder: 8851:8865 transaction failed 29189/-3, size 40-8 line 3147 [ 2004.458851][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x6800}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x19) [ 2004.608983][ T8878] binder: 8877:8878 got transaction with invalid parent offset or type 14:40:10 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14) ioctl$RTC_AIE_OFF(r0, 0x7002) clone(0x80100200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace$cont(0x1f, r2, 0x1f, 0x3) tkill(r2, 0x1) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000000)=0x7, 0x4) fcntl$setstatus(r0, 0x4, 0x2000) [ 2004.659032][ T8878] binder: 8877:8878 transaction failed 29201/-22, size 40-8 line 3317 14:40:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x0, 0x0) setsockopt$bt_hci_HCI_TIME_STAMP(r3, 0x0, 0x3, &(0x7f00000001c0)=0x2, 0x4) ioctl$VIDIOC_SUBDEV_S_EDID(r3, 0xc0285629, &(0x7f0000000180)={0x0, 0x8, 0x1, [], &(0x7f00000000c0)=0x6}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2004.712558][ T8890] binder_alloc: binder_alloc_mmap_handler: 8877 20000000-20002000 already mapped failed -16 14:40:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = dup(r2) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$UI_SET_PROPBIT(r4, 0x4004556e, 0x7) ioctl$UI_SET_PROPBIT(r3, 0x4004556e, 0x9) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1a) [ 2004.779781][ T8878] binder: BINDER_SET_CONTEXT_MGR already set 14:40:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x0) r4 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x8000, 0x200041) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000180)={0x1, r4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f00000001c0)={0x0, 0x10001}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000240)={r5, 0x56, "63bec9df596a031ba1bcfd1680bbef5a1e820c4dbaf6ba677a65346b0b3b2984b35fc4ff74a7a1048b12e16c8f25133d9ecab14d20a7cfd851a1228b142608d76e3f09ee9156fc80cc9db9a4e4f8212f2cbbf8c930c6"}, &(0x7f0000000300)=0x5e) [ 2004.858423][ T8878] binder: 8877:8878 ioctl 40046207 0 returned -16 [ 2004.858450][ T8900] binder_alloc: 8877: binder_alloc_buf, no vma [ 2004.907203][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2004.981291][ T8900] binder: 8877:8900 transaction failed 29189/-3, size 40-8 line 3147 [ 2005.023742][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1b) 14:40:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x6c00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2005.177191][ T8920] binder: 8918:8920 got transaction with invalid parent offset or type 14:40:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000001c0)="c4c17b1085e4950000c4c101dbda66b828008ec0c7442400e5410000c744240253000000c7442406000000000f011424b9800000c00f3235000100000f30f30f167e0066baf80cb8e79a9681ef66bafc0cb006ee0f3566b8d7000f00d80f01c8"}], 0x1, 0x7, 0x0, 0xfffffffffffffdc0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) accept$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, &(0x7f00000000c0)=0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2005.263543][ T8920] binder: 8918:8920 transaction failed 29201/-22, size 40-8 line 3317 [ 2005.308408][ T8930] binder_alloc: binder_alloc_mmap_handler: 8918 20000000-20002000 already mapped failed -16 14:40:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1c) 14:40:11 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x11, &(0x7f0000000280), 0x2) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) connect$inet6(r0, &(0x7f0000000240), 0x1c) dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x9) fcntl$setstatus(r0, 0x4, 0x2000) openat$userio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/userio\x00', 0x10002, 0x0) [ 2005.408090][ T8920] binder: BINDER_SET_CONTEXT_MGR already set [ 2005.446675][ T8920] binder: 8918:8920 ioctl 40046207 0 returned -16 14:40:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000200)={0x6006, 0x100ffc}) r3 = dup3(r1, r2, 0x80000) getsockname$ax25(r3, &(0x7f0000000180)={{0x3, @null}, [@rose, @null, @bcast, @rose, @bcast, @netrom, @netrom, @bcast]}, &(0x7f00000000c0)=0x48) openat$cgroup_procs(r3, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2005.446697][ T8935] binder_alloc: 8918: binder_alloc_buf, no vma [ 2005.514534][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1c580000d5000000d5339d3b3f905bbbfcde5ce337e61102b3f238065cc88fdff839f50abcc4aa41d1b98b4f9d08d8f88eeec654be9144192966e3107fb0e0454ac95418bc7b1481e45795b114d95da5bdd9c6329f5fd992b1dce24cc2f6083a0e282cb3d7c6cebdeb61b4d1adafc128664c6583184b1487761ae47ca77423c11a711f731b82f7c1f7"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="1c000000e8ff008004daccafa44c9f04188324f6a58b5d569051174bc46da34243a5b28ccbe112253646"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:11 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0xfffffffffffffffe}, 0x1c) r1 = dup2(r0, r0) sendto$rxrpc(r1, &(0x7f0000000000)="89c655385c1fabf81d13190110cb34036a5c1800c38d49cd38d2f4d174d23cfea864675f84469c", 0x27, 0x800, &(0x7f0000000040)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e22, 0x100000001, @empty}}, 0x24) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000080)={0x1, "11"}, 0x2) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2005.556942][ T8935] binder: 8918:8935 transaction failed 29189/-3, size 40-8 line 3147 [ 2005.594154][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x7400}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1d) 14:40:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000240)="9c33a2ec1e7418346a45d94e7d55b4733331d529eb2857f73deef46b23a4e95228406787c8a06f1a5a2a55df65a53c04346cfe2704fc8a41bb2a98e86164620e718a", 0x42) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x0, 0x0) getsockopt$inet_opts(r2, 0x0, 0x0, &(0x7f0000000180)=""/145, &(0x7f00000000c0)=0x91) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80472088e389e946}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r4, 0x100, 0x70bd27, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x4041) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1c010000000000000000f6769b5097476ad9aa84b7bee6f2a7d73b1a97a3e102f31eab3730a21ab18cbf8fbbf7"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) setsockopt$inet6_MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000300)={0x3ff, 0x1, 0x4, 0x3, 0x22127e19}, 0xc) ioctl$SIOCNRDECOBS(r2, 0x89e2) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2005.744470][ T8958] binder: 8955:8958 got transaction with invalid parent offset or type [ 2005.763964][ T8958] binder: 8955:8958 transaction failed 29201/-22, size 40-8 line 3317 [ 2005.815029][ T8966] binder_alloc: binder_alloc_mmap_handler: 8955 20000000-20002000 already mapped failed -16 [ 2005.856561][ T8966] binder_alloc: 8955: binder_alloc_buf, no vma [ 2005.862896][ T8958] binder: BINDER_SET_CONTEXT_MGR already set [ 2005.879279][ T8958] binder: 8955:8958 ioctl 40046207 0 returned -16 [ 2005.895845][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:40:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x7a00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x101480, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000000)={0x1, 0x0, 0x5, 0x6}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="d6214f4ec266ddf1e6"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x2000, 0x0) accept4$vsock_stream(r3, &(0x7f0000000200), 0x10, 0x80800) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1e) [ 2006.065331][ T8980] binder: 8978:8980 got transaction with invalid parent offset or type [ 2006.112249][ T8985] binder_alloc: binder_alloc_mmap_handler: 8978 20000000-20002000 already mapped failed -16 [ 2006.172910][ T8980] binder: BINDER_SET_CONTEXT_MGR already set [ 2006.201590][ T8980] binder: 8978:8980 ioctl 40046207 0 returned -16 [ 2006.201702][ T8989] binder_alloc: 8978: binder_alloc_buf, no vma 14:40:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x1000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x21) 14:40:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000180)={0x10002, 0x0, [0x400, 0x7b, 0xb5, 0x0, 0xffff, 0xffffffffffffff81, 0x20, 0x1]}) [ 2006.460325][ T9004] binder: 9000:9004 got transaction with invalid parent offset or type [ 2006.490974][ T9005] binder_alloc: binder_alloc_mmap_handler: 9000 20000000-20002000 already mapped failed -16 [ 2006.535958][ T9004] binder: BINDER_SET_CONTEXT_MGR already set [ 2006.547454][ T9004] binder: 9000:9004 ioctl 40046207 0 returned -16 [ 2006.573404][ T9012] binder_alloc: 9000: binder_alloc_buf, no vma 14:40:14 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0xfffffffffffffc35) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) clone(0x200000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() r3 = dup2(r0, r1) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0xffffffffffffffff, r2, 0x0, 0xfffffffffffffffc) getsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xa, &(0x7f0000000100)=0x4, &(0x7f0000000140)=0x4) tkill(r2, 0x1) ioctl$DRM_IOCTL_GET_STATS(r1, 0x80f86406, &(0x7f0000000040)=""/165) fcntl$setstatus(r0, 0x4, 0x20000000000007ff) ioctl$NBD_SET_TIMEOUT(r1, 0xab09, 0x7ff) 14:40:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000c000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x23) 14:40:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db9848c4bed0052c2c83162905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x2, 0xae3e}}, 0x28) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x2000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="131fd2af616e8cc6ace3000000000000000000000000"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2008.756442][ T9020] binder: 9019:9020 got transaction with invalid parent offset or type [ 2008.764831][ T9020] binder_transaction: 5 callbacks suppressed [ 2008.764848][ T9020] binder: 9019:9020 transaction failed 29201/-22, size 40-8 line 3317 [ 2008.835491][ T9026] *** Guest State *** [ 2008.870770][ T9026] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 14:40:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x25) 14:40:14 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x9, 0x5}) [ 2008.917079][ T9038] binder_alloc: binder_alloc_mmap_handler: 9019 20000000-20002000 already mapped failed -16 [ 2008.924985][ T9026] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 2008.950826][ T9038] binder: BINDER_SET_CONTEXT_MGR already set [ 2008.967210][ T9026] CR3 = 0x0000000000000000 [ 2008.986398][ T9026] RSP = 0x0000000000000f82 RIP = 0x0000000000000042 [ 2009.009618][ T9038] binder: 9019:9038 ioctl 40046207 0 returned -16 14:40:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000180)={0x29b, 0xd, 0x5, "6f7ae73b3c84d9d1840f30ac12f36bef771d663941cef242b091a51d9d8c0d4c", 0x71764f5f}) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2009.009856][T13966] binder_release_work: 5 callbacks suppressed [ 2009.009863][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2009.035396][ T9026] RFLAGS=0x00000082 DR7 = 0x0000000000000400 [ 2009.066646][ T9026] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 2009.074506][ T9026] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 14:40:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x3000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676f8450263da5e15ececfb254f1098ff743a427d3bcc4948ff3ac75d01949c707d9e57ddfbd3d8eaea370ddfd215df2b7d912f908180347620e5efa46f515dad584bba1d81c15cd4326be2d541f20e0010000000000000173b0a8f6d8b1d48806101403b250900000000000007ff3c04d2131798976359dbb64ad535dd2e79399a3436681e6e9eeb8b0d6114dc4d2d1fc52e16018e7986bca5d6119a2863f2eccc887eefbd1046f03137a37c60bdc3948a1742c0fb9f670aabd41cdb0918256b7c278624beb72550638b62c8160f5c55ac521059ea0bde9ff95f0cddd2d254026c5841caa981eef564fd0b2aef824f764a5731d574cd654c72a76c17a727f5a0403c28bcc8243986c2a6debe64c3744704446162be37ba1c30b1fd2ead867cbfb8db0f878dd1b6c0bbcad5fac1cc56a6991748795a3ce9518e64cac28c4f2da88e6cd2ba1a460559df2a4a9d433c66470421f2e3d26290f54dd17172616eb1adc3bf326c3c7f38f6b3d30cc2036f06e55665b7e5cb9b"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2009.114291][ T9026] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2009.147044][ T9026] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2009.181708][ T9054] binder: 9053:9054 got transaction with invalid parent offset or type [ 2009.187465][ T9026] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 14:40:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x26) [ 2009.222083][ T9026] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2009.249621][ T9054] binder: 9053:9054 transaction failed 29201/-22, size 40-8 line 3317 [ 2009.285581][ T9026] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2009.298436][ T9060] binder_alloc: binder_alloc_mmap_handler: 9053 20000000-20002000 already mapped failed -16 [ 2009.338370][ T9026] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 2009.342980][ T9054] binder: BINDER_SET_CONTEXT_MGR already set [ 2009.359061][ T9054] binder: 9053:9054 ioctl 40046207 0 returned -16 14:40:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0x6, 0x0, 0x1, 0x9}) ioctl$DRM_IOCTL_AGP_BIND(r3, 0x40106436, &(0x7f00000001c0)={r4, 0x1}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f0000000200)={0x2, 0x0, 0x9}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2009.381796][ T9026] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 2009.408061][ T9026] IDTR: limit=0x0000ffff, base=0x0000000000000000 14:40:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0xe564e058626951bf, 0x0) ioctl$KDMKTONE(r3, 0x4b30, 0x4) open_by_handle_at(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="1c5814e259aa92a62401ee5ac2e5f83db30c58793aea561e0335f7bfca3e15436fd5819f1b336ab6cf958707a8c682a28f5fe03ca46ac421f03065008dd97a1350e353c143752cf38e725cb2b3d9e293ba8a825bdb2ef9984bf72fd93a38a5444c59c7cd4e6d0e4174f425c8dc0104000000000000357e98"], 0x800000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x27) [ 2009.433947][ T9066] binder_alloc: 9053: binder_alloc_buf, no vma [ 2009.446988][ T9026] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 2009.475531][ T9066] binder: 9053:9066 transaction failed 29189/-3, size 40-8 line 3147 [ 2009.484738][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2009.489866][ T9026] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 2009.514543][ T9026] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 14:40:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x4000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2009.535127][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2009.559138][ T9026] Interruptibility = 00000002 ActivityState = 00000000 [ 2009.628824][ T9084] binder: 9083:9084 got transaction with invalid parent offset or type [ 2009.636714][ T9026] *** Host State *** [ 2009.643722][ T9084] binder: 9083:9084 transaction failed 29201/-22, size 40-8 line 3317 [ 2009.654919][ T9085] binder_alloc: binder_alloc_mmap_handler: 9083 20000000-20002000 already mapped failed -16 [ 2009.661638][ T9026] RIP = 0xffffffff811b40b0 RSP = 0xffff8880573ff8e0 14:40:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0xc0001, 0x0) sendto$isdn(r3, &(0x7f0000000180)={0x40, 0x3, "f807aeee9bfdc7c7ae3d43b59a47ebeeb847cac856090817abf0f796942a5b29017b5a2d1a6f0b18eb7d7a211a709035a347b9c7089e1032c5de2c4cf588ae8c1bddcaf2812de66d985904d5348c838f6bb48e4cd3f4609fbfffe48b349605be1b515bbcb980ca9a7026c7e06f12dd638c86b8cc0dd719c3859b7e1766f82a24fb6e0d9e181a61eb4bc6350990bf333e9063176b7796a75f724f0901ba1e7cef5c7c34c38ace2624c4c04ec2ca38fcc49b76cbf17c6f14b15078f82fd901a13fa526d30580b4ccc89832fdd05641e94d67ac5d8d2f8f48b8ab32489815451169b2ed72f6d2f2c4ea8a563523234973bf"}, 0xf8, 0x1, &(0x7f0000000280)={0x22, 0x6, 0x40, 0x101, 0xfffffffffffffffb}, 0x6) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2009.715145][ T9026] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 2009.722216][ T9084] binder: BINDER_SET_CONTEXT_MGR already set [ 2009.756604][ T9026] FSBase=00007fad0b08d700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000 [ 2009.776730][ T9084] binder: 9083:9084 ioctl 40046207 0 returned -16 [ 2009.795944][ T9026] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 2009.805814][ T9088] binder_alloc: 9083: binder_alloc_buf, no vma [ 2009.826571][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2009.839855][ T9088] binder: 9083:9088 transaction failed 29189/-3, size 40-8 line 3147 [ 2009.852511][ T9026] CR0=0000000080050033 CR3=000000009bf77000 CR4=00000000001426f0 [ 2009.880277][ T9026] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360 [ 2009.887894][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2009.916267][ T9026] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 2009.951979][ T9026] *** Control State *** [ 2009.965885][ T9026] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 2009.994226][ T9026] EntryControls=0000d1ff ExitControls=002fefff [ 2010.016292][ T9026] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 2010.024074][ T9026] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 2010.046221][ T9026] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 2010.053675][ T9026] reason=80000021 qualification=0000000000000000 [ 2010.076223][ T9026] IDTVectoring: info=00000000 errcode=00000000 [ 2010.082550][ T9026] TSC Offset = 0xfffffbc9dcfe57f0 14:40:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x29) [ 2010.096192][ T9026] EPT pointer = 0x000000008ff8801e 14:40:17 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000100)=0x0) ptrace$poke(0x4, r2, &(0x7f0000000180), 0x5) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000080)={0x5, 0x1, @stop_pts=0x1}) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(tgr192,ctr-blowfish-asm)\x00'}, 0x58) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x5000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000040)={0xd000, 0x3000, 0x4, 0x100000000, 0x8}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f0000000040)={0x6, 0x4, 0x80, 0x5, 0x3, 0x4}) 14:40:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2b) 14:40:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1c0713747c0000d55db7f6765492aaf0365c63a64a959340300d66134bdfa6b8c73dd1577d08000000502ffdf5048043de9af30caa293a46d9c0a19ed16154906118b43b3779b7b1e127d842021fd9a8a8b37a7517c1eacfa6b789b4d2c5c531fb158a80db8856ddb2377d8d539f1bb1957c3f823d158bec719020ce32feca158e9e3c7ccd1bc716a46ebcba23962b9bc46bb065ee3fae05f8e9882c8477d8680b1292f7883e7829d6f66c09e5632a95e074c0fcb3cebdbf84ac06796f559dada33af1737459e85b1768b25ada07de5099b29436c12be3f674b3c3ab914fd80265fa4a546c6d2a09f1560a79389e8173273c94b3bff343d6f1b53f09a4c26ee96db21540da95843560526587bb218ddf6f96acc30c63c9bd43"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2012.089328][ T9110] binder: 9106:9110 got transaction with invalid parent offset or type [ 2012.136371][ T9110] binder: 9106:9110 transaction failed 29201/-22, size 40-8 line 3317 [ 2012.154153][ T9114] *** Guest State *** [ 2012.178273][ T9119] binder_alloc: binder_alloc_mmap_handler: 9106 20000000-20002000 already mapped failed -16 [ 2012.188451][ T9114] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 2012.188468][ T9114] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 2012.188475][ T9114] CR3 = 0x0000000000000000 [ 2012.188485][ T9114] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 2012.188502][ T9114] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 2012.258329][ T9110] binder: BINDER_SET_CONTEXT_MGR already set [ 2012.273131][ T9114] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 2012.290792][ T9110] binder: 9106:9110 ioctl 40046207 0 returned -16 [ 2012.297772][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x6000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2d) [ 2012.327647][ T9114] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 2012.366369][ T9114] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 14:40:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x400000, 0x0) [ 2012.418645][ T9114] SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 [ 2012.434432][ T9129] binder: 9128:9129 got transaction with invalid parent offset or type 14:40:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2012.465165][ T9114] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2012.484404][ T9129] binder: 9128:9129 transaction failed 29201/-22, size 40-8 line 3317 [ 2012.497920][ T9114] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2012.527875][ T9114] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2012.551663][ T9139] binder_alloc: binder_alloc_mmap_handler: 9128 20000000-20002000 already mapped failed -16 [ 2012.577503][ T9114] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 2012.605498][ T9114] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 14:40:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2e) [ 2012.625002][ T9139] binder_alloc: 9128: binder_alloc_buf, no vma [ 2012.629321][ T9114] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 2012.664020][ T9114] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 2012.677351][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2012.696798][ T9139] binder: 9128:9139 transaction failed 29189/-3, size 40-8 line 3147 [ 2012.700891][ T9114] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 2012.726404][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2012.746325][ T9114] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 14:40:18 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2012.773028][ T9114] Interruptibility = 00000000 ActivityState = 00000000 [ 2012.787730][ T9114] *** Host State *** [ 2012.822639][ T9114] RIP = 0xffffffff811b40b0 RSP = 0xffff8880a00678e0 [ 2012.853224][ T9114] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 2012.865415][ T9114] FSBase=00007fad0b08d700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000 [ 2012.874607][ T9114] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 2012.891326][ T9114] CR0=0000000080050033 CR3=00000000a8fb4000 CR4=00000000001426e0 [ 2012.907295][ T9114] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360 [ 2012.936728][ T9114] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 2012.943847][ T9114] *** Control State *** [ 2012.948827][ T9114] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 2012.970669][ T9114] EntryControls=0000d1ff ExitControls=002fefff [ 2012.996403][ T9114] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 2013.006559][ T9114] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 2013.020318][ T9114] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 2013.032363][ T9114] reason=80000021 qualification=0000000000000000 [ 2013.045385][ T9114] IDTVectoring: info=00000000 errcode=00000000 [ 2013.062247][ T9114] TSC Offset = 0xfffffbc815895a8b [ 2013.073448][ T9114] EPT pointer = 0x00000000a134601e 14:40:20 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000000)={'security\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x7000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$IMGETVERSION(r2, 0x80044942, &(0x7f0000000240)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x5, 0x80000) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000280)={0x800, 0xffffffffffffff68}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1c5813747c0000d5184cf6765b250c7328affbe7ee8cf7c35b22e92a261de71298f2cd1dbe64abaee160ca96f615be706004007a05000000000000000000000000000000004e3d11466292501a8cf5d7555de15be2ce26715ab3281b57c1cb3194b23c3b6a65b232e717249ef7761e894882f9388754c4b7261dc2d098e44dcb9dcd8ad2f0a344d91826d71ebba85074ff555362"], 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) recvfrom$packet(r3, &(0x7f0000000300)=""/229, 0xe5, 0x2000, &(0x7f0000000500)={0x11, 0x8, r4, 0x1, 0xfffffffffffffff8, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000040)="0fe28f008000008f2850862aae45f4450f7e8700000000b9720b00000f320f326666450f38816b19c7442400fbffffffc74424020f000000c7442406000000000f011c24c7442400fc000000c744240200000000ff2c24c4e285476450a8", 0x5e}], 0x97008e4509634d3, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:20 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2f) 14:40:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) r3 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x4, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r3, 0xc0a85352, &(0x7f0000000180)={{0x6, 0x7}, 'port0\x00', 0x16, 0x1, 0x7f, 0x8, 0x4bf, 0x81, 0xbd64, 0x0, 0x2, 0x9}) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x105100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2015.162762][ T9166] binder: 9165:9166 got transaction with invalid parent offset or type 14:40:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2015.222315][ T9166] binder: 9165:9166 transaction failed 29201/-22, size 40-8 line 3317 [ 2015.275124][ T9184] binder_alloc: binder_alloc_mmap_handler: 9165 20000000-20002000 already mapped failed -16 14:40:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x31) [ 2015.320581][ T9166] binder: BINDER_SET_CONTEXT_MGR already set 14:40:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000014000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000180)={[0x522, 0x7f, 0x100000000, 0x8, 0x0, 0x1, 0xfffffffffffff000, 0x1f, 0x8000, 0x8, 0x2, 0x1, 0x9, 0x4, 0x8, 0x10001], 0x1, 0x2000}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2015.365643][ T9166] binder: 9165:9166 ioctl 40046207 0 returned -16 [ 2015.370857][ T9189] binder_alloc: 9165: binder_alloc_buf, no vma [ 2015.411397][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2015.431997][ T9189] binder: 9165:9189 transaction failed 29189/-3, size 40-8 line 3147 14:40:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x8000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2015.480407][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x33) [ 2015.600723][ T9204] binder: 9203:9204 got transaction with invalid parent offset or type [ 2015.626268][ T9204] binder: 9203:9204 transaction failed 29201/-22, size 40-8 line 3317 [ 2015.647970][ T9205] binder_alloc: binder_alloc_mmap_handler: 9203 20000000-20002000 already mapped failed -16 [ 2015.676690][ T9204] binder: BINDER_SET_CONTEXT_MGR already set [ 2015.706200][ T9204] binder: 9203:9204 ioctl 40046207 0 returned -16 [ 2015.710949][ T9205] binder_alloc: 9203: binder_alloc_buf, no vma [ 2015.747000][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2015.761313][ T9205] binder: 9203:9205 transaction failed 29189/-3, size 40-8 line 3147 [ 2015.790015][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:24 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0xfffffffffffffffe}, 0x2ad) r1 = dup2(r0, r0) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000100)) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='overlay\x00', 0x2004032, &(0x7f0000000080)={[{@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@xino_off='xino=off'}, {@index_off='index=off'}], [{@smackfsfloor={'smackfsfloor'}}]}) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000040)={0x20}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:24 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl(r0, 0x982, &(0x7f0000000040)="d3fb330972b2a407709bcfb00b127a7ff98d0c6b5946d95f5b35dda78c09feecb3d6acbb207216aca735988bfd75c219ddbfe4801702bdaaa7") r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x35) 14:40:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0xa000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:24 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e22, @empty}, @in6={0xa, 0x4e23, 0x0, @mcast2, 0x2b2}, @in={0x2, 0x4e23, @empty}, @in={0x2, 0x4e24, @rand_addr=0x1}, @in={0x2, 0x4e22, @local}, @in6={0xa, 0x4e24, 0x1, @mcast1}], 0x78) [ 2018.268215][ T9220] binder: 9214:9220 got transaction with invalid parent offset or type [ 2018.292182][ T9220] binder: 9214:9220 transaction failed 29201/-22, size 40-8 line 3317 [ 2018.323126][ T9219] *** Guest State *** [ 2018.344628][ T9228] binder_alloc: binder_alloc_mmap_handler: 9214 20000000-20002000 already mapped failed -16 [ 2018.346531][ T9219] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 14:40:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x36) [ 2018.397175][ T9220] binder: BINDER_SET_CONTEXT_MGR already set [ 2018.423227][ T9219] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 2018.425706][ T9220] binder: 9214:9220 ioctl 40046207 0 returned -16 [ 2018.433099][ T9234] binder_alloc: 9214: binder_alloc_buf, no vma [ 2018.466262][ T9219] CR3 = 0x0000000000000000 [ 2018.477882][ T9219] RSP = 0x0000000000000f80 RIP = 0x0000000000000042 [ 2018.481979][ T9234] binder: 9214:9234 transaction failed 29189/-3, size 40-8 line 3147 [ 2018.510215][ T9219] RFLAGS=0x00000246 DR7 = 0x0000000000000400 14:40:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x20000, 0x0) ioctl$PPPOEIOCSFWD(r3, 0x4008b100, &(0x7f00000000c0)={0x18, 0x0, {0x4, @remote, 'veth0_to_team\x00'}}) 14:40:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = dup(r2) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f0000000200)={0x600000, 0x2, 0xfffffffffffffffc, 0x8, &(0x7f0000000180)=[{}, {}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2018.536935][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2018.562941][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2018.577482][ T9219] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 2018.615771][ T9219] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 2018.656595][ T9219] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2018.693933][ T9219] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 14:40:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x12000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2018.731726][ T9219] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2018.769103][ T9219] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 14:40:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x37) [ 2018.816951][ T9219] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2018.866627][ T9252] binder: 9251:9252 got transaction with invalid parent offset or type [ 2018.869128][ T9219] GDTR: limit=0x000007ff, base=0x0000000000001000 14:40:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = accept4$rose(0xffffffffffffffff, &(0x7f0000000040)=@short={0xb, @dev, @remote, 0x1, @null}, &(0x7f00000000c0)=0x1c, 0x800) ioctl$sock_netdev_private(r2, 0x89fc, &(0x7f0000000180)="45d7e3101bd5efb304ba77653a3909e19e6a73eb3950668b9e0998e8a75506cc1fae65875329c140b86adf6380bef4b661280337d0f6065edde56f181abdc2eb2b432fc9808ff80032a755a69d64ac5bf4c34a13af1e52ab38b24f814cdeff5151ab5cccbe61388d6563156b58687b5da01e8352f585f8621ac124c8e3adf289a25bef235ad0a4e6d1d8ba0dfaedd8aa57a607c9cb8371fc634645736f3eefeb514845f6c0ecc688e8823fbcbf40b4d99773f58c57cdfcb3b6fa3a3d4c394339caff4d") r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000300)={[{0xffffffff, 0x1ff, 0x4, 0xfc, 0x8, 0x4, 0x4, 0x8, 0x80000000, 0x3f, 0x2, 0x7f2}, {0xffffffffffffff7f, 0x7, 0x74, 0x5, 0x8, 0x24b5, 0x100, 0x8f, 0x7, 0x10001, 0x8001, 0xfffffffffffffff7, 0x1}, {0x4, 0xfffffffffffffc01, 0x22a2f9ab, 0x9, 0x4, 0x0, 0x9, 0xfffffffffffffc01, 0x1, 0x24000, 0x55, 0x80, 0x1000}], 0x20}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000280)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) prctl$PR_GET_SECUREBITS(0x1b) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2018.911418][ T9252] binder: 9251:9252 transaction failed 29201/-22, size 40-8 line 3317 [ 2018.914476][ T9219] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 14:40:24 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000000)={'veth1_to_hsr\x00', {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000040)={'syzkaller0\x00', {0x2, 0x4e22, @loopback}}) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0xffffffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2018.971384][ T9257] binder_alloc: binder_alloc_mmap_handler: 9251 20000000-20002000 already mapped failed -16 [ 2019.007366][ T9219] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 2019.053714][ T9257] binder_alloc: 9251: binder_alloc_buf, no vma [ 2019.074686][ T9219] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 2019.102316][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2019.111925][ T9257] binder: 9251:9257 transaction failed 29189/-3, size 40-8 line 3147 [ 2019.152264][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2019.174186][ T9219] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 2019.200340][ T9219] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 2019.225388][ T9219] Interruptibility = 00000001 ActivityState = 00000000 [ 2019.266339][ T9219] *** Host State *** [ 2019.271024][ T9219] RIP = 0xffffffff811b40b0 RSP = 0xffff888047d6f8e0 [ 2019.295069][ T9219] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 2019.312736][ T9219] FSBase=00007f298ee74700 GSBase=ffff8880ae900000 TRBase=fffffe0000033000 [ 2019.321922][ T9219] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 2019.335310][ T9219] CR0=0000000080050033 CR3=0000000088fb1000 CR4=00000000001426e0 [ 2019.343476][ T9219] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360 [ 2019.357469][ T9219] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 2019.364306][ T9219] *** Control State *** [ 2019.372929][ T9219] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 2019.382743][ T9219] EntryControls=0000d1ff ExitControls=002fefff [ 2019.393379][ T9219] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 2019.403689][ T9219] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 2019.415512][ T9219] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 2019.442454][ T9219] reason=80000021 qualification=0000000000000003 [ 2019.449883][ T9219] IDTVectoring: info=00000000 errcode=00000000 14:40:25 executing program 1: pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000440)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0xc) fstat(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='bpf\x00', 0x4000, &(0x7f0000000300)={[{@mode={'mode', 0x3d, 0x6d}}, {@mode={'mode', 0x3d, 0x7fff}}, {@mode={'mode', 0x3d, 0x2}}], [{@euid_eq={'euid', 0x3d, r4}}, {@fsuuid={'fsuuid', 0x3d, {[0x66, 0x3f, 0x0, 0x31, 0x34, 0x77, 0x77, 0x61], 0x2d, [0x66, 0x64, 0xfc641707c90e81a1], 0x2d, [0x37, 0x61, 0x77], 0x2d, [0x39, 0x0, 0x34, 0x33], 0x2d, [0x67, 0x61, 0x64, 0x36, 0x7f, 0x62, 0x3d, 0x64]}}}, {@obj_role={'obj_role', 0x3d, '/dev/kvm\x00'}}, {@subj_user={'subj_user', 0x3d, '/dev/kvm\x00'}}, {@subj_type={'subj_type', 0x3d, '/dev/kvm\x00'}}, {@euid_eq={'euid', 0x3d, r5}}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000004c0)={0x0, 0xca, "8f28badb17399f184fc40b9e8847eeadf7b3be1d0b88184aebfe740f5df33f4497b4ff56c22e7e8101cb51e2e78167b867105e6d300c92d58b68cc4b1ef0f2862bc105f76d17a9fb902cc1173bff5975690ce9ef2059fd4f76a2f6786115e9e48e1adb39cacfc347c349e85e530e1125ca9166cc601c850ee376c60b59cb95aa8253b5de8b0b01dfa1fcc501887d7f04acf0ed04343c8a0f0a850a612328afed6d903de34d1599cec94a63240840f705cbd2a71e8eabe47f95b45a7e448a9d7bbcfdd3877ae34a1948ee"}, &(0x7f00000005c0)=0xd2) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000600)={r6, 0xa2, "9f1289a8107027eb50d4b40610b552028482925495651b78482a6bedd05c82796f1d99709c2af4d68571bdd63de12f479325fe66fd8510d44df3fcc3d94fcedfb361099e74f3ae136da98a0169120e23179fb80a2e3e17989483a432d8d36b92d0e6d0a0b2eb0998da39a173e2fd8a1c19f3b6dcd2784bf0f012ec8e2577f3e7dedb9be0053916d199a56efcb838afa70ebecddabae3d9dbfc431853b751a25f9a35"}, &(0x7f00000006c0)=0xaa) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2019.466228][ T9219] TSC Offset = 0xfffffbc4cb8157fb [ 2019.471517][ T9219] EPT pointer = 0x000000008b51601e 14:40:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x20000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x39) 14:40:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36\x00', 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813581b4e377a"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/netstat\x00') ioctl$SG_SET_DEBUG(r3, 0x227e, &(0x7f0000000180)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x70c03, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r3, 0x800442d4, &(0x7f00000000c0)=0x7fff) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5387, &(0x7f0000000180)) 14:40:25 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x20000000000000f, &(0x7f0000000040)=0x400100000001, 0x0) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) pipe2$9p(&(0x7f0000000000), 0x4000) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100)={r1, r1}) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, &(0x7f00000000c0)=0x6, 0x4) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000080)={@hyper}) 14:40:25 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000000)=0x4) [ 2019.600994][ T9284] binder: 9278:9284 got transaction with invalid parent offset or type [ 2019.646377][ T9284] binder: 9278:9284 transaction failed 29201/-22, size 40-8 line 3317 [ 2019.679498][ T9297] binder_alloc: binder_alloc_mmap_handler: 9278 20000000-20002000 already mapped failed -16 [ 2019.735728][ T9284] binder: BINDER_SET_CONTEXT_MGR already set [ 2019.774980][ T9284] binder: 9278:9284 ioctl 40046207 0 returned -16 14:40:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="00ed99997356e42cd4db25eb980007800000000000"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) r3 = syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0xff, 0x240) getsockopt$TIPC_CONN_TIMEOUT(r3, 0x10f, 0x82, &(0x7f0000000280), &(0x7f0000000300)=0x4) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x20000, 0x0) ioctl$PPPIOCGUNIT(r4, 0x80047456, &(0x7f0000000200)) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000180)={0x7, 0xa0000, 0x6, 0x40, 0x1, [{0xc4f, 0x8, 0x9, 0x0, 0x0, 0x800}]}) ioctl$int_out(r2, 0x5462, &(0x7f0000000040)) 14:40:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3b) [ 2019.786208][ T9307] binder_alloc: 9278: binder_alloc_buf, no vma [ 2019.792472][ T9307] binder: 9278:9307 transaction failed 29189/-3, size 40-8 line 3147 [ 2019.827311][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:40:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = open(&(0x7f0000001300)='./file0\x00', 0x40000000024000, 0x100) ioctl$VT_WAITACTIVE(r2, 0x5607) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@initdev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@mcast2}}, &(0x7f00000000c0)=0xe8) quotactl(0x3, &(0x7f0000000040)='./file0\x00', r4, &(0x7f0000000300)="83ef3d97aa85ce661dd33fb435114f6bb16dfcb1518e8c693739324c02d9dc575a0027214a33fdf659267ce7f769c9de21ba5320cfb0507d86112c1857dd48a071a59246822fc2f3759cb7d5fc161ba652ef7a257c769d68b092c97e5b77d81120a9acab4d38cd8d6ad889ab3143fc16d2dc551f2a111ae1f4a88ce08ecedef4b4a4c764608cdaa82c27c84020dde03677974c5be386cc6c84be90a99de5b27582d88055c86d08c3e874d1d1c5e86390f7f9bb15f2302240ade7809625ac2590a036bcbfaeabb1abd2f792defaeb83792ca9e8dae2a08b70ebe6c3cdcf7052eb58c545d9a01a58f2f102d7973c7d733d054ada608df12d8dbd55a4226171e2964d467a29d3e3381a98ec3789d0faac17921fd447f712ed87c4fc10d7dffb31741c4fcda37962aab3a67897621f435df793b27d68cdd3fd1af4605c64cf0b6855de8eefb139fa3c7575e14fb0fd61340f8ecc7edbf74fd90800ee4a5706af12b128c0a7c5f4b37e0a61b292976a4d6fc8017acd402026ff7f1e1c8ab2a896a487844ad717f85176defd9b50fcbd584c5d9724612b31e03a5df6929dc6bdb876db115e2c928db92faaba82953a9aaf024207f1ec73e5eb62c3d75734f7195ff9852de2bed554262f389d8c40542bd743717bf33828f477080f39a1e2a1819955c7642ab78d4f6d3fe4d9abcad6408fedf9400a9edc8275a17fc62b292eb44ecaf82b8d7cbb26df205261a7b747f4c91a38d10251e665047f366bf1071e730d0aa8258e6cec396f9ef33899fad7b78cbb8a2022b1e5705e359672c807c02fbf0eb302734fd3c1a034e6f49bb8064c0d73c9d527e55f0659fbd9f6aa27769c705db7ffcc632861c5b5f7db3fa27f68551ac31e2571f953811cb54493ff957147a5cac8289c17731d1c59a59b03811b7175c541d76ba6c748cefcef29b4a8da05f9be032a6be45af3d3b0faad6799dcd95ec8ca8c83a8092a22df3c8300f0b173c023ecb49d3aabb379cc9b6003663b1675cc628302e8e66e0823e0296dce220accf715435899b5ce1f343701e2027e62cfcc5eb0859b141cd9c3a2695468bcf20570d2c05f67498b388af398fdee1717dec2f2e6a26feb4920cd39e23dddf31a59ba6f8ec1009116af512efed0020af68636510e694f8cc4e08ad9fc67ca480977135066fb5100c9502798495f443ea3fc14fdddd3dcc5ee2df23b98be1a772ea4c1104f51b9433f7393c62d34f8704887f0d6d4135b3a4e4d7af4ec17827b99ca3712ebc9ea5cfe34c32edbf51ed9ce3f387d469069eb713810ba0100d38d84c753543088a4a103bd44de3fd9b2090e14878a8106623433fbd49e45056d49ee8a87897251775c87358392cf1b6b3e213bc19dbaf5bd60aa3297e92612abfcdf9dfa163a9bfa3a5d4c06bf30252a276f68641b776e8979f02c16c6d4c79fbaf43de12a8b43135443c6934637a3ef17be350d61be334552ac4e0fe2288f174d109d0ca4b0bcf7961b81bd597a3669b5378bd5aea8b7b6789a26e9f3109f529b5fbeeb61089cb9bccca8b935a4d3a7593502b81eef427ec6a1491752c1771492099c27a17a98fabce5418f99f2e0b2e3916775c36236b6bdc276df85ce4ca8057af0ad7f43c04dcbd9418513efc3ce0e3624eb59c4d139499194a68b359b25dde88241accc19520a1f572cac72084ce0014e9c7b39908ffd9cddb4ef06b5752366c51354eda96727e92bd61441c56dc363b2a9acfb6ba5f8793d791791658cb3e3eb03ea39d269db7d03d833eda82e1d71a5dfd282e06243085a3c2f73d9002f202d6b8e865cc87c4da026c42e6ea47919bd086dae334c3d7623031746285562d7e121c2fff8def8cb79ea6fe58fca2dc3dc0090a699a3659e3e61e6c6495874812ea11907416c8498cf5dead5131db56b2b1d9be7a4b0d6958f4b23890c8f995fa5d5797d568c0aff2b3daf4faf8e2b71cb8e0e43ea8444dcb27b71d7d0d3cc3d4cd6048462c8cd6d14a4dd56d0569f8cb141bbe8924c12ab631b827ab90bd7864a74515516d1039ab92cf0eb79dac9d9fc7f1e80a9df41381192c46a8c7f7a84c25eecccf2d3cf7130a3e223fe25beab569be86749e4b574631fc22bc340078e9bc49475e6c8a32d3c6c540caf3e5bf21c684a7ba3bdda138dbdd933c035b2e4c5fa105b268266014d387b0925e30e43a8b8ec94e990fc78223e6bc99cb79304a0467bbe2590d473fab6d333b266769d987fdcb7bc59892b63621182918baacbbef33a2ba1d300b2a5fd920cf070c7dce64a198790bb5cb0ae9531b275cd12f34c56a8defaf8f49d29d582c679234dce6d0793acc2a938590e0d653e66fd9fc97e703fca3a809fc5990cf5a841850b5813fa7ebc3ada62f35607b57ca96cb65d77124a58a24e19bb6498c055221341da3e686494d3dc724cb10bee67ff0ce365019dfab77b66c482c8ab85a51d7011e1fa86c02283b0964651b6712fcb03a0ae58d5dfa8b514bdf7fa770e86f9d1762c79f58866af2f5937d4c7a1f0328d27dd33c83564cdaedc313f3a2fe180a13700804033a0eb241f44b63c3e307f494ad357fca596fc107a274f368030365f1a45ad4c42e7631e0912ec114738bf654a62a183b9ae2198d68c039650b9b1aefd50aa90751b8ee5dc5aeed5716c0c1f90f54874d176500d09fcd772c49f56efe6cffbb904dc2b386f18a0401caa1cdcfa2ff02f068c8bbb74b1437ef3f50994c17bca0e17d96ea01fdd2780d23f00b50739fa2c01c028bf72315141ddc89a5ed7e17a13faee0978e4a8068722cce4bc72e7afb7e5ba21dddc9e89605b9ef62b7daef30fe1e43bbf4277fd3a825578e9ae5db8ff0b22eb501daaea2e0c42856b9051f014be71f5c7bf20137cf2c792d158c0a1cb4a9f37b2c91364c4b31bcafb67235d5249df430ee7eec404a5bc61fb26f95f6d0d2674ba954fe7995f3d563df4a16f4064ef7ab285de46126143713eedb60942c228af074c467e411ef7771b5766cbecfe5d6bfbab644adcca10ef6492c34abaec9b9df4e72a9369de974f1a6338ad3509ba074d852b3b433b6057e9f3871677782a6cffab69ce7473ce11927a93afcde7c3e514e6d81455018480b45f7f6f0439b8ac6e53c4dbb98dc3afc892ed8313b4927b857020c783f35296ac51243823f1f4e7fd160d7e884e9cf0328bdfef4364a8635936eaacef9fc29b95f5fb1f33da1c65da84dc83f3e2c3da8442c15837bb45fd4e4474b29fabb6af3bc808643a6c61c00e8224b8d3d214dad3ac9629055f1e7baaff7a1f522bb228ae6168c15709c4450891af9a49a9c22c72dd21801f9091d60a01e60559c82b41f6ec4c774ee8190337a97f5555985b15e86a66ab92a87257093e200d203250849ef98a2f0150cb0b482dea9e7abe4ab2266413047e5bd7c0bc389d66d29a5ee099eebb3453cb05cb8174d461bb7472bf722ea1d4595edb497611987b16ad33335bf51b16697b085bbca1e96f640eb2327e040910e420c89e89c942994d259ae340bdda61558905a0848148938c234a417d7c4ddd3cff1d2d5716b74d9a326b78eb627b0ff5d0f063d80b7a69a0e4a9565c11bf0a360c48bd84b8ac5d5632e279e1bd3cee5af7e4056f7f95b58f684514871d431b5e2975daa4b788acdba0b6d14dbb5c4e0ebf81fb584988db7af021dea55d5577a23c4483887f8fe91c9e22abdad095208b427be1f4b5eb15129c4e96d148dc6136c0dde0c258bcfc481c2a2d6da90b32f531e025211ca3e4c03cfd4cebc256dd78e094daf237f1ef43362045d81fc38011a4cf92550c2036c60ff19cd43a5dfb984246b75060bbe6c3fee5b0ad2838e397810de395bc90da990d244f8ac2c10815c6e7040720ebc63975fd16c5414ec4fc80bebc85b35dac78e475b546796b106b0f905225b0bd8bcfec7a33350493c455676c1cd9c1e42bc16944fef27f1248f6b9b50549b020cf6a24655db5db80c444eeb9b710499465eb19e2ab0cce414fa3ed726976904718a9e2fef266ab55660d531173f0b23510fa7790e95c2caa9fb2b722da3242f5787b3c8cb7d3a17c8852bea11f08650383cbe079a6ee9c29ccdcd13fc92569678bc0c84b8a5fd9ad16ce9780ec63e61190ce5cf7feda04d2109113ad8b249c3bf5107364abae5483aee73c259c6ca2d13b9905629322f9a0e311a27bd9933c127afff250e88821b2abe4b2467d61d0b5117f1f14cd1b14d3cb8c09d91721b5cab00dea92c34815f1c258e0d23032f2bf66858427237bd845cd1fd4407af5221a2f46d7c50fa302aebedb70da12c7fa1278ff41acec62d6d8ec2331b0e22e723cfad8f59d9ff30e967bc4ff1572a6331f85dd1d57e462beec65e40c8c428153e3e18b85fc2268e73096d9a98df7ebbe23d33bf3247b6fb38992662a806889a700d04365ef7c4bd83ca06fa21bfbe6adac965c2492e9c892abb2949b7c26d7b4c259b5ae5a5a642a8a84c4c1d6af49ba1ef7f405ddd2a7a3f50b40437125a3eb93ec30852d44b93652e1cf120f05d4ad77b6e632510a0803cc25eb2cc0ae1cfb8beed9bbb13c63b81a2b258c84708e7f5224164d8921306483e86cc19208d61ecdfe2da94d81762646c9fd6c2efb33c59a8bec0a377d859ff369a2ecbbc46824e1029ca5c900433f595771ee6796871659e13e38739a4a00fe460121282b7283e1d677e4f259149bba6f6e3114469fbe4cd608fd442761b416ab41ac041c9292f959fadb331d25b082e8e6a2c812f6deff5bc6013a439bd4f79ba66afcb2a8a849f2c0b52759800378dffad3475a2a6ed3c13a8864e2fb5d21335925a865ac067c16bbc28247c54956efa14d538c706b1aae7398596629a57a2e71372b4c3f91d3c8d9f2f8437efd0a035f51b762d7d8fc8d63c16e8a7063d60598f2ed4248ca26f3f272e924ab858b1ee48d4bc813207e57cf52629fd88d85f7fc6456a9d9f60b12ec62d7e9fbdd7b517fecaef6efe7ae9b5a24a827864836d8ddabf753976fbaabfe50b6e5d1094edaa6c88928673a5f7a08fe38ecfae3226afaedc7fbd3999058d38e20fcbbfcace2f9479f89fb289460f58bb20d6de8664679484836fc696e59c19ac08c3d53766e8c13dc370e51f87edd22feaff66b7ea1bd271dbe35110d46328b10dd464993d20b807dc3adba2148346ca18a3058ef9c10abb575cc6668abb6d72857f091d9e5326f974e98cb8b5a3312a6e406b1ae3bfb2e90d4df534da63370bac24d593c54d7fe2e160b63650fbbfd6e67f70790702de0ba400ad7a940f3533eb962ad0346a8b3edd4eff4608318855cb2b7573720ba60b4237dd679340629adc6ca631149b9d3149f64f8eeff18c9347e8cf1e9bc95f11251e182d3df208868615dd82906ebedb1cc010f25a1dd4f5bbfe99e2e3a066676a523f3283836ba3b9ca5150e47f77f5e567a25bea7a55cb051603ee418a48c5075a7c926c20a430d2834b4b164b3a8437cfc96f45b64f818462c30bd195b47d8445bf0549524a72341ee4fc3ef8f24bea5d48ef24b7ea6255ade449094f434acf0478e90982d27c6b625eac85ecd25f15534183d70a8fbfe890c063c1a91378c2ae1922586366730cc95899995dec44087b3dfaf13a76db3569644f5e2bed3b1d7bf545625c4e357ee6a6fe68a44753ae4aedd99e3c85735391783e05d6b501899da6c0b1b459acc21fb0e46d96d0ded248e9784edcc6090d66c44918280e420533138c0c7f1100db27c96f4480d4c54ea2ade1037a18f12d9c534ddc2f9d82ff99627021814c774064474bc13c7") ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3d) [ 2019.988622][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = semget(0x3, 0x4, 0x8) semctl$IPC_RMID(r2, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x30000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2020.130261][ T9330] binder: 9327:9330 got transaction with invalid parent offset or type [ 2020.168128][ T9337] binder_alloc: binder_alloc_mmap_handler: 9327 20000000-20002000 already mapped failed -16 [ 2020.215263][ T9330] binder: BINDER_SET_CONTEXT_MGR already set [ 2020.245928][ T9330] binder: 9327:9330 ioctl 40046207 0 returned -16 [ 2020.252598][ T9338] binder_alloc: 9327: binder_alloc_buf, no vma 14:40:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3e) 14:40:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c62ca184cf6760000000000"], 0x0) r3 = dup3(r0, r1, 0x80000) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={r0, 0x10, &(0x7f0000000200)={&(0x7f0000000180)=""/65, 0x41, 0x0}}, 0x10) lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = getpid() sendmsg$nl_netfilter(r3, &(0x7f0000001680)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1088020}, 0xc, &(0x7f0000001640)={&(0x7f0000000440)={0x11f4, 0x12, 0x7, 0x310, 0x70bd29, 0x25dfdbfc, {0xf, 0x0, 0x6}, [@nested={0x1118, 0x80, [@generic="8d5ec1d31f048adf497587c87a8575e7ad1feef7aa1a9d70792c5d7c9576737b75ac613fd75121385f24783b74c6dec0ed8d303b8550743efcd29d1898255618a363c23035850a5013c86c9b72777bc076fce911581f4207d9c7887eb411c9588a9333a7f3a118cff939333458b13d3bae9ab7fc0c8d228aef03203ba3ca152c0965713f9ff8c9320769e84ff0e4e9e9925883b2fed6f623b0b46c9a9cd11007b3ca8bd16f35aacc760475fb03bb7b7aa158048a0ca388c312293e31be0b350f2cdfed2278cab257", @typed={0x8, 0x5b, @ipv4=@multicast1}, @generic="4bb97abb2c080bfb4a592e80438bedfda75eb7145c6c3f2806488595ac26eee62511ddb922258b573c3286ba7f0dbb0c5f", @typed={0x8, 0x21, @uid=r5}, @typed={0x8, 0x2a, @pid=r6}, @generic="2ca3b1b10fcb6809bdf5abff141ec6f103776182f078699161a671aa02cd42d367d6151d2ad8fc4a5d6b50abba0d23ec296ce6b70e1e3c44917c63f8e350367e9f7f3972e42364403f05ff6673fc20efa7160a68361ee0b09fa91c986c66bbd6c086ab33c679d574de008fe5c47e0fc5a5abf0d50dff2f77fe7eb680473285f62e02913eea9b1530b9e0139a0cdfbdeb50e6422ba469b464ba9a9ef2b844bbdba89da9e88bbb1fa3515fef79140dc29287939bd3f5583ea2d13969b9f5aa5a548e9632bd84ef2787c3fb2489bd1d56d2098d9e700b7de33926ee93d491189a1c994d73cda5963d8097cd45836af853c4aa71d90be6e451627af3ea743fe7ee533a41db343d641f84e65d00662e17df829d8a2bd48f3f7401733fa5a62acbb50d6ec9d7d986aa8570b48a6eff09c3a161d8f2b65e92b1a177cfd353fdcaa904cd07c6dc60e36b9ad1bb05f7d8a544900ecfc1b898975c5ed9071ec6ecf4a337a53f1c54063ad33778d5f6c1c0fb2f96f15bcbd7befc321447ec5ac105e1ad8f67e5e8b2ca9d967ee488c8d740147ada789746d28b781ecf6ee1f61cc134c3dcca787371322fc5a4582fd0c7a85829835bd471cfb152740b10873b4882d298bfc1687eb74b8762f2db73e1411d84807bc9893863a8c2faeb2b423e76c5e1c1a863769151b19a49aea2445bfebfb37f3a13e64ba4906017a6f65ab4f494a28a81dcf6f62a54c713ec5c5dc54d18f48272dc51e19f93499ad05eaceca585fcdb3ece69c39b088db165ff58af712b61aad9701acee626bcfa4b1cbc4cee1b3b451e574934b2cebf8b18c85da561d48556a417bdbd306ed51e0ff0d4406797dce929bcb18172c76400661bceb31dda0bba953b1ca19e457ea365981f47a0c38d3e03fec870e80197f97c72b33d057b13059ab8d3cc9fc1e8d9db1060ecc0ba914bf879f8d1b9b6aedd5f0f73e05d8fbe55b284e082dba7510f7544014b68330e13ff44e27fa5952a27e8e91116200c00e15d656d5953c54bb6d9f159296288500977aacc1a764d44d82aa40c56d982a59fadf94ab8bdf61a4eae693de34eb7046f5be2b09034304b80baf7554a2d08a1651c087091c920ac06b5bd96c77f42c24ed60072839f24827022945ad17662a353ad475c0833a68671ea8beeeb840344fcc672be8d9b8bbcfa7be2ea02cf58148f09c9c9234098b310ed93bb4719a1bb74aade5898f16ed2f4a2f54dd5a795aebc6cc747dc550207d801d95a735a47a6c0c80304f47b25f0041419238d46aa872ea0dbf07ecf7ab339704c45063ad02518d3a27eb02c832c82ab971558c566fe2159c83ab06a50120cb6662d39cd5133f6faf2a03589167b88874a3ac20b6463a4055b0fb93ea2c83f6ed544d21c01ba8f49434d2023f05bc99a62b9306a77022a820ff19ea6ef6b14460c9b28170e468169256cbbebecbbbfa6dd3a048ba6e088ca2f54804186a4579042329ecc00a06127848627dd50829fe1299fd7e503c33e175f38d52b621e6e9c65d3d09658244bb623d9adb9cdf035142fe7edab37827e0fadbe621dfba263f0d596de9771e2956b00bff37707ab9f6d4b5909600e242e50fbbff72b3a08a3534fe2f25aa471ed8bd58ae2e5e3b36cd85989cc9fbbf18031e2d1ea1b37203b21d16511a981efa586ea0fa34d8e06cc01cdf1a7dac026c92f905fae1e02a13c7280d77defa14f27de0b49ad77ce507828851a4a14d80cc93117933f7a07bae021a691db8599a366a2cdccf8bbd69b45b12112494d300755471d0fede10bca36dafa4f79eafbc3fba37ae0aa5554ccca23baedf9b8d663f8054aa848633cfb3004a729a33899bae0ccacaffa156cad8d40a15953aacce2fec794dddaec28075c903b530260350d3ae8e37aaf23703a4913a8bbac533bf7d14400dc96a3d41c9e9f511236a4afa6de61c03df393697c5d5a4620c4e638d7fe9edb928814230e615c0412d84b235cfb2fc37e5f1caeab2b37ad205954fdf71e34e7ddbe896c549ef8c6450dd0e4b7b8f3ef706c76d8329c1e0bd3346abe11f96f4f0d503c009ff45fbd150b489635d1a78729511cf1f74432bf557e129e5ebcef25e89eaf7fa6525283f87492bb99d4cc360c0e656a0ccef94434d7850dc84341934b9b726e100b92f6284d1a7348daf7c5ce3b710d8e76cdf05314e0e81c1cc3de2a4bfb6761823150f3bb4aeccc5eeaa67f315fdec4837a3e6a35089b3dbf3cdc66ee9cdeab1c6284747655655c2b4115b401ca47f2a1bf496cbe79625f8f4ad982219e8e848155aed1d3bb99bd61f7b1bcc7835e93c37cd9569ddc8537710db5407e7938c00ca08de4ecc4879afe8325036fd997c2f08bfcdcf7dc0f61745b6798aac13a1c48900a7eb7b17949ae420d94978c79a168cde0b4f0445362c665b2528d68193b2371b5e96aa64d547df92f438457e89f0d3fb8c675196cc585cc677f558b25944a9414b2b023848be9917907ce8163ec7fabdb50982f843ccbb79d20274685a52da05f56de5974b34f2d5137992a793a12d9839e030e403c776b5674ec3e134a01f6a46d42b62f10fa280c8ca2194ce089074b9b089456b5fe757ee5fa3919bee6290c1af0cfab01e08d08d422c537245d3e75cec2a65cbaa3495002950d957dcc9c0fc357b93c5d030a2a84d7756b59a73b43a78aa91e92c2ab9ff91f037e8e976aa57d8e369766041dbdaf56ea27c501aef9e18fb9a686619361ffef98e0f3522bdefe3c2de9494a58d617bc1afc842ff04bb7d2f2a84a8dae1ea4376ba81840badf1658a0eb31c486a3a5e6f7e47796699179d0a37d4cf2588bb858a76649fc11519112997568f4494bc79b043750ccf7b46d07ad1aa2c0d06f37903ad501e545f1e8207ce63c2fba270a97007821c3387393c19c6a6e229f3aa17399c96d9acfef8ee69a4312e4ff95a791de35577cc14b2380e114ebff1f10aa3b22c09e320d00bf2ec32d2b8234828c4b6445e7b82b5ee4a0fd97ef4274d9a44790d543b65466c2e835ee37b169178c74a39b0b4bbdef23a340d65920e234767f3fd7ed8af82ffef277767c7c682bd158fdc80109d6d5db85297457a2e184ac4c3496442886236f36f415d2c7774762c9378a81b39c989c779f8c799323daf7b64a9e7ed9dec21f726baf09423e6ae52795ff6b941a107df3ded85c3f7ac6211f1eb8f117244e7e3e583e7ccf175cfb91ef6a56d4f9ee496d21faeac35ce2f589d6217fe1d6766c1f80f7c8e4ce6506c40adb3ecec5f9e22d74dfada2e10db573b03b9b937822de3a0ef1e76751e2bff95b39d6ac529665a8535fc9de4c7eea33b6727feb9173fc46046dfd7d7927de2c9e0e3f4a0e5d99efb3fff8e22055aad2d00a738818813d3e14b0e61c94ab72cfc0cbe71d3af26ad1297165a308dd04ca87ed9d01f02a32d9d251d1812d6ed78fcb1f61f5d6943792492d74f2fb4e250a71bcae2b16f0c5aa312a55e4abb6a6718359f3829d55e51692afb91c1879dd6f5fb5571ec25ff056b4fd9083bea8b26d21a446b91d864dc891fd72b5e1388ae8a62497d63a979eb38b44dd7afd291c0c46e3baa01105dd37e5dea00f30174b9371e3bd82b2f72a76576b444299739e10855a51702d8e485ec7cb847702729c726c221cf9aedc528218a6a4344687f3ac5827d20525f2f382b75be440f30a3b675fa536e8fee3a9fe1dbb531229131aee6b073e77a0ff7aa961a62dceecb1b81802a0f3853bf67e16d5f02fb30a2aecaa4bf2ceabfcac43daa983d38557351f0c992e66b70dc9d804143b566538b06fe3ffde695e4d14aa13edbe50f191d7aaf95069526ef696c3fac074afa87487998a505974d98afa90c242206dcabd50fd3747c70f47e9603e1a04ca612234a5ee800b6a00140de602302c0d1d72b83427f1440f2f3fe91b79c53f0d7adae1b39187b0a72d6eab151dc728e2e6befea97651a38a0b41c3813bd24db8a6175793e0821ef397591b4f6fca03d1ff681d912ae9af04342f334c01b40ed10dc3e2e8993272d8b736092bcf315a75e61efb67a61165493ef653a3314cc0342afb9dee9b2ad1b6792fd64851cbf9087fb0f41f9cf010eae815ed0c1efaa12a8bfb33f375c2f4406eb97f1d24f3f5839210c1bf9e9ce5e78647cedae652cb91ea2568162f7a456fdab84d72712c63dd1aa2e323e326557ecafad1495bae80eb3bca18700348088fb460cc8f8576fab957cffd1f5a6a94c3e28c5bc739a573283c0175301fbe032fe449395331678b6a6d6900396f756ea86cf03f40bfd581fd8e4ae18fc4f311a50405d420aec2f2b300752907be03435ed3445f71c04ef27ec79274a51bf9aa960da997a897ce8106d4bf9134034038751259b80ba523c79454be10cffe4b8df5be51b6811592b18187effc6cd0405609aef1cea7df5b7537efe3481874edf520ea50fb31db162a60435b12e8810d0e8f382c2701bfa8363e4a1923922f224b615b15a4356be5c525a18e6dcf66e1e410391d95d2a03c9999b7d898b46cf6c4b7ecab39c25d9eadafd2de2fa47d8e1f7c58d99cf7718fe8b7ef44b5fe124e2d94f66af94cf3bc55adb9287bd08905e9fb15ef574ba55b66296d61fae9c9a65c626fde389ea1e22946ae9437953cb8ed69e6f112125746a3e2cfa519701c6f54d706ba05e953ad93d2ee20228b89145d6414fb9c971b6f37a25b75fdc2910e5db8385d3eef34026e604884e272dc63c1badef70ad5c39c98e32909647fb50eaa388a2040bb3bd231e5070df338c1425bbc35a76d2f4654a02c5c68a28df381e784775a07eb6f073d5cf6ee8dbe6a17780161aed1370329cfd1779aeff36b9f00a5e8537c96cbc37936a768aa4d7bde277f908f62a5e97ab7d3e983760702d8ba9b4743486503fbb27fb7b3403ec6d14003ae404f6b0e1dd2d7ab6fcccace4f4499ac2f21eec26a976867e46352ee223916aae377184694e6e1a9ec1cf0927d4658b5940d7b3e9bdef93a2e209886ae8de3a93db81ff06c73136b17ab660f8228c8223464843fbb23be84b3c9fd9671ee1ed2d8046098d498cf9d079126d491a411c4e08a210d15288e725994582d25d23f4593247895a72bab62beb50231e092a604174b3c3d4f06054c2a42d3f423b71729ca60ff90bdd0c030e89cb82cd2e760c209c71cf13907a0a2856f609037dfbbc8d6cbc73a628504ee6b94a9b814ae85aaf95668058530a49008cff233a31512fea15e21ba9357cef4b837a89909d4e5d0471077379bfb3ec2e5ef474759e2698d15eb27c07832a16300cbb52bbbf22a53aa712b81397e1533be574ed8dcde7dc5d330e097f8a9e2818b7693753983952c4e19e2fd0cba887016bc83d2778e80754b66adb8d83596d1d2e28d8f4a667a8ee3ff16bd9d1c46f29abb29f52ffe81a1be2bd513277313023ab1db4cc406e489cc24f81cee8252f818d71a2cbd8db9011c2b307c733f95f06d435dfe8a88411d7e32c65abeedda3f9953f1bb1e497897172aa382e131d6ab669a5e4249fbbed12eb4b4ad2490bee1527326cc8936fb5b5ea0e28b29db6315a048006fedf0181807c6ffc9a8c2ce89d0dd710c79cf8c7db5ce19049e6859adf4878401dedca0323e5d9af3eb785edbe7f0f9eaf4c6098c3e7656ccd7c857a66473e3c82fdd59c394015a2ffed42990f0be35cda3bc54d824e27554510af6b022b2c3eed881c7d0416afca3112f504a2bd9f2719cb914248ef4035db5e0a40be71ebf5b8c13d5c3bdb169a86a58ed491211a85fcf4e15bbde4e0e338f75c7b5be658a"]}, @generic="aab0c3aded40aa8fdaf7668ca0fd86dab0c701e46b8d03cf2b3f15086a987215424e0e976acc5a6c79c31106c90c8b6d327fd69e2233ced259f1ebff6273e4e66badfc9b695ea69fb589746430d03068ce96d58e4c8846f42dc6727947b7719afbdce680adf8b4b74ebdaaf87526412d36ab3d7f5ca7f554248c3ed30f519e1fd3a4c8f20c680ba4b584efc87ca7b8f5066b933eed58c3aca846789f1cccd2558812545a6890d4786bdd16c5041ba8eba6308f5b3bbdb503c394249a764a7b29674d2f8de7fa85f5"]}, 0x11f4}, 0x1, 0x0, 0x0, 0x40c1}, 0x24004000) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={r3, 0x10, &(0x7f0000000280)={&(0x7f00000000c0)=""/38, 0x26, r4}}, 0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x40, 0x0) 14:40:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000b000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x3, 0x0, 0x0) recvmsg$kcm(r2, &(0x7f0000000200)={&(0x7f0000000140)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f00000001c0), 0x0, &(0x7f0000000300)=""/226, 0xe2}, 0x10100) setsockopt$bt_BT_CHANNEL_POLICY(r3, 0x112, 0xa, &(0x7f0000000240)=0x2, 0x4) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2020.301605][ T9338] binder_transaction: 1 callbacks suppressed [ 2020.301625][ T9338] binder: 9327:9338 transaction failed 29189/-3, size 40-8 line 3147 14:40:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x3f000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:26 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000080)=0xff, &(0x7f00000000c0)=0x2) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() accept$netrom(r1, 0x0, &(0x7f0000000000)) setsockopt$inet6_buf(r1, 0x29, 0x12, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x0, 0x9, 0xffffffffffff0001, 0x7, 0xc5cf}, 0x14) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r1, 0x4, 0x2000) ioctl$KVM_SIGNAL_MSI(r1, 0x4020aea5, &(0x7f0000000100)={0x2000, 0x2000, 0x2, 0x6, 0x2}) 14:40:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRES32=r1], 0x48000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2020.518555][ T9356] binder: 9350:9356 got transaction with invalid parent offset or type 14:40:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x41) [ 2020.563065][ T9356] binder: 9350:9356 transaction failed 29201/-22, size 40-8 line 3317 [ 2020.617303][ T9367] binder_alloc: binder_alloc_mmap_handler: 9350 20000000-20002000 already mapped failed -16 14:40:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x54) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) getcwd(&(0x7f0000000040)=""/50, 0x32) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2020.672468][ T9367] binder_alloc: 9350: binder_alloc_buf, no vma [ 2020.673029][ T9371] binder: BINDER_SET_CONTEXT_MGR already set [ 2020.744379][ T9371] binder: 9350:9371 ioctl 40046207 0 returned -16 [ 2020.748344][T13966] binder_release_work: 2 callbacks suppressed [ 2020.748352][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2020.783187][ T9367] binder: 9350:9367 transaction failed 29189/-3, size 40-8 line 3147 14:40:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x8000, 0x3, 0x5000, 0x1000, &(0x7f0000002000/0x1000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) flock(r0, 0x8) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3ff, 0x547801) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r3, 0x111, 0x1, 0x7f, 0x4) [ 2020.891284][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x48000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x43) 14:40:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1c000000e8ff0080b984fc7e6db53ca58b5d56905117f9953c1cbd633d42f3a8500010ff4f8901b266431bcecb9a29029d477a4322107e1a8e5480c02988bd484e70c8bb3481e52a7dba26e59a473ead1987a7476cfc8aaf434fc85f83a4ef6b5b84fc3c"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x7, &(0x7f0000000040)=0x630, 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffdba) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x408000, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r4, 0x2288, &(0x7f0000000200)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$P9_RREADLINK(r4, &(0x7f0000000240)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) 14:40:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x4000, 0x0) ioctl$BLKBSZGET(r3, 0x80081270, &(0x7f00000000c0)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2021.063849][ T9396] binder: 9395:9396 got transaction with invalid parent offset or type [ 2021.096326][ T9396] binder: 9395:9396 transaction failed 29201/-22, size 40-8 line 3317 [ 2021.163910][ T9404] binder_alloc: binder_alloc_mmap_handler: 9395 20000000-20002000 already mapped failed -16 14:40:27 executing program 4: prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000100)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) fanotify_mark(r1, 0x20, 0x8000013, r1, &(0x7f0000000000)='./file0\x00') 14:40:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x45) [ 2021.206926][ T9404] binder: BINDER_SET_CONTEXT_MGR already set [ 2021.235000][ T9404] binder: 9395:9404 ioctl 40046207 0 returned -16 [ 2021.242658][ T9407] binder_alloc: 9395: binder_alloc_buf, no vma 14:40:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000200), &(0x7f0000000240)=0x4) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813767c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2021.280670][ T9407] binder: 9395:9407 transaction failed 29189/-3, size 40-8 line 3147 [ 2021.299912][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5893747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x881) ioctl$DRM_IOCTL_ADD_BUFS(r3, 0xc0206416, &(0x7f00000000c0)={0x0, 0x2, 0x80, 0x101, 0x6, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2021.340496][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x4c000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x47) [ 2021.493072][ T9430] binder: 9427:9430 got transaction with invalid parent offset or type [ 2021.542283][ T9430] binder: 9427:9430 transaction failed 29201/-22, size 40-8 line 3317 [ 2021.589539][ T9436] binder_alloc: binder_alloc_mmap_handler: 9427 20000000-20002000 already mapped failed -16 [ 2021.634387][ T9430] binder: BINDER_SET_CONTEXT_MGR already set [ 2021.654741][ T9430] binder: 9427:9430 ioctl 40046207 0 returned -16 14:40:27 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2021.684947][ T9442] binder_alloc: 9427: binder_alloc_buf, no vma 14:40:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x49) [ 2021.736603][ T9442] binder: 9427:9442 transaction failed 29189/-3, size 40-8 line 3147 [ 2021.738324][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:40:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffff9, 0x16000) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$PIO_SCRNMAP(r3, 0x4b41, &(0x7f0000000180)="f838e9c7fb4254dfe4105f232463b534354df459324d240dcf19a8df15631d51e7962efa70a871578a1a66a80c9b90d999c345ed5b15f8920fa33846875c3b970d8f80a2ef9c8b5e77b442ba1b6edd09aefccc45a792116f23b99b3972b228351fcc4a35a49e7f9b19e41bbb20b8fc835768d68eff22891541d4d934d1981bac1ca4d8bb04d5bc0d79496b30e05f74ead48caa64963d0d109fca0f5e0075ca1a1a60cea716c774d39c1b56c51d9c7c81525cbdfee0fd3147449a55e4fbace7a47741a2fc4d52d0a9099b21f8579d35b6508a7b707dae38363ee01595fab3e9690d031daab3602bfd02") ioctl$KVM_NMI(r2, 0xae9a) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x60000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2021.790762][T25744] binder: undelivered TRANSACTION_ERROR: 29189 14:40:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x80000000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2021.920568][ T9452] binder: 9451:9452 got transaction with invalid parent offset or type [ 2021.967671][ T9452] binder: 9451:9452 transaction failed 29201/-22, size 40-8 line 3317 [ 2022.029469][ T9459] binder_alloc: binder_alloc_mmap_handler: 9451 20000000-20002000 already mapped failed -16 [ 2022.076446][ T9452] binder: BINDER_SET_CONTEXT_MGR already set [ 2022.121398][ T9452] binder: 9451:9452 ioctl 40046207 0 returned -16 [ 2022.121427][ T9462] binder_alloc: 9451: binder_alloc_buf, no vma [ 2022.186826][ T9462] binder: 9451:9462 transaction failed 29189/-3, size 40-8 line 3147 [ 2022.195095][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2022.216741][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) rename(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0\x00') 14:40:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4b) 14:40:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db9840e7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r4, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}]}, 0x1c}}, 0x20000000) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000200)={r3, 0x50, &(0x7f0000000180)}, 0x10) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:30 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) ioctl$VIDIOC_STREAMOFF(r1, 0x40045613, &(0x7f0000000000)=0xfffffffffffffffa) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x1000000000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000ceb0e7b236e6910000000000"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x68000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2024.363863][ T9470] binder: 9468:9470 got transaction with invalid parent offset or type [ 2024.424010][ T9470] binder: 9468:9470 transaction failed 29201/-22, size 40-8 line 3317 14:40:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4d) [ 2024.479778][ T9486] binder_alloc: binder_alloc_mmap_handler: 9468 20000000-20002000 already mapped failed -16 [ 2024.513576][ T9470] binder: BINDER_SET_CONTEXT_MGR already set 14:40:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ea58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x6, 0x80080) [ 2024.565583][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2024.565589][ T9486] binder_alloc: 9468: binder_alloc_buf, no vma [ 2024.580734][ T9470] binder: 9468:9470 ioctl 40046207 0 returned -16 [ 2024.602799][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x6c000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x400, 0x0) ioctl$TIOCMBIC(r3, 0x5417, &(0x7f0000000300)=0x2) signalfd4(r0, &(0x7f0000000040)={0x800}, 0x8, 0x80000) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100fff}) ioctl$RTC_RD_TIME(r3, 0x80247009, &(0x7f0000000340)) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x105801, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000200), &(0x7f0000000140)=0xed) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000180)="b9000100c00f32400f0766ba2100ed66400f383b980b00000066baf80cb85545d088ef66bafc0cec66420f38829d00000000470fc72a66baf80cb8fedff488ef66bafc0c66b89a0066ef262e0f01ca430f01c8"}], 0x1, 0xffffffffffffffff, 0x0, 0xfffffffffffffdf2) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c1300d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4f) [ 2024.813104][ T9499] binder: 9496:9499 got transaction with invalid parent offset or type [ 2024.871340][ T9506] binder_alloc: binder_alloc_mmap_handler: 9496 20000000-20002000 already mapped failed -16 [ 2024.916586][ T9499] binder: BINDER_SET_CONTEXT_MGR already set [ 2024.949381][ T9499] binder: 9496:9499 ioctl 40046207 0 returned -16 [ 2024.985804][ T9506] binder_alloc: 9496: binder_alloc_buf, no vma 14:40:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000180), &(0x7f00000001c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000200)={'team0\x00', 0x5}) 14:40:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x51) 14:40:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x74000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2025.183356][ T9528] binder: 9526:9528 got transaction with invalid parent offset or type [ 2025.235267][ T9533] binder_alloc: binder_alloc_mmap_handler: 9526 20000000-20002000 already mapped failed -16 [ 2025.275954][ T9528] binder: BINDER_SET_CONTEXT_MGR already set [ 2025.295174][ T9528] binder: 9526:9528 ioctl 40046207 0 returned -16 [ 2025.314574][ T9533] binder_alloc: 9526: binder_alloc_buf, no vma [ 2025.334443][ T9533] binder_transaction: 4 callbacks suppressed [ 2025.334461][ T9533] binder: 9526:9533 transaction failed 29189/-3, size 40-8 line 3147 14:40:31 executing program 4: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) move_pages(r0, 0x5, &(0x7f0000000040)=[&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil], 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x6) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000240), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1) fcntl$setstatus(r1, 0x4, 0x2000) 14:40:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="b4e0bfa7facb4109"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_SIOCBRDELBR(r3, 0x89a1, &(0x7f0000000080)='bpq0\x00') ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000480)={r3, r3, 0x2b8, 0x8c, &(0x7f0000000180)="ac86036eb982d53771c236bd6e52806d1d4a63936b7aa319f9f68ed172da8d8e91df47c2ee554ecdb94fd3821d5b0355bc41114a445a102d99f79f87373aa422e23031eee80763988eeb498638bb836268137c2e138bf0c51eb211a2f6aaefb23222238488c52590bb0f18f1ab38bf557c08ccfc8a4a4b7db05db9aa4c20329e68c48720795eb4a69fa39beb", 0x6, 0x8001, 0xffffffff80000000, 0x7f, 0x10001, 0x3, 0x800, 'syz1\x00'}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676bc4a6162233b1ba77bd28db0cc02fa9f819cc8489028c7c9737999c1462194110987f30254899ce417eda7d6e01d38ff016987b8330d6d433539425911b25cb0201df0749c1f839a8bfa769255c7d2315d94e8662db10041c656dc4f199ab24e5f0449eee434d5d291de9dd691969de5e6e99af7ef1bacfce632131f027eb6ce53d586bed7619ea23a4b78d39a2aea4b0ba5162f67ffb4e447ccfdb45757de888969f6820daec187bdb3e16d94b3d515d89d309d8535ca9dd52f3f6a6fa7dacbf45be78d1a079b0add16b3ad648166e4f176f540f99bebf96af74a45076fcbeacd62effaf5af815cc6d87bdb84164c807a3481e064c94f46807f2ef9eac60a9d4aab5ad318bb4a606d32149909cd87df09ddb3c601f40760854abfd8b50d474cff0d0b56ec11ae19b0a40f4be610ffc3ba7e2edaf6e27ca320294d828a1d759df0443a"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x3, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x53) 14:40:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x7a000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x1, 0x2) getsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000380), &(0x7f00000003c0)=0x4) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="1c00000020c42e044ce8ff0080042db984bc7e6db53c078b5d56905117f9"], 0x0) r4 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@dev}}, {{@in=@broadcast}, 0x0, @in=@broadcast}}, &(0x7f0000000280)=0xe8) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f0000000300)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2025.543164][ T9544] binder: 9537:9544 got transaction with invalid parent offset or type [ 2025.575240][ T9544] binder: 9537:9544 transaction failed 29201/-22, size 40-8 line 3317 [ 2025.626397][ T9550] binder_alloc: binder_alloc_mmap_handler: 9537 20000000-20002000 already mapped failed -16 [ 2025.660008][ T9544] binder: BINDER_SET_CONTEXT_MGR already set 14:40:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x55) [ 2025.697322][ T9544] binder: 9537:9544 ioctl 40046207 0 returned -16 [ 2025.721124][ T9556] binder_alloc: 9537: binder_alloc_buf, no vma 14:40:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00000001c0)={0x2, 0x0, @pic={0x100000000, 0x7, 0xcc, 0x3, 0x80, 0xe2, 0x8000, 0x5, 0xfffffffffffffffe, 0x10000, 0x1ff, 0x6, 0x5, 0x200, 0x274f, 0x1}}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r3 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x8080000006, 0x400404) ioctl$KVM_NMI(r3, 0xae9a) ioctl$TUNSETVNETLE(r3, 0x400454dc, &(0x7f0000000040)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2025.770763][T13966] binder_release_work: 4 callbacks suppressed [ 2025.770770][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2025.795483][ T9556] binder: 9537:9556 transaction failed 29189/-3, size 40-8 line 3147 14:40:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) r3 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x2240, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0xfdfdffff}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="6f8db321f400e8442cda68b14d356753c2077f31fb679bd923f15b5306d2e939996b80a70a7c732cb72afdacfe80e8b63cb28d4803c10ebd1cb97e0797072b678b5ea3d31378c2ece19bd35e70e3ce3eb2fd74b19569ec2ffcf112bed7c36c4b99870afa3f7dc5ade4c22e71974bcaaedf09c8df06b49f8b60a999d3c548af59698a1b01153bb574ba18a28565a53fc9a37981586b7c51f8f6317e1892122fd95ba9f06333a95a660082aabbe2dddd96157fef287842ca"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2025.885034][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x64) [ 2026.014126][ T9570] binder: 9568:9570 got transaction with invalid parent offset or type [ 2026.036711][ T9570] binder: 9568:9570 transaction failed 29201/-22, size 40-8 line 3317 [ 2026.106199][ T9573] binder_alloc: binder_alloc_mmap_handler: 9568 20000000-20002000 already mapped failed -16 [ 2026.123925][ T9570] binder: BINDER_SET_CONTEXT_MGR already set [ 2026.160365][ T9570] binder: 9568:9570 ioctl 40046207 0 returned -16 [ 2026.175624][ T9581] binder_alloc: 9568: binder_alloc_buf, no vma [ 2026.198241][ T9581] binder: 9568:9581 transaction failed 29189/-3, size 40-8 line 3147 [ 2026.232070][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2026.266210][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:34 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() syz_init_net_socket$ax25(0x3, 0x0, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x14) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x240000, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 14:40:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x65) 14:40:34 executing program 0: syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x800000000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x6004, 0x4002}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c581e747c0000d4"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0xfffffdfd}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x800, 0x0) ioctl$SIOCX25GCALLUSERDATA(r2, 0x89e4, &(0x7f0000000180)={0x1e, "27b485f10563c8a160c0ef742e291c074f0e80a5b0d137f6b6a41b455a39298fe5ff2ad63c5ec8d04207c819cce5d8231095751d5da53a3a3931bce902edebed8f6758fd897691d4dafe3ec839b3efc5da7503dc15a5028f9edd0572c37f97f90c056e119a18e1d307b34062b7bdff937e4374d3db9354e615f4f216cc1e88b3"}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r4 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x400000) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f00000000c0)={0x4, &(0x7f0000000300)=[{}, {}, {}, {}]}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2028.597648][ T9590] binder: 9589:9590 got transaction with invalid parent offset or type [ 2028.641296][ T9590] binder: 9589:9590 transaction failed 29201/-22, size 40-8 line 3317 [ 2028.680935][ T9599] binder_alloc: binder_alloc_mmap_handler: 9589 20000000-20002000 already mapped failed -16 14:40:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x66) [ 2028.713389][ T9590] binder: BINDER_SET_CONTEXT_MGR already set [ 2028.756583][ T9590] binder: 9589:9590 ioctl 40046207 0 returned -16 14:40:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x1, 0x4000) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r3, 0x110, 0x4, &(0x7f00000000c0), 0x4) [ 2028.799102][ T9599] binder_alloc: 9589: binder_alloc_buf, no vma [ 2028.813587][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2028.828476][ T9599] binder: 9589:9599 transaction failed 29189/-3, size 40-8 line 3147 14:40:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1e0c8083daba134e4cc56a3dbf8ee60b2dfb374e4a05b44ba82e3cf7080c65c3449b752a22cba3f7a79b8c9cd06a734d64af52380e0a7e657cdb3a1d99b8aad935fef77f0000000000000000000000000000000000"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2028.879912][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x100000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x67) 14:40:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x80000, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a543aa7d7a7d3a48701a9efbaf37d26cb6c9fd2f1f22a211bffa0a9a8e74bccf03ff2768125004fa2062a7a61e0f70c17c0e1b413bfc50074508b5e1e94524484275b981fad2cf71b1ea359667e202c8", @ANYRES16=r3, @ANYBLOB="00002cbd7000fbdbdf25040000000c0006000400020004000200100002000400040008000200610900003800070008000100a400000008000200410000000c000300830e00000000000008000200ff0700000800020004000000080001003f0300003000060004000200040002000400020008000100ff0f0000040002000400020008000100060000000800010000800000"], 0x98}, 0x1, 0x0, 0x0, 0x845}, 0x20048000) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f000000a000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f00000003c0)="48b81ca00000000000000f23d00f21f835300000000f23f8260f3566baf80cb8ec721383ef66bafc0cb8d0a4c8b1ef2e66420f218bc4036102843509000000006564af48b8aa2a0000000000000f23d00f21f8353000000e0f23f842f94f0fc79c8d4100000067440f06", 0x6a}], 0x1, 0x6c, &(0x7f0000000480)=[@vmwrite={0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8e}], 0x1) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c006db53ca58b5d56905117f9000000000000000000000000"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r4, 0xae9a) ioctl$IOC_PR_RESERVE(r2, 0x401070c9, &(0x7f0000000380)={0x2, 0x18, 0x1}) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 2029.094868][ T9621] binder: 9619:9621 got transaction with invalid parent offset or type [ 2029.131150][ T9621] binder: 9619:9621 transaction failed 29201/-22, size 40-8 line 3317 [ 2029.208319][ T9631] binder_alloc: binder_alloc_mmap_handler: 9619 20000000-20002000 already mapped failed -16 [ 2029.253907][ T9621] binder: BINDER_SET_CONTEXT_MGR already set [ 2029.274463][ T9621] binder: 9619:9621 ioctl 40046207 0 returned -16 [ 2029.294117][ T9632] binder_alloc: 9619: binder_alloc_buf, no vma [ 2029.302388][ T9632] binder: 9619:9632 transaction failed 29189/-3, size 40-8 line 3147 [ 2029.317718][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2029.325463][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:37 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x3, 0x2) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000640)='/proc/sys/net/ipv4/vs/conn_reuse_mode\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000680)={0x0, 0xd86, 0x8, 0xbb2}, &(0x7f00000006c0)=0x10) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000700)=ANY=[@ANYRES32=r2, @ANYBLOB="010012007754a9636438b503973e748e7bca2da278fe"], 0x1a) r3 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x10e755) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000800), &(0x7f0000000840)=0x4) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() ioctl$KVM_S390_UCAS_MAP(r3, 0x4018ae50, &(0x7f0000000600)={0xfffffffffffffff8, 0x0, 0x1}) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) ioctl$SIOCAX25ADDFWD(r3, 0x89ea, &(0x7f00000007c0)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null}) tkill(r4, 0x4000000000000001) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@dev, @in=@multicast2}}, {{@in6=@empty}, 0x0, @in6}}, &(0x7f00000005c0)=0xe8) fcntl$lock(r3, 0x25, &(0x7f00000000c0)={0x1, 0x3, 0x9, 0x40, r4}) fcntl$setstatus(r0, 0x4, 0x2000) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000000)=""/66, 0x42}, {&(0x7f0000000080)=""/51, 0x33}, {&(0x7f00000000c0)}, {&(0x7f0000000100)=""/67, 0x43}, {&(0x7f0000000180)=""/5, 0x5}, {&(0x7f00000001c0)=""/12, 0xc}, {&(0x7f00000002c0)=""/136, 0x88}, {&(0x7f0000000200)=""/28, 0x1c}, {&(0x7f0000000380)=""/68, 0x44}], 0x9) write$binfmt_elf64(r1, &(0x7f0000000880)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x1, 0x2, 0x9, 0x7ff, 0x3, 0x3e, 0xb2, 0xb1, 0x40, 0x1f9, 0x1ec, 0x9, 0x38, 0x2, 0x0, 0x971c, 0x1b00000}, [{0x4, 0xbc5, 0x4, 0x100000000, 0x5, 0x169, 0x0, 0xdd}, {0x6, 0x3, 0x5, 0x4, 0x7ff, 0x3, 0xffffffff, 0x6}], "162981262980045a0593d562e43e551a408b50cf90849ecaf60f05e38c9abb5e6616dce2a73c9f193f40e6e93c6fff731b8c090cef8e29814b92ac9d1fd1d0774b83b7", [[], [], []]}, 0x3f3) ioctl$EVIOCGKEYCODE(r3, 0x80084504, &(0x7f0000000740)=""/110) 14:40:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_SREGS(r2, 0x8138ae83, &(0x7f0000000180)) 14:40:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="0000d5184cf6760000000000"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_XCRS(r2, 0x8188aea6, &(0x7f0000000040)={0x1, 0x800, [{0x8, 0x0, 0x401}]}) 14:40:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x300) 14:40:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x200000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:37 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) waitid(0x3, r2, &(0x7f0000000080), 0x40000000, &(0x7f0000000100)) r3 = semget$private(0x0, 0x3, 0x4) semctl$IPC_INFO(r3, 0x3, 0x3, &(0x7f0000000000)=""/125) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2031.696743][ T9644] binder: 9643:9644 got transaction with invalid parent offset or type [ 2031.705144][ T9644] binder: 9643:9644 transaction failed 29201/-22, size 40-8 line 3317 [ 2031.802343][ T9659] binder_alloc: binder_alloc_mmap_handler: 9643 20000000-20002000 already mapped failed -16 [ 2031.831879][ T9644] binder: BINDER_SET_CONTEXT_MGR already set 14:40:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3e8) [ 2031.852634][ T9644] binder: 9643:9644 ioctl 40046207 0 returned -16 [ 2031.896349][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2031.903086][ T9659] binder_alloc: 9643: binder_alloc_buf, no vma [ 2031.936401][ T9659] binder: 9643:9659 transaction failed 29189/-3, size 40-8 line 3147 [ 2031.944639][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$binfmt_misc(r1, &(0x7f0000000180)={'syz0', "00d2bbb8ec40c46ee9be0459e478fc8e928e36e8f0d95594906b534b0944abced141f17a315604828215a737254dadf6bd0ceaea4150284b7619e0b8b8f46e95e6d2e31ce7891097c5e3f3582095ba2f24b95fe4330b85c8d49d"}, 0x5e) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) munmap(&(0x7f0000fff000/0x1000)=nil, 0x1000) 14:40:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x9, 0x400) getsockname$netlink(r3, &(0x7f00000000c0), &(0x7f0000000180)=0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f00000000c0)={0x1, 0x0, {0x18, 0xb, 0x12, 0xa, 0x0, 0x6, 0x6, 0x151, 0x1}}) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x1, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000180)=0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x300000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2032.150310][ T9682] binder: 9679:9682 got transaction with invalid parent offset or type 14:40:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x480) [ 2032.203832][ T9682] binder: 9679:9682 transaction failed 29201/-22, size 40-8 line 3317 14:40:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x1, 0x101002) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2032.259113][ T9689] binder_alloc: binder_alloc_mmap_handler: 9679 20000000-20002000 already mapped failed -16 [ 2032.326530][ T9682] binder: BINDER_SET_CONTEXT_MGR already set [ 2032.332688][ T9682] binder: 9679:9682 ioctl 40046207 0 returned -16 [ 2032.403977][ T9696] binder_alloc: 9679: binder_alloc_buf, no vma 14:40:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x100) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000a000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000180)="41f77f00c4e1ab7cad008000008f684086ca000f20e035000100000f22e0c403394071009d670f01ca660f3adf79cfb4c744240040000000c744240200680000ff1c24420f01f8660f38f67cfd2f", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2032.461903][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2032.476834][ T9696] binder: 9679:9696 transaction failed 29189/-3, size 40-8 line 3147 14:40:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x500) 14:40:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d5601000000"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = gettid() ptrace$getregset(0x4204, r3, 0x3, &(0x7f0000000040)={&(0x7f0000000180)=""/103, 0x67}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x400000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2032.506197][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRESHEX=r1], 0x210001) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) get_robust_list(r2, &(0x7f0000000140)=&(0x7f0000000100)={&(0x7f0000000040)={&(0x7f0000000000)}, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)}}, &(0x7f0000000180)=0x18) fcntl$setstatus(r0, 0x4, 0x2000) [ 2032.638283][ T9706] binder: 9703:9706 got transaction with invalid parent offset or type [ 2032.684412][ T9706] binder: 9703:9706 transaction failed 29201/-22, size 40-8 line 3317 14:40:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x600) [ 2032.727895][ T9715] binder_alloc: binder_alloc_mmap_handler: 9703 20000000-20002000 already mapped failed -16 14:40:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x40001) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2032.768433][ T9706] binder: BINDER_SET_CONTEXT_MGR already set [ 2032.815909][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2032.824702][ T9706] binder: 9703:9706 ioctl 40046207 0 returned -16 14:40:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x500000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc9f6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(r1, &(0x7f0000000300)=ANY=[], 0xfffffffffffffffe) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0) chown(&(0x7f0000000040)='./file0\x00', r3, r4) [ 2032.946393][ T9730] binder: 9729:9730 got transaction with invalid parent offset or type [ 2032.976293][ T9730] binder: 9729:9730 transaction failed 29201/-22, size 40-8 line 3317 14:40:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x700) [ 2033.046893][ T9737] binder_alloc: binder_alloc_mmap_handler: 9729 20000000-20002000 already mapped failed -16 [ 2033.088704][ T9730] binder: BINDER_SET_CONTEXT_MGR already set [ 2033.088726][ T9737] binder_alloc: 9729: binder_alloc_buf, no vma 14:40:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x10000, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x100001, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="d51842f64989e0ae75c4beda76"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r3 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e23, 0xfff, @dev={0xfe, 0x80, [], 0x15}, 0x1e6}}, 0x5, 0x20000000}, &(0x7f0000000080)=0x90) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000280)={0xddde, 0xef, 0x2, 0xc85, 0x7, 0x2, 0x0, 0x6, r4}, 0x20) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000100)=0x4) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2033.155833][ T9730] binder: 9729:9730 ioctl 40046207 0 returned -16 [ 2033.169932][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2033.205969][ T9737] binder: 9729:9737 transaction failed 29189/-3, size 40-8 line 3147 14:40:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) ioctl$KVM_S390_INTERRUPT_CPU(r2, 0x4010ae94, &(0x7f0000000240)={0x3, 0x5, 0x3}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1a9b311c00f5c36222000000000000000000b53ca58b5d5690"], 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x20) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, &(0x7f00000000c0)=0xff30) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000001c0)=0x0) fcntl$lock(r2, 0x5a931a56b8f2979, &(0x7f0000000200)={0x2, 0x2, 0x80000001, 0x5, r4}) write$FUSE_POLL(r3, &(0x7f0000000180)={0x18, 0x0, 0x8, {0x67c2a496}}, 0x18) ioctl$KVM_NMI(r2, 0xae9a) ioctl$RTC_UIE_ON(r3, 0x7003) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2033.265103][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x900) 14:40:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x600000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="82e58269c0953b7e"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r3 = dup(r0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) prctl$PR_SET_TSC(0x1a, 0x0) [ 2033.505658][ T9765] binder: 9757:9765 got transaction with invalid parent offset or type [ 2033.535712][ T9765] binder: 9757:9765 transaction failed 29201/-22, size 40-8 line 3317 [ 2033.575353][ T9767] binder_alloc: binder_alloc_mmap_handler: 9757 20000000-20002000 already mapped failed -16 [ 2033.620355][ T9765] binder: BINDER_SET_CONTEXT_MGR already set [ 2033.650959][ T9765] binder: 9757:9765 ioctl 40046207 0 returned -16 [ 2033.665984][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2033.672712][ T9767] binder_alloc: 9757: binder_alloc_buf, no vma [ 2033.700128][ T9767] binder: 9757:9767 transaction failed 29189/-3, size 40-8 line 3147 [ 2033.725641][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:39 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x20000, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() connect$rds(r1, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet6_buf(r1, 0x29, 0xfc, 0x0, 0xfffffde5) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = mq_open(&(0x7f0000000040)='\x00', 0x0, 0x1, &(0x7f00000000c0)={0x5, 0x7f, 0x40, 0x1, 0x7, 0x0, 0x5, 0x1e3}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffff9c, 0x0, 0x9, &(0x7f0000000180)='/dev/kvm\x00'}, 0x30) mq_notify(r3, &(0x7f0000000200)={0x0, 0x19, 0x5, @tid=r4}) 14:40:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x101000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000340)={0xffffffffffffffff}, 0x13f, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r3, &(0x7f0000000240)={0x10, 0x30, 0xfa00, {&(0x7f0000000180), 0x1, {0xa, 0x4e21, 0x47ae, @local, 0x6}, r4}}, 0x38) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f00000001c0)={0x3, 0x101, 0x7}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c00000056905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000280)={0x6, 0x100000001}) 14:40:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xa00) 14:40:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x700000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2033.885416][ T9780] binder: 9779:9780 got transaction with invalid parent offset or type [ 2033.936446][ T9780] binder: 9779:9780 transaction failed 29201/-22, size 40-8 line 3317 [ 2033.963049][ T9790] binder_alloc: binder_alloc_mmap_handler: 9779 20000000-20002000 already mapped failed -16 [ 2034.041569][ T9798] binder: BINDER_SET_CONTEXT_MGR already set [ 2034.062270][ T9790] binder_alloc: 9779: binder_alloc_buf, no vma [ 2034.081179][ T9798] binder: 9779:9798 ioctl 40046207 0 returned -16 14:40:39 executing program 2: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x80000, 0x0) getpeername$netlink(r0, &(0x7f00000000c0), &(0x7f0000000180)=0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f00000001c0)={0x3, 0x2cb8}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) lseek(r2, 0x0, 0x4) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) init_module(&(0x7f0000000200)='/dev/kvm\x00', 0x9, &(0x7f0000000240)='/dev/vsock\x00') [ 2034.089501][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:40:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x1, 0x2, 0x2, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x4000, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) write$input_event(r2, &(0x7f0000000040)={{0x77359400}, 0x2, 0x40, 0x80000001}, 0x18) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xb00) 14:40:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x800000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2034.248007][ T9802] Unknown ioctl 1074545409 [ 2034.275069][ T9810] binder: 9805:9810 got transaction with invalid parent offset or type [ 2034.337659][ T9802] Unknown ioctl 44609 [ 2034.342016][ T9817] binder_alloc: binder_alloc_mmap_handler: 9805 20000000-20002000 already mapped failed -16 [ 2034.382426][ T9818] Unknown ioctl 1074545409 [ 2034.387142][ T9810] binder: BINDER_SET_CONTEXT_MGR already set [ 2034.393220][ T9810] binder: 9805:9810 ioctl 40046207 0 returned -16 [ 2034.393393][ T9819] binder_alloc: 9805: binder_alloc_buf, no vma 14:40:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xc00) [ 2034.468152][ T9802] Unknown ioctl 44609 14:40:40 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000000), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0xffff, 0x2, 0x5, 0x60, 0x0, 0x0, 0x4000, 0x4, 0xe62b, 0x9, 0x1, 0xffffffffffffffff, 0x5, 0x8, 0x7, 0x5, 0x400, 0x1, 0x5, 0xda, 0x200, 0xfffffffffffffff7, 0x2, 0x8000000000000000, 0x839, 0x5, 0x414, 0xffffffffffffffff, 0xe4, 0xcc9, 0x7, 0x1, 0x5, 0x8, 0x8000, 0x779, 0x0, 0x4, 0x5, @perf_config_ext={0x1, 0x8}, 0x1000, 0x65c, 0x101, 0x7, 0x9831, 0x4, 0x5e}, r2, 0x2, r1, 0x9) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x1ffd) 14:40:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0xa00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = dup3(r2, r2, 0x80000) ioctl$EVIOCGID(r3, 0x80084502, &(0x7f0000000180)=""/133) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2034.598586][ T9829] binder: 9827:9829 got transaction with invalid parent offset or type [ 2034.676372][ T9838] binder_alloc: binder_alloc_mmap_handler: 9827 20000000-20002000 already mapped failed -16 [ 2034.691868][ T9834] *** Guest State *** [ 2034.710877][ T9834] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 2034.718974][ T9829] binder: BINDER_SET_CONTEXT_MGR already set 14:40:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xd00) [ 2034.745500][ T9834] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 2034.746529][ T9829] binder: 9827:9829 ioctl 40046207 0 returned -16 [ 2034.776570][ T9834] CR3 = 0x0000000000000000 [ 2034.800074][ T9834] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 2034.821938][ T9834] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 2034.836499][ T9834] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 14:40:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c580900000000d5184cf676"], 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000001c0)={&(0x7f000000c000/0x1000)=nil, 0x1000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000180)=0x4) 14:40:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x800, 0x0) ioctl$RTC_WIE_ON(r3, 0x700f) [ 2034.878709][ T9834] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 2034.896565][ T9834] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 14:40:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x1200000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2034.956760][ T9834] SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 14:40:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe00) [ 2035.050600][ T9834] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2035.096786][ T9855] binder: 9853:9855 got transaction with invalid parent offset or type [ 2035.136705][ T9834] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2035.145708][ T9861] binder_alloc: binder_alloc_mmap_handler: 9853 20000000-20002000 already mapped failed -16 [ 2035.186188][ T9855] binder: BINDER_SET_CONTEXT_MGR already set [ 2035.204331][ T9834] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2035.228060][ T9855] binder: 9853:9855 ioctl 40046207 0 returned -16 14:40:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f00000000c0)='trusted.overlay.origin\x00', &(0x7f0000000180)='y\x00', 0x2, 0x2) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000f8c7fc0300000000cb6361ff921685602c9a90972d64a451e41d86c20277949d7d8f52ec691459bececb1438624b49e3e8a5dba065f940454c81ac13e5decbbfb4d13d12204ecab4bfbd67b2c20659d2979ba8e29ca86948b67f43d9d9468ada68bafb980d362709332cee37fb4df32ad64c14e94aa8394f760eab56d2a2be251f665de80246fe2bc63ca72ca4586b4e584830efbe971d35f5a9cac6da540d4bf70b1ccd17a510015178bbe37c056a06a0061bbe1183224bd80d347005af77c3f35775ee348d37023b9a90178463d23ebb39fd29"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2035.248491][ T9834] GDTR: limit=0x000007ff, base=0x0000000000001000 14:40:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="1c000000e8ff0080042ddb84fc7e6db53ca58bf65d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2035.276301][ T9868] binder_alloc: 9853: binder_alloc_buf, no vma [ 2035.294494][ T9834] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 14:40:41 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000080), 0x24f) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000)=0x3ff, 0x4) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf00) 14:40:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x2000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2035.320599][ T9834] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 2035.360876][ T9834] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 2035.394231][ T9834] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 2035.439616][ T9834] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 2035.461367][ T9883] binder: 9874:9883 got transaction with invalid parent offset or type [ 2035.507518][ T9834] Interruptibility = 00000000 ActivityState = 00000000 [ 2035.519057][ T9890] binder_alloc: binder_alloc_mmap_handler: 9874 20000000-20002000 already mapped failed -16 [ 2035.537461][ T9834] *** Host State *** [ 2035.541900][ T9883] binder: BINDER_SET_CONTEXT_MGR already set [ 2035.556319][ T9834] RIP = 0xffffffff811b40b0 RSP = 0xffff8880970578e0 [ 2035.566347][ T9883] binder: 9874:9883 ioctl 40046207 0 returned -16 [ 2035.586484][ T9890] binder_alloc: 9874: binder_alloc_buf, no vma [ 2035.597791][ T9834] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 2035.611951][ T9834] FSBase=00007fad0b08d700 GSBase=ffff8880ae800000 TRBase=fffffe0000003000 [ 2035.634660][ T9834] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 2035.645053][ T9834] CR0=0000000080050033 CR3=0000000099f77000 CR4=00000000001426f0 [ 2035.659182][ T9834] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360 [ 2035.666841][ T9834] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 2035.686272][ T9834] *** Control State *** [ 2035.690643][ T9834] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 2035.716152][ T9834] EntryControls=0000d1ff ExitControls=002fefff [ 2035.736185][ T9834] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 2035.743970][ T9834] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 2035.753418][ T9834] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 14:40:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0xff, 0x2000) getsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000000c0), &(0x7f0000000180)=0xb) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:41 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000000)={0x7fff, 0xf6a4, 0x5, 0x3, 0x4, 0x48ec8f21, 0x6, 0x280e, 0x0, 0x5, 0xffffffffffff8000}, 0xb) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:41 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in=@local, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@ipv4}}, &(0x7f0000000200)=0xe8) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'sit0\x00', r3}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf7e) 14:40:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x3000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_GET_NR_MMU_PAGES(r1, 0xae45, 0xfff) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2035.760935][ T9834] reason=80000021 qualification=0000000000000000 [ 2035.768612][ T9834] IDTVectoring: info=00000000 errcode=00000000 [ 2035.774914][ T9834] TSC Offset = 0xfffffbbc04b4bf69 [ 2035.780157][ T9834] EPT pointer = 0x00000000921a501e [ 2035.888070][ T9901] binder: BINDER_SET_CONTEXT_MGR already set [ 2035.894144][ T9901] binder: 9894:9901 ioctl 40046207 0 returned -16 14:40:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x3f00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2036.007813][ T9905] *** Guest State *** [ 2036.029881][ T9905] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 2036.078212][ T9905] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 2036.095391][ T9905] CR3 = 0x0000000000000000 [ 2036.104675][ T9905] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 14:40:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x3, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="5c5a13747cd94b0000d5184c294f73910aee9ff8a7871ff7eba794a361d9539bb8b84bda0b96ed0000008da522e53000000800c39b49ca7d9f7baa294b5505c89faeae7bc29e49b7283d9f893b4025bbfd3716ed34729b96ce0a95c3c9472edb9dd9853405af1f2cb9bd558ccff757808a6b97f604be1c45333591c4b3e3dddcb221c3c9d42cca1c44470c02"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = semget(0x1, 0x3, 0x80) r4 = open(&(0x7f0000000080)='./file0\x00', 0x585000, 0x0) semop(r3, &(0x7f00000000c0)=[{0x2, 0xffff, 0x1800}, {0x4, 0x86cd, 0x1800}, {0x1, 0x8, 0x1000}, {0x7, 0x80, 0xde5582a739d366ce}, {0x1, 0xfffffffffffffce2, 0x1800}], 0x5) r5 = fcntl$dupfd(r0, 0x406, r1) ioctl$CAPI_GET_FLAGS(r5, 0x80044323, &(0x7f0000000040)) recvfrom$unix(r4, &(0x7f0000000180)=""/160, 0xa0, 0x40002020, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1100) [ 2036.140291][ T9905] RFLAGS=0x00000002 DR7 = 0x0000000000000400 14:40:42 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1cfa234e0f12556ca6060a9994d2ce533cc88b5d69905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2036.186323][ T9905] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 2036.201779][ T9916] binder: BINDER_SET_CONTEXT_MGR already set [ 2036.216349][ T9905] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 2036.230394][ T9916] binder: 9915:9916 ioctl 40046207 0 returned -16 [ 2036.236175][ T9920] binder_alloc: 9915: binder_alloc_buf, no vma [ 2036.247705][ T9905] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2036.296741][ T9905] SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 [ 2036.309352][ T9905] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2036.328604][ T9905] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 14:40:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x4800000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2036.345768][ T9905] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 14:40:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1200) [ 2036.407741][ T9905] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 2036.450437][ T9905] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 2036.479023][ T9905] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 2036.496528][ T9905] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 2036.520361][ T9936] binder_alloc: 9932: binder_alloc_buf, no vma [ 2036.520478][ T9935] binder: BINDER_SET_CONTEXT_MGR already set [ 2036.556286][ T9905] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 2036.563647][ T9935] binder: 9932:9935 ioctl 40046207 0 returned -16 [ 2036.570707][ T9905] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 2036.584994][ T9905] Interruptibility = 00000000 ActivityState = 00000000 [ 2036.600292][ T9905] *** Host State *** [ 2036.604392][ T9905] RIP = 0xffffffff811b40b0 RSP = 0xffff88804c41f8e0 [ 2036.621644][ T9905] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 2036.636200][ T9905] FSBase=00007fad0b08d700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000 [ 2036.653845][ T9905] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 2036.662823][ T9905] CR0=0000000080050033 CR3=0000000092255000 CR4=00000000001426e0 [ 2036.671019][ T9905] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff87201360 [ 2036.678854][ T9905] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 2036.685829][ T9905] *** Control State *** [ 2036.690667][ T9905] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 2036.698505][ T9905] EntryControls=0000d1ff ExitControls=002fefff [ 2036.704913][ T9905] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 2036.713229][ T9905] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 2036.721050][ T9905] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 2036.728844][ T9905] reason=80000021 qualification=0000000000000000 [ 2036.739036][ T9905] IDTVectoring: info=00000000 errcode=00000000 [ 2036.756431][ T9905] TSC Offset = 0xfffffbbb50de6abe [ 2036.776138][ T9905] EPT pointer = 0x0000000086ec801e 14:40:42 executing program 0: r0 = syz_open_dev$midi(&(0x7f0000000180)='/dev/midi#\x00', 0xffffffffffffffc1, 0x100) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x40000, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000000100)={0x1000, 0x36335f59, 0x3, @discrete={0xffffffff7fffffff}}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000040)={0x2000000000000, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000000000000"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) prctl$PR_SVE_GET_VL(0x33, 0x1c460) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f0000000040)={0x40, 0x6}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f00000000c0)={0x0, 0x0, 0x3, 0x2, {0xffffffffffffffff, 0x2, 0x6, 0x4a5ca4bc}}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:42 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) memfd_create(&(0x7f0000000000)='ppp0cpuset\x00', 0x6) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x4c00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:42 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1c100000e8ff8080042db984fc7e6db53ca58b5d56020017f9ebcbbe6881cc38aa7234e9580053cb7876d65527061fc43973b18c6265e5368ff8f764898f457ffb1784ea2373b057c0974a06f0311eb9b42fb6832433d04556f8c82e24ea925d811b9ae5615e2aed26fcefb4e595017a181a22d6f970459459803ddeb4bdd3913a3ce2e414426b464297f851953713e100f1bab518d4dd701d77c8a9af207489a22a687edfdf31aa9691b0c1cce055923f2557a8441eec781cf373c4b2e0a2f7f2baef935271cc893d52a6461dc6ae1cab04eca9c67219877fd5cf231af67900000000000000000000000000000000"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r3 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x2, 0x4040) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r3, 0x4020565b, &(0x7f0000000180)={0x8001001, 0x2, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1300) [ 2036.927420][ T9949] binder_transaction: 3 callbacks suppressed [ 2036.927429][ T9949] binder: 9947:9949 got transaction with invalid parent offset or type [ 2037.016402][ T9949] binder_transaction: 13 callbacks suppressed [ 2037.016432][ T9949] binder: 9947:9949 transaction failed 29201/-22, size 40-8 line 3317 [ 2037.044708][ T9965] binder_alloc_mmap_handler: 3 callbacks suppressed [ 2037.044724][ T9965] binder_alloc: binder_alloc_mmap_handler: 9947 20000000-20002000 already mapped failed -16 14:40:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2037.089908][ T9949] binder: BINDER_SET_CONTEXT_MGR already set [ 2037.106680][ T9949] binder: 9947:9949 ioctl 40046207 0 returned -16 14:40:42 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10007, 0x2, 0x1d000, 0x2000, &(0x7f000000b000/0x2000)=nil}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x8a1, 0x40002) ioctl$PERF_EVENT_IOC_DISABLE(r3, 0x2401, 0x3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2037.144822][ T9968] binder_alloc: 9947: binder_alloc_buf, no vma [ 2037.163811][ T9968] binder: 9947:9968 transaction failed 29189/-3, size 40-8 line 3147 14:40:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1400) [ 2037.222693][T13966] binder_release_work: 13 callbacks suppressed [ 2037.222701][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2037.231905][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x6000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="6558137c7c0100d518244e76f3722a5673904118684253d372346287d21fbf6ef038b892240bbd940a246d1cec647b3c0e21dddadadb09f6e1077b7c9bff9ea567a23af159f1fe0605f2c6a33a20beb30aa0ec244545fb8f757ef04fcf3dd8176a238abac129b4ae8518758102a0aaee19ff9f01c1aa29b210d46d8a35a13d6e398750d265c49e8fe6b3da5f614ce9a2cc34743baac1e1f5759fd1d54db46fbe58bf04772a2b5eaa6647eec85e9821acb5252c021af55cf0443ed2a2bb0e2774979e46fce99addceca27f5291ddb4fb5ba47f8a04b3a17c4a98df8f4b35edf702146157248"], 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r3 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x3, 0x2) inotify_add_watch(r3, &(0x7f00000000c0)='./file0\x00', 0x40000120) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2037.433431][ T9985] binder: 9980:9985 got transaction with invalid parent offset or type [ 2037.486932][ T9985] binder: 9980:9985 transaction failed 29201/-22, size 40-8 line 3317 [ 2037.510934][ T9989] binder_alloc: binder_alloc_mmap_handler: 9980 20000000-20002000 already mapped failed -16 14:40:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1500) 14:40:43 executing program 1: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff) fsetxattr(r0, &(0x7f0000000100)=@known='trusted.overlay.impure\x00', &(0x7f0000000200)='\x00', 0x1, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000040)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56146e17f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2037.571030][ T9985] binder: BINDER_SET_CONTEXT_MGR already set [ 2037.606794][ T9985] binder: 9980:9985 ioctl 40046207 0 returned -16 [ 2037.636567][ T9992] binder_alloc: 9980: binder_alloc_buf, no vma [ 2037.648655][ T9992] binder: 9980:9992 transaction failed 29189/-3, size 40-8 line 3147 [ 2037.672890][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2037.681669][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:43 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x7, 0x80) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e20, @multicast1}}}, &(0x7f00000000c0)=0x84) setsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000240)={r4}, 0x8) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f00000003c0)={0xee, 0x3, 0x3, 0x4, &(0x7f0000000300)=[{}, {}, {}]}) r5 = getpgrp(0xffffffffffffffff) fcntl$setown(r0, 0x8, r5) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$SG_SET_DEBUG(r3, 0x227e, &(0x7f0000000280)=0x1) 14:40:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x6800000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="3c5813743f4e8000184fa8661be24cf6761aaea4e665e057bfc8df6779ec829028f48b119a9ec443481e7e95fef803f27b9e71cfca6b6dce2bb3a2448ef6bf3461d6657917406d3f96e62f83d339002bdc93e0e92efdd19c066b426346bf3ad313c3a050b48d04c17bd72841c26e7b610a8ca8"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1ff, 0x1, 0x7000, 0x1000, &(0x7f000000e000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1600) [ 2037.889444][T10010] binder: 10008:10010 got transaction with invalid parent offset or type 14:40:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c18005117f900000000000000000000a5ee00000000"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2037.971289][T10010] binder: 10008:10010 transaction failed 29201/-22, size 40-8 line 3317 [ 2038.020102][T10023] binder_alloc: binder_alloc_mmap_handler: 10008 20000000-20002000 already mapped failed -16 [ 2038.049888][T10010] binder: BINDER_SET_CONTEXT_MGR already set [ 2038.072710][T10010] binder: 10008:10010 ioctl 40046207 0 returned -16 14:40:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x6c00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2038.116873][T10023] binder_alloc: 10008: binder_alloc_buf, no vma [ 2038.123404][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2038.131627][T10023] binder: 10008:10023 transaction failed 29189/-3, size 40-8 line 3147 [ 2038.156944][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1700) 14:40:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x4000, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r3, 0xc034564b, &(0x7f00000000c0)={0x4, 0x7777737f, 0x80000000, 0x800, 0x1, @discrete={0x7, 0x7}}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5184cf676"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0xfffffffffffffffd, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) clone(0x800, &(0x7f0000000300)="f057336fd9eb4cde42776622e189dd7b7fa724c19aa9d092f8b55ad68590491320785df82bd5cfa18a5b33514cb883da60a7717511e572a61427e321b7d6ea4ac61a42a0ab9e5b9ec231239696071dfcea873a1312b7e2ac686e112be3cd446cfc9eb38ed38e421f6e5591573228e6d656ae188c901d2a79b52930f16e5f14", &(0x7f0000000280), &(0x7f0000000380), &(0x7f00000003c0)="831a0ca5293afe47db9fd84eb4b5b7ed679a031cdc5f205a3c7593e438afa95def0340d3f300f68312cba110656f2f") r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000000180)=""/195, &(0x7f0000000040)=0xc3) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2038.269011][T10033] binder: 10032:10033 got transaction with invalid parent offset or type [ 2038.302928][T10033] binder: 10032:10033 transaction failed 29201/-22, size 40-8 line 3317 [ 2038.363429][T10037] binder_alloc: binder_alloc_mmap_handler: 10032 20000000-20002000 already mapped failed -16 [ 2038.407884][T10033] binder: BINDER_SET_CONTEXT_MGR already set [ 2038.431766][T10033] binder: 10032:10033 ioctl 40046207 0 returned -16 [ 2038.475488][T10049] binder_alloc: 10032: binder_alloc_buf, no vma [ 2038.518737][T10049] binder: 10032:10049 transaction failed 29189/-3, size 40-8 line 3147 14:40:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1800) [ 2038.567424][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2038.583198][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:46 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x8000000001001ffd) 14:40:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1c000800000000000070316a4527007de72a0a75b6b89001ef9dc3aaf38ed53ddb2d4ea4deef177554b809c40f264f238c4857cf2ebac5de99355582a1988a"], 0x0) r3 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x5, 0x101000) ioctl$RTC_VL_READ(r3, 0x80047013, &(0x7f0000000240)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r4 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x81, 0x402000) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r4, 0x80845663, &(0x7f0000000180)) ioctl$KVM_NMI(r2, 0xae9a) mkdirat$cgroup(r4, &(0x7f0000000280)='syz0\x00', 0x1ff) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x200, 0x100) io_setup(0x4, &(0x7f0000000340)=0x0) io_pgetevents(r5, 0x8, 0x2, &(0x7f0000000380)=[{}, {}], 0x0, 0x0) 14:40:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:46 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mkdir(&(0x7f00000001c0)='./file0\x00', 0x12a) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d10be029ed9bc5690"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x3, 0x2) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000180)=0x1b, 0x4) 14:40:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x7400000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1900) [ 2040.997326][T10065] binder: 10060:10065 got transaction with invalid parent offset or type [ 2041.043353][T10065] binder: 10060:10065 transaction failed 29201/-22, size 40-8 line 3317 14:40:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1a00) [ 2041.122915][T10078] binder_alloc: binder_alloc_mmap_handler: 10060 20000000-20002000 already mapped failed -16 [ 2041.187429][T10065] binder: BINDER_SET_CONTEXT_MGR already set 14:40:47 executing program 2: getpeername$packet(0xffffffffffffffff, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(0xffffffffffffffff, 0x8030ae7c, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000680)='/dev/swradio#\x00', 0x0, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'vcan0\x00'}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x4) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000380)={0x1, 0xc, 0x1, r1}) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000500)={0x0, 0x5, 0x3, 0x6}, &(0x7f0000000540)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, 0x0, &(0x7f0000000740)) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, 0x0, 0x0) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000a00)={0x0, 0x6, 0x30, 0x9, 0x3}, &(0x7f0000000a40)=0x18) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) [ 2041.230708][T10065] binder: 10060:10065 ioctl 40046207 0 returned -16 [ 2041.230790][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1c581374af1eeac7e07f108b63b709c9751799ae6b9d1114fd83994eb9b0c63af1acebba4b6c5b53ce5735fb985408f2ca6dfaea596d6843e1fabf895114cd9e5e7887782c20b9b224eff0479514430d69b72ea8613d2f5856eddfaaac1e2e34bab084115e44a19edd5b8e04b2e987810cd831c106d262abe55a5eeebe24d9994d77e1b83b52749a681c4812f0ab1fab4133b63b6a71db51d0"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x7a00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1b00) [ 2041.473407][T10099] binder: 10094:10099 got transaction with invalid parent offset or type [ 2041.537005][T10099] binder: 10094:10099 transaction failed 29201/-22, size 40-8 line 3317 [ 2041.579509][T10104] binder_alloc: binder_alloc_mmap_handler: 10094 20000000-20002000 already mapped failed -16 [ 2041.606432][T10099] binder: BINDER_SET_CONTEXT_MGR already set [ 2041.613591][T10104] binder_alloc: 10094: binder_alloc_buf, no vma [ 2041.634752][T10099] binder: 10094:10099 ioctl 40046207 0 returned -16 [ 2041.641966][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:40:47 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x800) symlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') 14:40:47 executing program 2: getpeername$packet(0xffffffffffffffff, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(0xffffffffffffffff, 0x8030ae7c, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000680)='/dev/swradio#\x00', 0x0, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'vcan0\x00'}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x4) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000380)={0x1, 0xc, 0x1, r1}) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000500)={0x0, 0x5, 0x3, 0x6}, &(0x7f0000000540)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, 0x0, &(0x7f0000000740)) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, 0x0, 0x0) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000a00)={0x0, 0x6, 0x30, 0x9, 0x3}, &(0x7f0000000a40)=0x18) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) 14:40:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x8000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x42000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000200)='nr0\x00') r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="e80a2d000000e8c3a6ff0080042db9848b5d5690ae"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r4 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x13c, 0x800) sendmsg$xdp(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="81bcde2c27ceff52ae31201488de6991846ba5331ba9ff709c5d89203d480ae62934a1c7f20b2f1f9cd7c4d255965e93b062c4b6127a47334ea929164cf5ec4b0113a75afe2c0f1b98a0f4275405be072529cd6dd05f11efec5ad763f4b995c0b156c003467a4307bb53fb3fba3cd35a9cb1cc97503a9cfc64d3c04edf4b5b1a701f740ff84b757de6553642d1cded2ab2137ce7196563ebcef65c99371eda66c2c83e1f0154640c142094646eb4127157f1485f26572e8abef7eb10bd75fc932b78469d514d10d996f1f800e3a00675fa0c95ba860932f90426401be3bc025545a26a42d0472eb84117d4f6177bd3381940f3d94deca107659dddc9af6292fb07b73eb259bbf9484f0e115d1f694bff8e5f4afbc16ca758a37770a1f1ee70af78bae92249daf909c098ae2d4dde1ccbe01e1b575db317d0745ffde3ef010c559cbaa0ec12619eb04a37b456db19b50e7f5ca87da4f504bbab6416b2178991fed789a3eb110daa21c189bdbfc66a6eb97c06a2b70a82f563f6a35ecb820c4c8a81f72584ad60f3b01e5e23cbb3ef395c0be97038b003b832a4c93d3f6226644468ddc46da277fa8b994c14bf81df43a0089b950339d81e48a73f24e65ca1214023e29c5ac1237426ac358882b620f8b46d3754b6b3aeda289a44df8d3e64f52aefa051061e7b54168bfb4df986195e439a1bfc936528ce2c9062732c9bb8e10d0bf0028fb5c7145eabfc1e77f6076cc7c4cc58aa90269f96ddd1e79c746bcf2f93c1b3bb169e22ee159e691a8b7a89c53677890c87c141d92d9b4ab4031091dd06369431dfaf7b31102d35a3f264e0f1269111bc57e516e3fbebfc3903470b36ca5e89d04ba347b2eccc789e91801b16697dbcbe94107e477e4aa9fa08d15198ee1ece94c33aa2923abb75b462e19ffcec46ae38fff593425a477470c09f3a3a6fb3436e65bf1f50d399f09244212d8a6d364a95ccb367e7e670b0097917a0f4f7c99fdb7e7ce0d99ca27ede232ffcbef2ef7aed955e20d9fa6c8467ce113b69d4e2464c01282bc17ed186b15a2c8ea73e6c876a6b8166230de79585176180200cd83afde8c934e34d25c6e1e0ae2939fe534f29e7e351d355960ddbedf29a98400b6aa9f7a0ff3687d6d2ca3d7ae1c93c297b39c54998261556b94cd68dcfce68a0b95a53b67a82f00192612fd748ab1ef910e11e81b6e1ceeef7e5068560e7a865446a77502d66f10c491ca34e47999515594b3df3fbeb2a5d6e6a8d013093d1539f05998e193fe02d78f6d9249c31b60a752b47da0a16f2389e65b56f373cb68d33c0999da6de790e9e508a75adba971830e8646a7bcbb4e94c081cd61f051311215ba277d52871a3307773e7d01dfb9a80a95d74e0d77cfb6e01ea6fba7db51773284d880f3e371e383757086d4652451bf750b95bd08abc11e9d7bf70f78502d92ae2660dff6f22a616645a0289bca1dc74d60612dc23710b238201ef4d1b9bad114d5c0afd09de19c3fce5a708cf94c11d57d2c99a7a6663112e32a5d06a8e3099b51a5f2322624f406635d06aea64341f8222e30ae5642e2d1910e4539b2189c5a832e061deec66eded734d24b4000fd49117e60b37d9a9be87727edb5b49d170ea5fe211899477f9e417c7660b5a5f27c6db6746da2ae17c066a01a3684a3b55dbc30b1b4328db91ca95605ecec7498aa6b080a2ca7648a29796ac781821e97c8cac1d68972d88de8937ed8983cfd0b66b21bf53721a9e3848c480be3cc92f43e3ff061b92f2afd1e38a6ba7c36450721ee1cb6986ac8ff8d79143dcf996b481b66f0a2e6a7b4e550a0549de2dd097a6de494ef370202b202d054ff9525b7c5af0b6dfaf7fa2502e537fc0e13c9588426f6d36056a8d45e8d4384f7beb16e1c2468293476b0118be3dbddae33cf2f99c1b1b3d6d0bb7e767a1e656dd4225621ce9b706312fac450edc4349e3a6eb4a71a9fa0636f8ebc853df870b8d2f1ea90775914d6de10aa4e738693cbb04d68396b98285f76743e14e86b4e53006c4b4b3de415d58486d8c11534f16209c782c59d691a5da093b0ee1172a7d08c31232c1dad41672af1392ebf1de30428d726c266f889847c5069815dfb9cbbedd23d569458560a081eb11775ce4f636c8b1f5761eee16f853315864401bc72234f625e910c4c0457825fc1a6e844cdbf52a7f18eb323bbf18b6836a2c2a0b5def4f2b3a1eb371bf97a0979f08fd234a94d205dacfd18e5caaeea43b9e0dfc76f9b0bed6cb7fab6d23a3c59cf0427fa1c0070d317ca1531e037ceaef7daeb560e5161cdb03281bad8fb2cd4cc1a36f127e1f993823fc9429a23bcfc810cb90657e54fc97ceb4f80f1411afc5388790da21f03c01d93e2bc8d4451bd31add3aa64a347038b018a6a859b7834783571ed0953ae437d6c24b43bc769aa52237a2b141253ed58cb7f384c76f28fb54644e3209d2e7c3d9c0df4e4c59d21a5e70b98b8b5ee25685519921db3dff7d2ca71fd6193d4b9c44adcc3bca636718e25e885e810407d03a2a095a212ec323faa07995ea7d81cc9a91678abbc0c794b01bfd65fcdea70bc5089ad3eca0940ca219b48e2dbf05975cde07e4da35d9df6488bc5f13c316e9dad5ec204f59c087c509b4c0da4923dcb797e8321ab39b9c2e331f79387488c4a186cfbd9952d2f5f5c68ce2307dbdfb25511c8ccdbad2fb52119dc16dfb7a8aef03ab14ccf36a2348d0accdfb06976c0504b9639c59fa84fd87027cf102b382836c8696caed035990f4c1769944d08b53ed86b15f411e252ed93561f5f757cdefdcf37bef028576e96b1a499d8b97e8d092edeb6f90c208835ff27e50b2da5c54272ec158f0400a839a2bbe610ef59bd90b480165bc8b863212d8259bcef029dda20514a85674ba67f87e24d7ae5dde62e00412952f10da4d77a93da81c3f5ba0b004169e4eacb973e05d8bd7680416935d505fd985b674c66ed891b202284a1cbc7e88cfecac35c45abf8511093a34d7f0ce3f51a8be00a28d2ce8b7003333a178dd615717cd0a217b0e14a3b78d74f6dc45e7741dbdff1f00247c315bb8dbae9611b32d645adaf9755b319472d6495b7d605502702f08304446a67db9dc63ebb172dd0662f6eac67c29c383fe342f23d78b8a13b4dc80074555a78db61fd4b46f9a15632d8ee0c89eebb3818f307ac9840696b7bfcb95427ad1999d9923659dc9a101fd1f55fb8f133a136f8db3b39b80ef030674c45ae8bd4176f2d247a5b47fb3a2b8e8040fde51e26d608005c7ec29e5c28b43fc96f209a9bf4a1584ea955564cc82be2a653f9ca9b2108fe0181c80ff506f70690a292c6be9eab9bf8a682c7f2b9cd902e21ce544f1cefd9f6df7e8f848eb36048e944cb8418919d9755fe14aef6e14cbb8a11c22166638cccdc4080299221fac7d251ee10bf24ac2527c91af3288082a5f19d38f513b37f314b9b57aece80643be63b5d56ff5aa5bb01e479eafafc2f7f412e50521efa19694fad4e38c90a2ff251ee6f662370cc3d5b5f39425dce6a9d247942885254ab14525d0fb68d03529e0f1665f59aefb191f7e7598d28a22e21366ee47cc9f35062969562c3e5bf7a3528292902b16220f37202216b9f009cd554faa34dabac35d9b933a3013e4d60d33e813b2d864b84df5a3dfa5d4c410bae5020d53464be1fe547c8241d45c44c6adc4311bfa65eaec353f4b415841af7beda555eacdf8df559895b12ee4e8286034f5f40be0bfbf277c0ffdfda19f60f06b86127090efe7f73b5564f3e01e7eef19304a59ca33a5946d7ec81ea1e7cfd81f5e83aab874f76156b0cdf189b73e7df0cdf165415464820fd1373e49d8953c0818223be7782fdf33a1ed87ef586dc39a823fcdbd2123d4370dd8363aa45dad20a02dfa9919c580bab2fbdb084299e5c9d26b1059e1dd265fdb378429cc2a1022564d98f4cc8544749ddeca9b42b92b1258ad95c5867c98f2dadb3433a051e269cfac55132a4a52330eabac2a6ecd8ad49ba451c290da97120a2e4f944172b6d6d1d4c7336794331779aa765c9490a6fc5fd3a6f0e06f469b1d1e843ff3b13f56c1ff448a88189d88b52f4e48cc050a64aae6cbdd9f3f8509174954e6cded373e85d7616c60c58613a5f5bf89e49cf6e37530d2bba573d18d91ba30769e48e32eb6dafd695a13beb0ed7e198e1250da024cc96c94723381c98330f98d62b9219ad612e2333ff3d17af8ca802a80dc23d054d163c40052a43f14ecdcf504242665b7a45533f6eef0993f1071585a50dbd33f8238ede4dc18fd4b622d63116df9fe9d62bc4b91d4f2e01556236c2f10e874d82bbc8d9f283563bc3b8e7a5e3aae3df75ecf85661c1193c7be68c4d6a0770050c50e8d1fed200727a3d18910189fd168c32a760c411fbde206961fca6a53a83c312e762f80b4b18c127c007e76a30deba7a04626e798b0f24a5cdf379604c2e9512a5aad9750beaacce93f529a5a590edfc085a1fdda1843485d38bcdb20205238b0c625aeba2af34aca849a9f81f9f0c9771e9da4c84e10d28e8dba65f6a85fd1d562544648fdfc2ed65a3d8d3d7f5737976473c8cb177bb115e2b6c2ed168ee1f3a1f3676fe177f66b208a7148aae3c56153abf88dfaa308ccfb74f33d57af106e88d98a5b6f625eb15827326f3956e93aace44632c8ca3cebe4a28e5ec7ef02a411b013e4c418549ffc016b180196131235bd7f5bd750432be6e821d5307cc51bf0a83b531e6bfdf90c2283c0182d4a5f2853a0a8d30202ab1322f6e2723d781d0b5333a1faf5672f624adb8ca9f5d425fafb73f4528f57adbfb9a988fcba806c27c2beda738b277dfd311900d46e3f6455a5ffcb5f6a56f6570ddc6ff5fe5fa1505f3910e54693dc9eab73b1f1f4196c175b58c634d46aa75e15419be1cc96ba588de340e56c9412823efabbb7a8a45c5d7af1cefd2d4a77a35f47f1e865231537a4f8d1e261cf97e2cfed0173eef04e5466797b15d6377f50bc8154bedbb58007c67d851eb4d47e6a445821f432ad7ac89c973b49ed7becc3a90134bb02c37daddf6610b5f9c3ca4e9ec32834dad236e304818ddd8e997f20d9253b6cd3fad7128762be70c32d392f0a0f868cd4d2f911df99d5932edc56535cfd56009a663844046b9df4353066bd811cf47fd5fac4aee04613b65018d35e72334f64d5b262c42231d7b18d1dd10bfa67e7805a8906d344d452a131f3eb549da81a509a7dcc8443c507f2023be00770adaed7b928d6ae927ef7f3ecdcb2a709fe1cee2322909b97100a5247516a26d4b94e87896ddce04026943330c974491943bca408d3fe0af5cbb079ca168ac93ebaa100c826a8b6357e11152bbe0854bdf00d53ab9eb7730321a36e60a0bc19ef3e7a448753d41dac8ecb95f1436139cf3a0181c6070fce0fe4953778c4d62a51e7818cf39a27f176aa7d8b660ea581108cdab716cd732a4b746305d3fab90a9122d01e31354d830a155c62789029ae224866369c435bd29c3b0837f2df357e85cb36ade9d5121d8b373468312114084bdfe3e482790b74c1c50a2b0bf014d5ca8b34e678e7e71f447e0828f4b804ba2dcf976446757aae0e97f2bd9f2aff0ed75ec0489bfaa51f24eb980af4ae4e02fd5220eb50d6332ae13379ec5a1b3ffd8295a812c3481d8b0f8c629aa9f41024d05db50908f5949f9e1a9a1f5aaec7a5631a172be46c28a409c12b1ad0c06e97a5adb09f606a7608f0456458a8085db3c86fe2026d18b612ccc95678d907fed15a8b2047da42ab62", 0x1000}, {&(0x7f0000001300)="382a03c5a0338bf2a92522648ac0dee2c282ef68357142d0e6af08d1ccea478dde5bfef1756f12ffc9a86422daa3c689393c534a768be5e0acd4b23d140190341136f7fa6d06443c98e3170bf76ad784f6b2dea3df80ba8739706782f1839bed2d2cfb6fb2cb7414bdb6b95d10f64fa299c58a11", 0x74}, {&(0x7f00000001c0)="f708e04ffa", 0x5}], 0x3, 0x0, 0x0, 0x20000000}, 0x4004000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000080)="c4e1a5d130c4e17d7f6fe8f0812a0000000036660f2b784266b88f008ee00f08c4e1fe1299fd9c000078a5b9500200000f32c4e189d3ac8c0001c0fe", 0x3c}], 0x1, 0x40, &(0x7f00000001c0), 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 14:40:47 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) 14:40:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1c00) [ 2041.947400][T10120] binder: 10117:10120 got transaction with invalid parent offset or type 14:40:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x80000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000180)=0x4) [ 2042.008839][T10127] binder_alloc: binder_alloc_mmap_handler: 10117 20000000-20002000 already mapped failed -16 [ 2042.022899][T10120] binder: BINDER_SET_CONTEXT_MGR already set 14:40:47 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x6000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000800)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000400)={'vcan0\x00'}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000500)={0x0, 0x5, 0x0, 0x6}, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f00000006c0), 0x10) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000780)={&(0x7f0000000000)=""/17, 0x2000, 0x1000}, 0x18) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, &(0x7f0000000a40)) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) [ 2042.087283][T10120] binder: 10117:10120 ioctl 40046207 0 returned -16 [ 2042.092494][T10134] binder_alloc: 10117: binder_alloc_buf, no vma 14:40:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1d00) [ 2042.166456][T10134] binder_transaction: 2 callbacks suppressed [ 2042.166475][T10134] binder: 10117:10134 transaction failed 29189/-3, size 40-8 line 3147 14:40:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1c000000e8ff0090042db984fc7e6db53ca58b5d56905117f9c2dfce3a5b6bd01ff1d2f5e615851470f5eaca042d7ab230d1fa7dc4250d40bce63df0b87b000b8cb8de0f930ec9d873f1bccb134602654e7d6bb2a8b0f16b6911b32d55b0c7de44548569c736180887e73850355baf66b2e45e0525fdb34e23d61b9dc9432ed28aa912a9b4b622eb889520a5029e4cdee3f030fa7c242d5a5570"], 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$peek(0x3, r3, &(0x7f0000000240)) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0xfdfdffff00000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:48 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x6000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000800)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000400)={'vcan0\x00'}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000500)={0x0, 0x5, 0x0, 0x6}, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f00000006c0), 0x10) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000780)={&(0x7f0000000000)=""/17, 0x2000, 0x1000}, 0x18) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, &(0x7f0000000a40)) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) [ 2042.433210][T10152] binder: 10150:10152 got transaction with invalid parent offset or type [ 2042.471347][T10152] binder: 10150:10152 transaction failed 29201/-22, size 40-8 line 3317 [ 2042.511398][T10155] binder_alloc: binder_alloc_mmap_handler: 10150 20000000-20002000 already mapped failed -16 [ 2042.579951][T10152] binder: BINDER_SET_CONTEXT_MGR already set [ 2042.591180][T10152] binder: 10150:10152 ioctl 40046207 0 returned -16 [ 2042.591228][T10158] binder_alloc: 10150: binder_alloc_buf, no vma [ 2042.622253][T10158] binder: 10150:10158 transaction failed 29189/-3, size 40-8 line 3147 [ 2042.643400][T13966] binder_release_work: 3 callbacks suppressed [ 2042.643408][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2042.662465][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:50 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r0, 0x4040aea0, &(0x7f0000000180)={0x2, 0x80000001, 0xaf7, 0x0, 0x5271ea07, 0x6, 0x7ff, 0xc0000000000000, 0x2, 0x8, 0x80, 0x8, 0x0, 0x1f, 0x2, 0x3f, 0x5, 0x4, 0x1}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x800001) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="1c5813747c7d465188703f5cb3be0000d5"], 0x0) syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0xc0000, 0x480440) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1e00) 14:40:50 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000040)={0x3, [0x7, 0x419, 0x9]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:50 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x6000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000800)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000400)={'vcan0\x00'}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000500)={0x0, 0x5, 0x0, 0x6}, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f00000006c0), 0x10) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000780)={&(0x7f0000000000)=""/17, 0x2000, 0x1000}, 0x18) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, &(0x7f0000000a40)) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) 14:40:50 executing program 4: r0 = syz_open_dev$cec(&(0x7f0000000140)='/dev/cec#\x00', 0x3, 0x2) r1 = getpgid(0x0) stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f00000002c0)={0x1ffe40000000000, 0x1, r1, 0x0, r2, 0x0, 0x8, 0x8}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r3, &(0x7f0000000240), 0x1c) r4 = dup2(r3, r3) connect$ax25(r4, &(0x7f0000000000)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000340)=0x2, 0x4) r5 = gettid() setsockopt$inet6_buf(r3, 0x29, 0x10, 0x0, 0x0) ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x1) ioctl$KVM_GET_DEBUGREGS(r4, 0x8080aea1, &(0x7f0000000080)) fcntl$setstatus(r3, 0x4, 0x2000) 14:40:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0xffffffff00000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2044.999527][T10170] binder: 10169:10170 got transaction with invalid parent offset or type 14:40:50 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = creat(&(0x7f0000000480)='./file0\x00', 0x42) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r1, 0x40505330, &(0x7f00000004c0)={{0x20, 0x8}, {0xb1, 0x1}, 0x2, 0x7, 0x8}) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() r4 = msgget$private(0x0, 0x11) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6}}, &(0x7f0000000200)=0xe8) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) msgctl$IPC_SET(r4, 0x1, &(0x7f0000000340)={{0x9, r5, r6, r7, r8, 0x0, 0x5}, 0xb9, 0x7, 0x7fffffff, 0x1, 0x1, 0xf2af, r3, r3}) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f00000003c0)={0x0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000400)={0x0, 0x80000, r2}) ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000440)={r9, r10, 0x8001}) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2045.045880][T10170] binder: 10169:10170 transaction failed 29201/-22, size 40-8 line 3317 [ 2045.122153][T10180] binder_alloc: binder_alloc_mmap_handler: 10169 20000000-20002000 already mapped failed -16 14:40:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x10a000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1f00) [ 2045.166006][T10170] binder: BINDER_SET_CONTEXT_MGR already set 14:40:51 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x6000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000800)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000400)={'vcan0\x00'}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000500)={0x0, 0x5, 0x0, 0x6}, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r2, 0x28, 0x6, &(0x7f00000006c0), 0x10) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000780)={&(0x7f0000000000)=""/17, 0x2000, 0x1000}, 0x18) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, &(0x7f0000000a40)) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) [ 2045.215723][T10170] binder: 10169:10170 ioctl 40046207 0 returned -16 [ 2045.215802][T10185] binder_alloc: 10169: binder_alloc_buf, no vma [ 2045.266678][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:40:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socket$inet(0x2, 0xa, 0x4) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x800004, 0x1, 0x7000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = syz_open_dev$amidi(&(0x7f0000000200)='/dev/amidi#\x00', 0x72cb, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc0200000000000000b051175832fc5af6214e4389c3db8571f9fb1b1467a4c8361b808a276d48a45d53a0b2a3038360ae4caf5405c1fa171b1e477fd3c31e72a4ee53bf0df2d8cac7c4d64d04aaab0ad1d6170550291a386391eb24be7a3797e8f682a5640000000000000000000000"], 0x0) io_setup(0xe3, &(0x7f0000000080)=0x0) io_destroy(r4) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$VT_DISALLOCATE(r3, 0x5608) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='io\x00') ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f0000000180)={0x4, 0x8, 0x3, 0x0, 0xf}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2045.338818][T10185] binder: 10169:10185 transaction failed 29189/-3, size 40-8 line 3147 [ 2045.366433][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x2}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2100) 14:40:51 executing program 2: pipe(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read$FUSE(r0, &(0x7f0000002740), 0xfffffe2b) 14:40:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vsock\x00', 0x40, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20111}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, r4, 0x10, 0x70bd28, 0x25dfdbfc, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @l2={'ib', 0x3a, 'vxcan1\x00'}}}, ["", "", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8044) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x3}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f0000000180)={r6, 0x3, 0x6, [0x6, 0x764ac0000, 0xee2, 0x6, 0x2, 0x6c]}, &(0x7f00000001c0)=0x14) [ 2045.487311][T10201] binder: 10200:10201 got transaction with invalid parent offset or type [ 2045.522971][T10201] binder: 10200:10201 transaction failed 29201/-22, size 40-8 line 3317 [ 2045.585979][T10208] binder_alloc: binder_alloc_mmap_handler: 10200 20000000-20002000 already mapped failed -16 [ 2045.640892][T10201] binder: BINDER_SET_CONTEXT_MGR already set [ 2045.659780][T10201] binder: 10200:10201 ioctl 40046207 0 returned -16 [ 2045.693456][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2045.704947][T10208] binder: 10200:10208 transaction failed 29189/-22, size 40-8 line 2994 14:40:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2300) 14:40:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000080)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2045.792889][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x3}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2045.913241][T10227] binder: 10226:10227 got transaction with invalid parent offset or type [ 2045.935572][T10227] binder: 10226:10227 transaction failed 29201/-22, size 40-8 line 3317 [ 2045.964582][T10228] binder_alloc: binder_alloc_mmap_handler: 10226 20000000-20002000 already mapped failed -16 [ 2046.013723][T10227] binder: BINDER_SET_CONTEXT_MGR already set [ 2046.043673][T10227] binder: 10226:10227 ioctl 40046207 0 returned -16 [ 2046.065731][T10231] binder_alloc: 10226: binder_alloc_buf, no vma [ 2046.105446][T10231] binder: 10226:10231 transaction failed 29189/-3, size 40-8 line 3147 [ 2046.111004][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2046.147553][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:53 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e24, @loopback}}, 0x1000, 0x66aaf53a, 0x8, 0x9, 0x8}, &(0x7f00000000c0)=0x98) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000100)={r2, 0x2}, 0x8) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x1000000000022) tkill(r3, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x400, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCLINUX4(r1, 0x541c, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2500) 14:40:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = fcntl$dupfd(r0, 0x406, r2) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x440}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x54, r4, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x24, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x71}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x20}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7fffffff}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000090}, 0x20000001) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x400000, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r5, 0x6, 0x15, &(0x7f0000000180), 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x4}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:53 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x2be) [ 2048.209697][T10235] binder: 10234:10235 got transaction with invalid parent offset or type [ 2048.247478][T10235] binder: 10234:10235 transaction failed 29201/-22, size 40-8 line 3317 14:40:54 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x6000) getpeername$packet(r0, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000800)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$can_raw(0x1d, 0x3, 0x1) r1 = syz_open_dev$swradio(&(0x7f0000000680)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) [ 2048.322526][T10247] binder_alloc: binder_alloc_mmap_handler: 10234 20000000-20002000 already mapped failed -16 14:40:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2600) [ 2048.398352][T10235] binder: BINDER_SET_CONTEXT_MGR already set [ 2048.455529][T10235] binder: 10234:10235 ioctl 40046207 0 returned -16 [ 2048.456394][T10260] binder_alloc: 10234: binder_alloc_buf, no vma 14:40:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x7, 0x0) ioctl$sock_netdev_private(r2, 0x89f8, &(0x7f0000000180)="5571d77f02bbcd979367f7bd07ee76f91c5386942e0f525fd216516b9c9ea4caaf8d7a30f54e41adaf3f9de37de6a4dbac69f9e9d73367d201cea3f86c893618ab26b15978a0ab64e5a1bcde44338f2294ea159768c1f6d6667d0b160357049976f6052a4fe409ac4f768d22282889e041d557ee4cb6f17586daeaf2a964146e17cb6e5eabc69666a0a5b915eee33c9b232ecc2e3fe67531fe56d7ba8818c67897a2e26a9a33ccb5d91b02") r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) fstat(r1, &(0x7f0000000500)) recvmmsg(r2, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)=""/24, 0x18}, {&(0x7f0000000300)=""/212, 0xd4}, {&(0x7f0000000280)=""/64, 0x40}], 0x3, &(0x7f0000000440)=""/30, 0x1e}, 0x8}], 0x1, 0x40002000, &(0x7f00000004c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000040)=0x2) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x1400000000, 0x400001) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000180)={0x0, 0xa25, 0x0, &(0x7f00000000c0)=0x5}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="3b285bd9226150839556b2fdb39b665e70c25e399fcf0be26c258640eddeb732b9ee2b"], 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000001c0)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2048.546687][T10260] binder: 10234:10260 transaction failed 29189/-3, size 40-8 line 3147 [ 2048.567468][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2048.584453][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x5}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2700) [ 2048.786251][T10274] binder: 10271:10274 got transaction with invalid parent offset or type [ 2048.826196][T10274] binder: 10271:10274 transaction failed 29201/-22, size 40-8 line 3317 [ 2048.868291][T10280] binder_alloc: binder_alloc_mmap_handler: 10271 20000000-20002000 already mapped failed -16 14:40:54 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f00000000c0)=0x10) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000000)={0x0, 0x3f, {0x57, 0x8, 0xfffffffffffffff7, {0x80000001, 0x5b}, {0x7fffffff, 0x7fe0000000}, @ramp={0x6, 0x200, {0x2, 0x100000000, 0x8000, 0x25}}}, {0x52, 0x9b0, 0x10001, {0x3, 0x6795}, {0xe3, 0x9}, @const={0x8, {0x3ff, 0x3, 0xffff, 0x4}}}}) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) timerfd_settime(r1, 0x1, &(0x7f0000000100)={{0x77359400}, {0x0, 0x1c9c380}}, &(0x7f0000000140)) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:54 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x6000) getpeername$packet(r0, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000800)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$can_raw(0x1d, 0x3, 0x1) r1 = syz_open_dev$swradio(&(0x7f0000000680)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) 14:40:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x2, 0x2000, &(0x7f0000000000/0x2000)=nil}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c0000e9e7ff0480042db984fc7e6db53ca58b5d56905116f9"], 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0xfffffffffffffffd, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2900) 14:40:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) finit_module(r2, &(0x7f0000000040)='\'\x00', 0x2) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control\x00', 0x80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2048.957945][T10274] binder: BINDER_SET_CONTEXT_MGR already set [ 2048.976347][T10281] binder_alloc: 10271: binder_alloc_buf, no vma [ 2048.982952][T10274] binder: 10271:10274 ioctl 40046207 0 returned -16 [ 2049.004610][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2049.021776][T10281] binder: 10271:10281 transaction failed 29189/-3, size 40-8 line 3147 [ 2049.087717][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:40:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x395b82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1b000000e8ff0080042db984fc7e6db53ca58b5d56ba5117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = creat(&(0x7f0000000040)='./file0\x00', 0x10) recvfrom$x25(r3, &(0x7f0000000300)=""/4096, 0x1000, 0x160, 0x0, 0x0) 14:40:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2b00) [ 2049.237730][T10302] binder: 10301:10302 got transaction with invalid parent offset or type [ 2049.253986][T10302] binder: 10301:10302 transaction failed 29201/-22, size 40-8 line 3317 14:40:55 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000200)='/dev/adsp#\x00', 0x2, 0x6000) getpeername$packet(r0, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000800)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$can_raw(0x1d, 0x3, 0x1) r1 = syz_open_dev$swradio(&(0x7f0000000680)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000340)=0x3, 0xfffffffffffffd30) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000580)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000a80)=@assoc_value, &(0x7f0000000240)=0x3b0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x32, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) 14:40:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$RTC_IRQP_READ(r2, 0x8008700b, &(0x7f00000000c0)) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) prctl$PR_GET_FP_MODE(0x2e) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="7ca413747c00ed0768c82300d581a69bbd8e7572640900000000000000680618d2fd854d31378e1493219f9b8e53c86b6eb99e329e2e4a99ba77e97540c309ca7a932bcb924f4b17acb1ecd4575a5e5f0ef205264427686065582e11d657b7f9102702c40b2f9282937d463fb49154f0089f2ccb81f1c54b7a99beeb3d02795f487b970bb9c07c"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$TIOCSLCKTRMIOS(r2, 0x5457, &(0x7f0000000040)) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2049.322399][T10309] binder_alloc: binder_alloc_mmap_handler: 10301 20000000-20002000 already mapped failed -16 14:40:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000013000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2049.422023][T10302] binder: BINDER_SET_CONTEXT_MGR already set [ 2049.442227][T10302] binder: 10301:10302 ioctl 40046207 0 returned -16 [ 2049.442303][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2d00) 14:40:55 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0xfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x7}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="0c3efb001f0000fb"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x373) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) gettid() getpgrp(0x0) timer_create(0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x0, 0x4}, 0x0) timer_create(0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) timer_create(0x3, &(0x7f00000003c0), 0x0) timer_delete(0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0xe8bb9090d3eac778) bind$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c) inotify_init1(0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) syncfs(r0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r0, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) 14:40:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2e00) [ 2049.780801][T10335] binder: 10328:10335 got transaction with invalid parent offset or type [ 2049.813245][T10335] binder: 10328:10335 transaction failed 29201/-22, size 40-8 line 3317 [ 2049.901110][T10345] binder_alloc: binder_alloc_mmap_handler: 10328 20000000-20002000 already mapped failed -16 [ 2049.917005][T10334] *** Guest State *** [ 2049.921311][T10334] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 2049.936406][T10335] binder: BINDER_SET_CONTEXT_MGR already set [ 2049.952438][T10345] binder_alloc: 10328: binder_alloc_buf, no vma [ 2049.973007][T10335] binder: 10328:10335 ioctl 40046207 0 returned -16 [ 2049.985390][T10334] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 14:40:55 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x408000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x8, 0x2) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000180)={0x6, 0x800, 0x1000, 0x0, 0x1000, 0x7}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc766d950e73a45d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2050.012131][T10334] CR3 = 0x0000000000000000 [ 2050.020831][T10334] RSP = 0x0000000000000f80 RIP = 0x0000000000000083 [ 2050.027400][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2050.033709][T10334] RFLAGS=0x00000282 DR7 = 0x0000000000000400 [ 2050.033725][T10334] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 2050.033739][T10334] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 14:40:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2f00) [ 2050.033757][T10334] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2050.033775][T10334] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2050.054920][T10345] binder: 10328:10345 transaction failed 29189/-3, size 40-8 line 3147 [ 2050.065610][T10334] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2050.111900][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:40:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x8}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = accept4$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @broadcast}, &(0x7f0000000200)=0x10, 0x800) ioctl$sock_inet_SIOCDARP(r3, 0x8953, &(0x7f0000000240)={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x1, @broadcast}, 0x8, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x28}}, 'team0\x00'}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000001c0)=0xfffffffffffffdf6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000000c0)={0x3000, 0x2000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe2(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) write$FUSE_GETXATTR(r4, &(0x7f0000000340)={0x18, 0xffffffffffffffda, 0x3, {0x8}}, 0x18) r5 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xa3, 0x402000) accept4$packet(r5, &(0x7f00000022c0)={0x11, 0x0, 0x0}, &(0x7f0000002300)=0x14, 0x800) setsockopt$inet6_mreq(r5, 0x29, 0x1f, &(0x7f0000002340)={@remote, r6}, 0x14) [ 2050.210827][T10334] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2050.271804][T10358] binder: 10357:10358 got transaction with invalid parent offset or type [ 2050.280675][T10334] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 14:40:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3100) [ 2050.313693][T10358] binder: 10357:10358 transaction failed 29201/-22, size 40-8 line 3317 [ 2050.333466][T10334] GDTR: limit=0x000007ff, base=0x0000000000001000 14:40:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x7, 0x0) ioctl$sock_netdev_private(r2, 0x89f8, &(0x7f0000000180)="5571d77f02bbcd979367f7bd07ee76f91c5386942e0f525fd216516b9c9ea4caaf8d7a30f54e41adaf3f9de37de6a4dbac69f9e9d73367d201cea3f86c893618ab26b15978a0ab64e5a1bcde44338f2294ea159768c1f6d6667d0b160357049976f6052a4fe409ac4f768d22282889e041d557ee4cb6f17586daeaf2a964146e17cb6e5eabc69666a0a5b915eee33c9b232ecc2e3fe67531fe56d7ba8818c67897a2e26a9a33ccb5d91b02") r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) fstat(r1, &(0x7f0000000500)) recvmmsg(r2, &(0x7f0000000480)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)=""/24, 0x18}, {&(0x7f0000000300)=""/212, 0xd4}, {&(0x7f0000000280)=""/64, 0x40}], 0x3, &(0x7f0000000440)=""/30, 0x1e}, 0x8}], 0x1, 0x40002000, &(0x7f00000004c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000040)=0x2) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2050.364755][T10363] binder_alloc: binder_alloc_mmap_handler: 10357 20000000-20002000 already mapped failed -16 [ 2050.376641][T10334] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 2050.425667][T10334] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 2050.427450][T10358] binder: BINDER_SET_CONTEXT_MGR already set [ 2050.473928][T10334] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 2050.505974][T10375] binder_alloc: 10357: binder_alloc_buf, no vma [ 2050.532640][T10334] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 2050.535312][T10358] binder: 10357:10358 ioctl 40046207 0 returned -16 [ 2050.546906][T10334] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 2050.563981][T10334] Interruptibility = 00000001 ActivityState = 00000000 [ 2050.571392][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2050.593080][T10375] binder: 10357:10375 transaction failed 29189/-3, size 40-8 line 3147 [ 2050.606284][T10334] *** Host State *** [ 2050.610884][T10334] RIP = 0xffffffff811b40b0 RSP = 0xffff888058b2f8e0 [ 2050.630637][T10334] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 14:40:56 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000001, 0x12, r1, 0x0) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3300) [ 2050.662195][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2050.672061][T10334] FSBase=00007fad0b08d700 GSBase=ffff8880ae900000 TRBase=fffffe0000003000 [ 2050.728882][T10334] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 2050.756335][T10334] CR0=0000000080050033 CR3=0000000057e6f000 CR4=00000000001426e0 [ 2050.764128][T10334] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360 [ 2050.799219][T10334] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 2050.830040][T10334] *** Control State *** [ 2050.834286][T10334] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 2050.869071][T10334] EntryControls=0000d1ff ExitControls=002fefff [ 2050.875324][T10334] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 2050.889462][T10334] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 2050.898943][T10334] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 2050.910600][T10334] reason=80000021 qualification=0000000000000003 [ 2050.919862][T10334] IDTVectoring: info=00000000 errcode=00000000 [ 2050.932485][T10334] TSC Offset = 0xfffffbb3e70de790 [ 2050.939753][T10334] EPT pointer = 0x000000008b68001e 14:40:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x6) ioctl$VIDIOC_SUBDEV_G_SELECTION(r1, 0xc040563d, &(0x7f00000000c0)={0x1, 0x0, 0x103, 0x6, {0x40, 0x8, 0x8, 0xfffffffffffffffd}}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000002740)={0xffffffffffffffff}) r5 = syz_genetlink_get_family_id$team(&(0x7f00000027c0)='team\x00') getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000002800)={0x0, @remote, @remote}, &(0x7f0000002840)=0xc) sendmsg$TEAM_CMD_NOOP(r4, &(0x7f0000002940)={&(0x7f0000002780)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000002900)={&(0x7f0000002880)={0x6c, r5, 0x2, 0x70bd25, 0x25dfdbfe, {}, [{{0x8, 0x1, r6}, {0x50, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x404c001}, 0x1) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:40:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3500) 14:40:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) statfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)=""/179) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000240)={0x1f000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c0000bbe8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0xa}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2051.060077][T10390] binder: 10389:10390 got transaction with invalid parent offset or type [ 2051.125081][T10390] binder: 10389:10390 transaction failed 29201/-22, size 40-8 line 3317 [ 2051.165105][T10402] binder_alloc: binder_alloc_mmap_handler: 10389 20000000-20002000 already mapped failed -16 14:40:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3600) 14:40:57 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x10002, 0x3, 0x0, 0x1000, &(0x7f0000005000/0x1000)=nil}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6da116e50579ff04c9581a"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2051.220024][T10390] binder: BINDER_SET_CONTEXT_MGR already set [ 2051.248694][T10390] binder: 10389:10390 ioctl 40046207 0 returned -16 [ 2051.249322][T10407] binder_alloc: 10389: binder_alloc_buf, no vma [ 2051.307811][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:40:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x12}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="efcc756285824466"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2051.544237][T10426] binder: 10423:10426 got transaction with invalid parent offset or type [ 2051.593689][T10427] binder_alloc: binder_alloc_mmap_handler: 10423 20000000-20002000 already mapped failed -16 [ 2051.632463][T10426] binder: BINDER_SET_CONTEXT_MGR already set [ 2051.632484][T10427] binder_alloc: 10423: binder_alloc_buf, no vma [ 2051.665853][T10426] binder: 10423:10426 ioctl 40046207 0 returned -16 14:40:59 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0xb6, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000680)='illinois\x00', 0x9) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() kexec_load(0x5, 0x8, &(0x7f0000000580)=[{&(0x7f0000000000)="936f71131d6bb7d7759398a1a8cd142fb4613f4cd8fb9fffa02f3245c5b8bec245380614f56b3b46eb47a854fb87db8d81b011b64afc99c3a4e77f7b7b2ef90c6d939d6aee149a178d26f315c0780d56c0ad6b4e59eb312077c48ea3fc39e9b9ab01e39e9eaf11fde3f528cd3359fa5b05d44660b76e2cee1ca9fed5a117", 0x7e, 0x1df, 0x4}, {&(0x7f0000000080), 0x0, 0x1, 0x1}, {&(0x7f00000000c0)="3709ce165c55455652d0ee1f2d3d55c99256db5babcc943c407438d92fc2059b65c9c5f2d996", 0x26, 0x7fe7, 0x7fffffff}, {&(0x7f0000000100)="60ffed511500064c5d752455e6a06fdcf1a78479fa658550d831e4d587cc85585c790bff0162bbb4d01f74afab322c95bbb91f2caf760d4928b40d979d019ce0a03d83389ad179152883d02a607530d835f43d81ecb92c0403715c56caff5fd2411577bb8f19850607531eb38058aa4f80eedf51845af4f2bd63f03fdffc816160e5a824ddd2db359d8a585bbf7ebc79", 0x90, 0x6, 0x35}, {&(0x7f00000001c0)="74eba03a7900f023e35a954e8ceed9eb781ec3e46f44ade4d522dbcb10e70b3e7f9bcc925e8fbefef5d6a98248e761637ff1b02b935473d8bea8d2aa7202cc51b86f30d7628688b521ad3a83f6892cf79c2991ff1a96803666c712261633", 0x5e, 0x2, 0x9}, {&(0x7f00000002c0)="abe95b2e71f3e3e745eca16ce0eec5fca4c0869c5fd00ddd45ef0c096c7aa822af3913dc0d859254ee04bbea96ec40fa9127af586cb8fc98a37bea03cf02351a2f4c6e6ddd78c45350362d307475b79d9e452edab4cd39380101800a29e39e297ff3513992f8f8bd5041c04d72cdb9094d2b51d61b7d21bc757057bfd56ce29eef9352194d94708fd1bde0f3551937fb", 0x90, 0x0, 0x7fff}, {&(0x7f0000000380)="72877a3bc019e2863899242ca9637fb10604194f95db3ad3972ee7fffa51652055632fd2bb9f6ff76786b9ad95d9fff22c28ec0971c1106edb7624f7ff06ec41c0c231a9d9f22137916f4df159ea82636a2753d1be3867ebb1f92bf623ec05eedde0edd5f40143c032670f9629f6ffc2c435887375cb1806906778ddf2ee54f03787904fcaf8906b762d62239c42dcf88ba8e57779cc6ab869315ee82a452f22701c02ff2c8d791d5f9192a29224aefb2bbb97d0ea5c79570f2390e4b1361b828976bdeafbbb532f9a6ea814f2a805832349237a5725360e1ac57e15acbbcc4d732f74", 0xe3, 0x9a00, 0x1f}, {&(0x7f0000000480)="18485fb1ea960d7071fa642cf0ebb1106616dd3c7e662c4081c4e652cf2cb47e3e3175395138f9f76ebfdb3b4120892056e9faed53efd8367fe830b7a4b057228f1f8fafd663071b0e7b8124cfff0422a6fb196b2e59339d14813927e3ffe34ceb30f87595065aee2cd3ea72874e81e8204b2740d62918efdb9331b2d2b203c9a004e84effb102dc298785bdc0b90c32f5bdb379690f5828098642c8c9f52f62f93dfa5cbd2e9d93fafec964adad5520fb6f5596b0055af0e844dcb059d7e3152643c00b8cdebac86cd3cb6d73bb67812c18cd6d3bf7687d861e170947851a7e70981a243c78b4", 0xe7, 0x6, 0x3}], 0x160000) setsockopt$inet6_buf(r1, 0x29, 0x40, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:40:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3700) 14:40:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000380)={0x3, 0x8}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r3 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x3, 0x715c02) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0xbc, r4, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x60, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x2e}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x39}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'dummy0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x100000001}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0xc56}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x806}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20000000}, 0x48010) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000080)={0x0, 0xfa}, &(0x7f00000003c0)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000400)={r5, @in6={{0xa, 0x4e20, 0xa35b, @remote, 0x5}}, 0x3, 0x9, 0x3099, 0x7, 0x8}, 0x98) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x30}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:40:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2053.787056][T10436] binder: 10435:10436 got transaction with invalid parent offset or type [ 2053.795681][T10436] binder_transaction: 3 callbacks suppressed [ 2053.795700][T10436] binder: 10435:10436 transaction failed 29201/-22, size 40-8 line 3317 [ 2053.891129][T10446] binder_alloc: binder_alloc_mmap_handler: 10435 20000000-20002000 already mapped failed -16 14:40:59 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3900) [ 2053.959235][T10436] binder: BINDER_SET_CONTEXT_MGR already set [ 2053.959260][T10446] binder_alloc: 10435: binder_alloc_buf, no vma [ 2053.978053][T10436] binder: 10435:10436 ioctl 40046207 0 returned -16 14:40:59 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) setsockopt(r3, 0x5, 0x8, &(0x7f0000000180)="133194261f1555b28058f0d55ba750b82ccdd3982295efef1e69faadda42f4d8a7085099f2e6489b71e2ec63d920f17b1510f7b5e210d85df84f9081cced914cfcb380efa2ab1d9d102da134e11cfa19e6e1122b3358f0b13c3666f7ad410fbee06d087a7c00ee7df6a18e711bc7b938e7c8006754521d4e364a8795c815367fbd0ab72dd165197797cb1466595596302f87b243042414533b561c3b0a53be264ec1f9dede3f4f741bab8d4be00e3bf1", 0xb0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:40:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2054.029629][T10446] binder: 10435:10446 transaction failed 29189/-3, size 40-8 line 3147 [ 2054.051164][T13966] binder_release_work: 3 callbacks suppressed [ 2054.051171][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2054.103621][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x48}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3b00) [ 2054.267063][T10462] binder: 10461:10462 got transaction with invalid parent offset or type [ 2054.326299][T10462] binder: 10461:10462 transaction failed 29201/-22, size 40-8 line 3317 [ 2054.372798][T10470] binder_alloc: binder_alloc_mmap_handler: 10461 20000000-20002000 already mapped failed -16 14:41:00 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x10, 0x0, 0xffffffffffffff99) ptrace$setopts(0x4206, r2, 0x0, 0x40) prctl$PR_SVE_SET_VL(0x32, 0x8d38) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8fd5080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000040)) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000180)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) write$binfmt_elf32(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0xf32a, 0x400, 0x3, 0x7, 0x3, 0x6, 0x7c, 0x18f, 0x38, 0x139, 0x401, 0x480, 0x20, 0x2, 0x4, 0xcd7c, 0x8}, [{0xf098f813dd1a0d0, 0xad74, 0x100, 0x9a6, 0x100, 0x2, 0x7, 0xffffffffffff7d81}], "afdfeebf456a59dec9548d1908fac273a6503db5310dadfc1d2b480362aceb17e0aa600f065edbaa9f9c04cd100c2a4172fb25f18221993926643e692ef95d7ce92b604287d77b6bcd4d7c66780d1997f5b80e97e6c25e17ea365719ebb52764119184199a62bc07bac08bdcf07f773519521615d73d80b6fae07affad2b30d81612f1c153c9566a0853", [[], [], [], [], [], [], [], []]}, 0x8e2) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2054.447186][T10462] binder: BINDER_SET_CONTEXT_MGR already set [ 2054.453294][T10462] binder: 10461:10462 ioctl 40046207 0 returned -16 14:41:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3d00) [ 2054.514649][T10478] binder_alloc: 10461: binder_alloc_buf, no vma [ 2054.546660][T10478] binder: 10461:10478 transaction failed 29189/-3, size 40-8 line 3147 14:41:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x4c}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2054.606583][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2054.634060][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:41:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3e00) 14:41:00 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d5690c1a9ca7bfed635824bb5d3307e5117f9f36c3a65d4b24595fe670f8b356082c6e3ab1edbfeefa0bfe92b396123fd34b63d207640bbbbe81102c8b0f997566043af61bd6f111abfcb6b890ff64f5be0866fc743e42429ab6fe2b3c000ae031f3d991dc6b97ae89579ce48e86c20ad4eb7705dddb2fae10a0f183329190b2d9f78333b3fb945bcc374d9faf090d24b6df69c4f84bdb2b848df8229c726633e93530d46509462524d2e2561c73a35198b2aaeba85e1f40d0714eb5a9d08028a174fd1fe5880400845b348dc0bae6277f38678cb430ac1e591adb11e2b7c309317e72a682c43b14f"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$VIDIOC_G_PRIORITY(r2, 0x80045643, 0x3) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2054.802757][T10497] binder: 10496:10497 got transaction with invalid parent offset or type 14:41:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x101000, 0x0) ioctl$sock_netrom_SIOCDELRT(r3, 0x890c, &(0x7f0000000180)={0x0, @default, @rose={'rose', 0x0}, 0x4000000000, 'syz1\x00', @null, 0x7, 0x3, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2054.854493][T10497] binder: 10496:10497 transaction failed 29201/-22, size 40-8 line 3317 [ 2054.908372][T10502] binder_alloc: binder_alloc_mmap_handler: 10496 20000000-20002000 already mapped failed -16 [ 2054.986916][T10502] binder_alloc: 10496: binder_alloc_buf, no vma [ 2055.024239][T10502] binder: 10496:10502 transaction failed 29189/-3, size 40-8 line 3147 14:41:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3f00) [ 2055.026870][T10509] binder: BINDER_SET_CONTEXT_MGR already set [ 2055.043990][T10507] QAT: Invalid ioctl [ 2055.157935][T10509] binder: 10496:10509 ioctl 40046207 0 returned -16 [ 2055.157952][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2055.178943][T10510] QAT: Invalid ioctl [ 2055.191026][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:01 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000340)=0xc) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x2, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000080)="0184be6810fb50d5b95f97b52879b2e6adc37ef305", 0x15, 0xe1}], 0x80000, &(0x7f0000000380)={[{@nospace_cache='nospace_cache'}, {@space_cache='space_cache'}], [{@fowner_lt={'fowner<', r2}}, {@subj_type={'subj_type', 0x3d, 'cgrouptrustedvmnet0:'}}, {@subj_type={'subj_type', 0x3d, 'lo'}}, {@obj_type={'obj_type'}}, {@subj_user={'subj_user'}}, {@euid_eq={'euid', 0x3d, r3}}, {@fowner_eq={'fowner', 0x3d, r4}}]}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) r3 = fcntl$dupfd(r2, 0x406, r2) ioctl$LOOP_SET_DIRECT_IO(r3, 0x4c08, 0x4) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x60}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4000) [ 2055.359610][T10525] binder: 10524:10525 got transaction with invalid parent offset or type 14:41:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2055.431423][T10525] binder: 10524:10525 transaction failed 29201/-22, size 40-8 line 3317 14:41:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(r0, &(0x7f0000000380)=ANY=[], 0x400000103003) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2055.489769][T10540] binder_alloc: binder_alloc_mmap_handler: 10524 20000000-20002000 already mapped failed -16 14:41:01 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffff9c, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x8, 0x800, 0x1ff}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f00000001c0)={r2, 0x8}, &(0x7f0000000200)=0x8) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)=0x1c2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2055.531328][T10525] binder: BINDER_SET_CONTEXT_MGR already set [ 2055.555592][T10525] binder: 10524:10525 ioctl 40046207 0 returned -16 14:41:01 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4100) [ 2055.586432][T10540] binder_alloc: 10524: binder_alloc_buf, no vma [ 2055.594630][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2055.599561][T10540] binder: 10524:10540 transaction failed 29189/-3, size 40-8 line 3147 14:41:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x68}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2055.656327][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2055.798321][T10555] binder: 10549:10555 got transaction with invalid parent offset or type [ 2055.867841][T10555] binder: 10549:10555 transaction failed 29201/-22, size 40-8 line 3317 [ 2055.923513][T10557] binder_alloc: binder_alloc_mmap_handler: 10549 20000000-20002000 already mapped failed -16 [ 2055.961304][T10555] binder: BINDER_SET_CONTEXT_MGR already set [ 2055.973320][T10557] binder_alloc: 10549: binder_alloc_buf, no vma [ 2055.983965][T10555] binder: 10549:10555 ioctl 40046207 0 returned -16 [ 2055.994301][T10557] binder: 10549:10557 transaction failed 29189/-3, size 40-8 line 3147 [ 2056.010652][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2056.020785][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:04 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0xa000, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r2, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) r3 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4300) 14:41:04 executing program 0: creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) write$UHID_DESTROY(r3, &(0x7f0000000180), 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") socket$nl_generic(0x10, 0x3, 0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6c}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2058.388803][T10563] binder: 10562:10563 got transaction with invalid parent offset or type 14:41:04 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x6) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) ptrace$setopts(0x4206, r2, 0x0, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000080)=0xffffffffffffffff) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2058.456721][T10571] binder_alloc: binder_alloc_mmap_handler: 10562 20000000-20002000 already mapped failed -16 [ 2058.509730][T10563] binder: BINDER_SET_CONTEXT_MGR already set [ 2058.533511][T10563] binder: 10562:10563 ioctl 40046207 0 returned -16 14:41:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") socket$nl_generic(0x10, 0x3, 0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4500) [ 2058.576461][T10580] binder_alloc: 10562: binder_alloc_buf, no vma 14:41:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x74}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) prctl$PR_SET_FPEMU(0xa, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x279c, 0x111800) getsockopt$XDP_MMAP_OFFSETS(r3, 0x11b, 0x1, &(0x7f0000000180), &(0x7f00000000c0)=0x60) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="773165de8a26fcbb0991d745440f18aa873af13a45599cfe821bf3e6221189beab4cdeed82caca84cdbfe1605e82b9fc148465f4eecea41f263cb1d7a04c8d020d68b6a7e881a9f568050800000000000015cddaf29c5bc9ebe513e390c75dbfa4f5b5f550424ca3adc4c7cdc7d6a094e2392d"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2058.726473][T10593] binder: 10591:10593 got transaction with invalid parent offset or type [ 2058.781633][T10599] binder_alloc: binder_alloc_mmap_handler: 10591 20000000-20002000 already mapped failed -16 14:41:04 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4700) 14:41:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") socket$nl_generic(0x10, 0x3, 0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2058.843356][T10593] binder: BINDER_SET_CONTEXT_MGR already set [ 2058.863987][T10593] binder: 10591:10593 ioctl 40046207 0 returned -16 [ 2058.864882][T10601] binder_alloc: 10591: binder_alloc_buf, no vma 14:41:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x200002, 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000180)={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x22}}, {0x6, @random="8d59e25316fb"}, 0x68, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 'rose0\x00'}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) write$P9_RRENAMEAT(r1, &(0x7f0000000300)={0x7, 0x4b, 0x2}, 0x7) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x800000, 0x2000, &(0x7f0000003000/0x2000)=nil}) ioctl$EXT4_IOC_GROUP_EXTEND(r2, 0x40086607, &(0x7f0000000340)=0x6) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000280)={0x4, 0x101000}) open_by_handle_at(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000200)={[{0x10000, 0xff, 0x1, 0x9, 0x4, 0x8, 0x8, 0x2ff, 0x100000001, 0x2, 0xfe5, 0x19e, 0xd875}, {0x0, 0xfffffffffffff000, 0x30, 0x200, 0x97ac, 0x6, 0x6, 0x9, 0x0, 0x0, 0x6, 0x546, 0x1}, {0x21fb, 0x4, 0x100000000, 0x3ff, 0x4, 0x100000001, 0x7, 0x8, 0xfffffffffffffffb, 0x3a, 0x5, 0xfffffffffffff000, 0x3934b658}], 0x80800000000000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2059.032471][T10601] binder_transaction: 3 callbacks suppressed [ 2059.032488][T10601] binder: 10591:10601 transaction failed 29189/-3, size 40-8 line 3147 14:41:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x7a}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x2, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r3, 0x808c563d, &(0x7f0000000180)) ioctl$VIDIOC_QUERYSTD(r3, 0x8008563f, &(0x7f00000000c0)=0x0) ioctl$VIDIOC_S_STD(r3, 0x40085618, &(0x7f0000000240)=r4) 14:41:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4900) [ 2059.158859][T10614] binder: 10612:10614 got transaction with invalid parent offset or type 14:41:05 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x7, 0x0, 0xfc, 0x4, 0x1ff}, 0x20) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) getsockname$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x1c) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r5}}, 0x18) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2059.214744][T10614] binder: 10612:10614 transaction failed 29201/-22, size 40-8 line 3317 [ 2059.256374][T10623] binder_alloc: binder_alloc_mmap_handler: 10612 20000000-20002000 already mapped failed -16 [ 2059.288168][T10627] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 2059.299029][T10614] binder: BINDER_SET_CONTEXT_MGR already set [ 2059.334189][T10614] binder: 10612:10614 ioctl 40046207 0 returned -16 [ 2059.367433][T10631] binder_alloc: 10612: binder_alloc_buf, no vma 14:41:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r4}}, 0x18) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x8000) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) iopl(0x6) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4b00) [ 2059.390736][T10631] binder: 10612:10631 transaction failed 29189/-3, size 40-8 line 3147 [ 2059.454046][ T8052] binder_release_work: 4 callbacks suppressed [ 2059.454063][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:41:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x300}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2059.501748][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00'], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000180)="b958080000b8dd000000ba000000000f30c4e17e5bb800680000b805000000b99db7efd20f01d9b943090000b800000000ba008000000f30c4e1b05d9fc90000000fc71b3e0f01cac4c125ecaa9d000000650f01df0f426d00", 0x59}], 0x1, 0x58, &(0x7f00000000c0)=[@cstype0={0x4, 0xe}], 0x1) [ 2059.618989][T10647] binder: 10643:10647 got transaction with invalid parent offset or type 14:41:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r4}}, 0x18) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4d00) [ 2059.686263][T10647] binder: 10643:10647 transaction failed 29201/-22, size 40-8 line 3317 [ 2059.710306][T10650] binder_alloc: binder_alloc_mmap_handler: 10643 20000000-20002000 already mapped failed -16 [ 2059.753955][T10647] binder: BINDER_SET_CONTEXT_MGR already set [ 2059.787099][T10647] binder: 10643:10647 ioctl 40046207 0 returned -16 14:41:05 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2059.886191][T10660] binder_alloc: 10643: binder_alloc_buf, no vma [ 2059.892841][T10660] binder: 10643:10660 transaction failed 29189/-3, size 40-8 line 3147 14:41:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000200)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r4}}, 0x18) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2059.930009][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:41:05 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4f00) 14:41:05 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) ioctl$VIDIOC_S_TUNER(r0, 0x4054561e, &(0x7f0000000000)={0x7, "056c94104cdcffb904a575789d6b44295649b02e249a00be886d2ddbdee2aea3", 0x1, 0x261, 0x9, 0x1, 0x2, 0x6, 0xffff}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000080)={'batadv0\x00', 0x7}) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x18) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x279c, 0x111800) getsockopt$XDP_MMAP_OFFSETS(r3, 0x11b, 0x1, &(0x7f0000000180), &(0x7f00000000c0)=0x60) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="773165de8a26fcbb0991d745440f18aa873af13a45599cfe821bf3e6221189beab4cdeed82caca84cdbfe1605e82b9fc148465f4eecea41f263cb1d7a04c8d020d68b6a7e881a9f568050800000000000015cddaf29c5bc9ebe513e390c75dbfa4f5b5f550424ca3adc4c7cdc7d6a094e2392d"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2059.990248][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x500}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2060.152258][T10673] binder: 10671:10673 got transaction with invalid parent offset or type [ 2060.173861][T10673] binder: 10671:10673 transaction failed 29201/-22, size 40-8 line 3317 14:41:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0), 0x13f, 0x1000}}, 0x20) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2060.227166][T10678] binder_alloc: binder_alloc_mmap_handler: 10671 20000000-20002000 already mapped failed -16 14:41:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='cmdline\x00') write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x106, 0x1003}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r3, &(0x7f0000000300)={0x8, 0x120, 0xfa00, {0x1, {0x1, 0x10001, "ce57331d41f310d8c96eddd27688baa5a624b92c9aa8be11a33a3ed2e5e6605edd78a823f2a84e74fdb37936f1707ca420e4c0bbec16ddce427bc1efe0799aec546c77f2221e13d51f6861c4e8fc882181301d8dd068384dff6861f5a2890e012e575e5ef9a70d35a816fe2122918731bdbdec368c03f4601962e67b1b79447986613ae1e4ac61df1240ea1a41b9a3e14e4305db5a7b589dbb75b261563a2f46d6939526a29c404bca3b90ba8577e4f1b129e4b26582ca815ad7faa383b5e9207d433d4762d169d97403a2778416b1e540f1b1670256a677573b606776f5fa0b75cb7f83d85c66733b1fff492d6da8ccb03a7f75a0038dfa5e2beb98faa9790a", 0xad, 0x80000001, 0x1, 0x810, 0xfffffffeffffffff, 0x6, 0x7f}, r4}}, 0x128) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000680)={{{@in=@remote, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000780)=0xe8) syz_mount_image$jfs(&(0x7f0000000200)='jfs\x00', &(0x7f0000000240)='./file0\x00', 0x3ff, 0x4, &(0x7f0000000600)=[{&(0x7f0000000440)="9e575068b3a68e76c48e4caf6ad6de1e7a00345be4d0127c8d0fdc79a5334c4b917f9741654306342141dc9d74ee62e7cd355e7926997db7d952e6437da57e23403e18fb8c8a97d982ac44d9d1b972943b11adf53cd2a17827f8f27bd3c55602550ab7467b4732e07f64075bdbed0a79dab93feb740995ea3d0db0d2d0a1883fda61049384dd907d47d66b009f18a38b7ed2bb46", 0x94, 0x9f7}, {&(0x7f0000000280)="14ee2b42437e2f3d7afe3b9bb3e41434cbeaebedd038f1534100a85630da0ab3c0d810fb8222e12bc3709e16290c0cba7ce1675466b71c77e4e9758bc30a", 0x3e, 0x1}, {&(0x7f0000000500)="b84cafcbc508758b8f587970dfdf3e236c8f571e7c5aeb9bffb98d496e88a1c2d346e5dc290e6867cfb815e8cef5fc34c810d79837c4398cff28a1c74e9a1e21191ba0bd28595c51573b9413c6e57dd403b958652447f66145ff38d65e6feeb68e96b36ae5ef27524fa572470831426c6f5aeb833fe6b8555bd8f3dc03", 0x7d, 0x5}, {&(0x7f0000000580)="a46d881255614ee0d047ce9019805c2bde425f764846f62ec41dbc0783f14f631042dbc9258431f7c36f20379829aa7f2cbe92a0a6905a9e1b6f6f84e42a5b895d770d929bc06cc1cad74bbf87bc779f4c681410b6868cb9e19bd02dc2e9", 0x5e, 0x3}], 0x841000, &(0x7f00000007c0)={[{@discard='discard'}, {@quota='quota'}, {@usrquota='usrquota'}, {@umask={'umask', 0x3d, 0x2}}, {@umask={'umask', 0x3d, 0x4}}, {@discard_size={'discard'}}, {@grpquota='grpquota'}], [{@fsname={'fsname', 0x3d, 'cmdline\x00'}}, {@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@subj_user={'subj_user'}}, {@fowner_lt={'fowner<', r5}}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x5100) [ 2060.289656][T10678] binder_alloc: 10671: binder_alloc_buf, no vma 14:41:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) write$UHID_DESTROY(r3, &(0x7f0000000180), 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2060.336995][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2060.344372][T10678] binder: 10671:10678 transaction failed 29189/-3, size 40-8 line 3147 [ 2060.420640][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400000) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x600}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2060.476771][T10688] *** Guest State *** 14:41:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x5300) [ 2060.527388][T10688] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 2060.575311][T10695] binder: 10694:10695 got transaction with invalid parent offset or type [ 2060.594017][T10688] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 14:41:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000180)={0x5002, 0x101000}) r3 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2) r4 = geteuid() stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB="2c7705000000b07070eca39005944393a453f37e0dc3b10417d79b3d", @ANYRESHEX=r1, @ANYBLOB=',nodevmap,dfltuid=', @ANYRESHEX=r4, @ANYBLOB=',cachetag=-,subj_type=,rootcontext=staff_u,fowner>', @ANYRESDEC=r5, @ANYBLOB=',appraise_type=imasig,seclabel,\x00']) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff008004331f000000000000"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000300)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2060.631111][T10688] CR3 = 0x0000000000000000 [ 2060.646320][T10688] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 2060.662096][T10688] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 2060.666320][T10695] binder: 10694:10695 transaction failed 29201/-22, size 40-8 line 3317 [ 2060.677929][T10688] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 2060.696641][T10688] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 14:41:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2060.727360][T10688] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2060.751095][T10688] SS: sel=0x0000, attr=0x00081, limit=0x0000ffff, base=0x0000000000000000 [ 2060.760181][T10697] binder_alloc: binder_alloc_mmap_handler: 10694 20000000-20002000 already mapped failed -16 [ 2060.798972][T10695] binder: BINDER_SET_CONTEXT_MGR already set [ 2060.805177][T10688] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2060.839868][T10688] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2060.858800][T10695] binder: 10694:10695 ioctl 40046207 0 returned -16 [ 2060.871059][T10688] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 2060.904180][T10709] binder_alloc: 10694: binder_alloc_buf, no vma [ 2060.918744][T10688] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 2060.937371][T10709] binder: 10694:10709 transaction failed 29189/-3, size 40-8 line 3147 [ 2060.950354][T10688] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 2060.951652][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2060.979579][T10688] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 2060.993902][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2061.006395][T10688] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 2061.050970][T10688] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 2061.102888][T10688] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 2061.125586][T10688] Interruptibility = 00000000 ActivityState = 00000000 [ 2061.142065][T10688] *** Host State *** [ 2061.152402][T10688] RIP = 0xffffffff811b40b0 RSP = 0xffff88804c3af8e0 [ 2061.166407][T10688] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 2061.183966][T10688] FSBase=00007fad0b08d700 GSBase=ffff8880ae800000 TRBase=fffffe0000033000 [ 2061.204398][T10688] GDTBase=fffffe0000031000 IDTBase=fffffe0000000000 [ 2061.220947][T10688] CR0=0000000080050033 CR3=0000000095066000 CR4=00000000001426f0 [ 2061.236207][T10688] Sysenter RSP=fffffe0000032200 CS:RIP=0010:ffffffff87201360 14:41:07 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x8400, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() move_pages(r2, 0x4, &(0x7f0000000000)=[&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil], &(0x7f0000000040)=[0x5, 0x8001, 0x0, 0x81], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) syz_genetlink_get_family_id$team(&(0x7f00000002c0)='team\x00') fcntl$setstatus(r0, 0x4, 0x5ffd) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f00000001c0), &(0x7f0000000200)=0x4) r3 = getuid() ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f0000000300)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, r3}) ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f00000003c0)={0x0, 0x3, 0x56, &(0x7f0000000380)=0x251}) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e22, 0x9, @ipv4={[], [], @empty}, 0x7}}, 0x0, 0xffffffffffffffff, 0x0, "d2a812ef83ff249218d9f18c2671003e16cd0a3d13ac59f07ea0c5c52b4bf84e59668a1f25adf97e3e12ef58bc0a19c694b407f152795dd74f8ebd040d2dc6e4f610040d2e222ac68fae1673850bd4aa"}, 0xd8) 14:41:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x700}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:07 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000040)={0x100000, 0xd002, 0x6, 0x8000, 0x71}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x5500) [ 2061.256185][T10688] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 2061.273394][T10688] *** Control State *** [ 2061.283094][T10688] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 2061.292474][T10688] EntryControls=0000d1ff ExitControls=002fefff [ 2061.329448][T10688] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 2061.343714][T10721] binder: 10714:10721 got transaction with invalid parent offset or type [ 2061.363616][T10688] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 2061.393029][T10721] binder: 10714:10721 transaction failed 29201/-22, size 40-8 line 3317 [ 2061.416761][T10688] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 2061.425324][T10727] binder_alloc: binder_alloc_mmap_handler: 10714 20000000-20002000 already mapped failed -16 [ 2061.453346][T10688] reason=80000021 qualification=0000000000000000 [ 2061.455782][T10721] binder: BINDER_SET_CONTEXT_MGR already set [ 2061.479341][T10727] binder_alloc: 10714: binder_alloc_buf, no vma [ 2061.485787][T10688] IDTVectoring: info=00000000 errcode=00000000 [ 2061.493424][T10721] binder: 10714:10721 ioctl 40046207 0 returned -16 [ 2061.507350][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2061.516013][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2061.526304][T10688] TSC Offset = 0xfffffbae3546ccab [ 2061.533404][T10688] EPT pointer = 0x000000005b4f201e 14:41:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0xa00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) write$UHID_DESTROY(r3, &(0x7f0000000180), 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6400) [ 2061.623806][T10731] binder: 10730:10731 got transaction with invalid parent offset or type 14:41:07 executing program 1: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c) r1 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x54, 0x0, &(0x7f00000001c0)=[@acquire={0x40046305, 0x4}, @acquire={0x40046305, 0x4}, @reply={0x40406301, {0x0, 0x0, 0x4, 0x0, 0x11, 0x0, 0x0, 0x18, 0x38, &(0x7f0000000040)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x1}], &(0x7f0000000180)=[0x78, 0x18, 0x40, 0x0, 0x60, 0x38, 0x38]}}], 0x1000, 0x0, &(0x7f0000000300)="5d44663c060b46fc8947341570423a69c0eab541e6b5e565a91297facd9a7e26b8b6e3d2542250a25eadf12f8e866e6d7d78b0058720244e6fd89eab5da0dd97e9a24c00cb50d64029a6094f6fb6b1b3d6f51eeed4111e0209a619973405eff7c108c926f79b3fe2511cc3598d196c922d5e993da09de4d31479c8e856938c9f0d2c1dc87ff2954ad28f5f1e7dbf505451df535b8f44d8e6b3f55a654ac44c5e1320a6825a2cd5bdf01cdb088d504482f2007e62ca9746f5f7630e31e2da26e4366de0a22a279e9322fb1b648fbe05d7616bd26dce807ce63c9f8bfbb96c8f818cc4cc47a38f7aca31c30af13ba1b2169e7ee22ae1826c661fdae3e647fc7b0549ca52c0f86a08248f0d5e10eece9d23ee8efb77930a5c0eb1c53c2302258c3c2049984eb43694f45c06992947eeb97b11f05ec1ce4e9e86d17a1cf86df1af8db4487b053c88a73f12919922ae36a34a0a49a53bd9f86e3c01e072de00c6203a19370c8c04a9a1b03dd89471b6e47560e36599cfba9276fb841c9b07ed327060113b224a41b87493c840aaaa334dd59d916fddfe2f3b3710f898a19ec39efb86067eea8d2ed2c6c288abdef74031cfce9c7f36a5f10ebb0828f5134d54711267aa05eb492c2d5e1e58dc99caac2f9f47ab160349037059f76128906346f920eee015fad8da427904a2029ef8abee4864128c573b21e8cee13497c2c9eea03489a248e036bb55bf5e28748724f96f0ccf5ef203adbcdbfe53e087bd7d367028d0b44f880023092fc8f205bf596d4b2b2e7a6de50ccea45a76bdabc944028b701e7734fe650fb8fea853b3016fefd1a728526d5b868bb6f79fb5c137998c6965008e7086ac4620f4f88336f6e3203b2fe024ce79f242e90e4ac2d5d3610c350a2e16c638eef20b35d4a9764c298e5ba0edd8c140a96b6607e46b67ec084b11e4bf40de6fa84f057c61b602e710547551d27b246dbf9e4dd5cf68a14312fc302891d666a52e4130f10c24ec4fa166c00340c644438be61001739720c5ef5d38cfac74c9de833b98bb2c86c1470e23964d72ce3370891db3292dfafd68e8bdf74d5b85b90eb167f7a6befe109f4f193322268a20ababce014ab7c236a66afe2054423d3e952ed55b6f204ffbeb4c3c3b48893b86bd56819fef6b677e0178c6fcccb7f247b4889b486e8c39c89d05e6b4a10e9d595fdfe87c1f1d823799486b6ad7f0f2a42d53f194db87ad13d226672a8d548f8ae819b6a32fa6bdbf5af808ad774f29bc1d2d29d6de6a515cff1b4fc6b01b1f7588063c9092064fc56fb91b3de9543553c77d3212a6197504899b3fee5bef09e61949a1be417e4129e0e8d674af6a0a87b071683ffd12a8fd13faf672900cf66f3660c1b72c7529bff33cd4d720147be98f85435ba4c9b442cbf83c33d6611c51c70dbe73a9b4c4275f0aac1e1c54f1b8c19f5ce375b1d9d8f4a91a8cc6eadbbb5e00bf23ffceb3125ef3c12c9bcd2b7569d7d82c20a2935b0153999d67ff584088989f2f52d048e05f31465d2a289e365f9799faa3926d0677ad670e61df434982d670692aa323fc918ba51b3e44577d901a35a7da4892095b93b8773935e3f652ea2ef0e7bb0e6a91099690fb41a3178b0b23e56b21ab7d18c74433dcf2bd0fc8ebd2844c9c161aa101a6bfe428501ddb97be3a38e5ba50355e8bc2663bc191da53342ab25bdbac9e1605a4eeea608f92606a96b6c5b4380c01230555d438837af25b778ac0e87b5e1f2f01a1a7d22e5e286cf68bd6ec75e9819774c4f9d6bc92faeb4a3f1030a04a160a21f3173f8cfa17133bd460b6ac38b47ffdf198785e785fec31b2de531ceaf1da421d9c5181eaa031b13024ba02b3c5b4c46c62126f0150e8d99fb7c2594b5f8c694adbc936c3c4315a5bd9928fee82c893cff85c0fc07c4bc2289d8fd6ee34a5b56ae69852fbeace172829b3c24cabbfc841c96403285e1c7f5f9c7f39735ab30cba7674782527459d1036b7f9b6ce45de1a36c8606d0cab1250d3a0adf6dfc311ebce397197643441108664b31f88b648ce8182b0fdc314dd58bb1d5399a0c962b358dfeee4cce70fb15f6faed2054092f97e7548a94803993c74850e3014ae9b557f9156b1a3c93ae2db1ce796aee5e01dc01c5b349ab8fefddb9b5b2f05bf80c8fa4c9e39c50d9164b415ba3c89056610fcfd58d69bd555b9168997940f292f68fb1f28d0e19fea445bdb6617e1636b4e140c87e2ab575d2759e4ae3f879cd5d9e84ba2f444ac8ca353f98e52879263ca672c91448237db0e2001f29a9ba1e5e7c0b11daf1c60c1740176837f08c16b9f45a1f752ba0ecee5dc3b11b60dd75a966d3eceda018a3c22f3f8808c0df71a0c12b7fc11c457986e5917162bfc2b6f07b96d28f807074ea5bed9175b5ded24f02e18bc4808ce5fe43482f63fc5a3f58c26ff12ca326bee26ebc478e652180398964f32d913bccfcbc0c901b769963bd49c950053cc2d6fbbe8f19dd675488b8d128e5942842815d6f8f6bee93d6eca086edef7f2f3d4f1e4b72cd1babac825bc898c27f16defbfed4061b3d0412ef451718c8fb840328b1a6e4e9699b8157e03a17f991b2c5829aa2dd63a8647e2041221436bb04ea2e33313cfce30d6fb61ceb0a4dd9cdf8feb9cd4f443a45ca9857a09f327a858be0b3cc5cc3aa61a98927d601f2a7d9b4e129fc71d60745a4bdf08f1c68c97836c3ef2a0dfeed66ad244bca8dc401fc3db29f4e54c43df197642f6d6497bc1431eb27100e90599f390fb6864c82da543c92fec3495c84b0013570b898113a61620f68898f7cea1ff8de4bef1292870e7b2ca8ba52438d29a5ed27a0c0f74591eb0cd0683ba80d0fc48b0729dfd030dffdf7e435b96e77c9a863359c78426be77c5389b3bac1646a0853d4c8a1edbbb06d12dac010bc572831c7c7e9c7870f4d87da11e5dee34b911d32772c6b935d7bcd96effa07d7faa48536bfe95f7303de4663a05c7146ce86b2700c52f7c7705694da0becf6efed4ef57c45c1b4edea3aa70f4a0b18e30cdaac3ba827761c9c37dad7822c55c6149cf49018e9d89ef0b1c86936e7b2e3541d8c59af31578a837eee19398d74e1e76733fac2c084bd085cb4f7e7ded739eca727c40a923678dfef81e2dd273f284a13ad978bb1a82784a05043e3062b814d10c6bb29dad80d4ceb4e505d3c3a9addc79592352fdbf0429fb24d4bd8325b146cab56be531092138b1b61f271d99e57cfb6c5069dfc5f60a144d843c1c72f1456abe77627284cd2f8cd6aa6c1e32ebdbe99612634b9de90e26f5f718717af2188b87b513cdce5183b1a74961e85ea69e4f4da8c407c70d02052b9456f13d53f4f3d3e17e8def39b565fa3d33fc85fda95735306ea3276f6bda5a3258eaa029b89d15144de8433f4c92695d3502655f71fb9e152b0e071a09f509c8e7705bf5195f4e4da20d37a41b634630c044b5b57c24ddd7bb368029f7dad215a667a67ff572d40d5dd1e5e7b015b6ec52713117fb73f8f64a9d4a0fe6bc045bf29fad999e3acd56d8db44ff139818a4064ec32d6f1ceb74a4643918583af3d7a6b3b28017aebd16cc2f3edec7042518b909c605cabd0dab412eadcb6457632820112232d90df6d4b4320d6b39d4433ab9d1e5bdf158c2c900e4862ae44f835f4263edd3ea69ce55038d740dd0c0f0809c3daa4c8c765e01c222412870347fadcc1b682ea2e6ffbf45c10ad40ce1836fefecd9baed7a272da903b3adb07a9e9678df12cc9e2f9482bb8c7ee2763c07073363b013add51993b0c6583718c93488ba24361e71452311dbe443ded6e363096864ef063e6dcb4ce2993d7589829e4bf8d4b19e20a324a20738ae8592447a90e415667a6e4d363029abaf89922009569ee1a1ffc2be2e7a6eab670d8d933526204f00f768e73b5bf461ca501c992c861f3583050534b6df891c0d710739ce8baff5d129f3575aea1e1700c3a91783a2062ca8917747feb6cea8bcabc38384369b1395c36db285b2ef37aa57703e12749d71e6b6ca5d0b607781b855dfc9555723ec11c94d448d2152c3929e09f494ae04c2eef01641e24333cb447ad92753a6ca6601e52a0e37689f0bb815e95a66c08b61de1e25acf1899f2dd0e33a87250bb4aacbeeb53442f7ce58758c096c342078ad55c89e348b2c617f17dce8c013957119cad56dbeede718a3f246e40177b9faa6b8e3fa114e49d9d1d3f3da84bfd1477ed25af556d392452ea81a60ec77d27a853e1f17836184196cebfc1bfb7e3f58034112fb60d3598875c57102965c1c977c451a56b635dd682b06e6b462caeccad5eaff29e30c72160945044bd94e74f35574c79bc765b7bb04ffb0d86004d6133844a3056f3d485419b8a268c8de76d648ac33fd3b095e8d3436bef088e219c2609e55d3b6d1afc4b0991090d2a1fb0ad56c29770a5b595091a25aa32e0d4db8cbc8b9ae23ec2472e196a8d13d4f74b8ed99daf221e3eb9bac76f1e92c951f92711fcf77e776f16e2557b533bde6676fa17eb557848946854266464cf9edd15d22fae23ffc364d4fa3a78711676de0b1d9486dbc6c7e33a92378fe28677067a6d361a65d213ef74c8d7f836d791a38b05a4a708a89d88e1ec4111f5767f3ab362a98ecf53017124a71a304c64f8439638f21b3581e72af3dcc549c54659fc4818683838721021877a6a0906952adc3c17b730ba34d8513abc48fd849c56a338a5acfe214d2f88e636b8d91d1e2b7a2b8b437066233eaacf4bb2646369defffc6d640141b3997fdc0588453581c0f024e4665a48a8a955accd121a14a5e5e50f1dbff6080d2f57a7150544c7126d01379605d3f01acdabbcd2f8c5a2c5573eb874db1068c78d3d3234504e730fca032917927ea2d8247ed73267b377e88140953806bcbfae4a5dc0917e16f3be1a8f1944c13112321406918931d81af640e3846b2be737cf3d51d3f613861588e28fcc984f286534fabdd241d70b90b9284cfe27b4800a5cc81a7e794511a8b8b876c588bf23720805d7892624e8cc4d9e5f5532e658e7145058a533012389ecc1f9a6b396a7d94d56bdce94a997b142824f54193d6696177e0cb4254dfefc4c198e5b9c979e766765711fa4f67a98d4f210fa5fac73267358d7222b92c29dd92b9867c0bf096cb5016ff28c73f39b52308d9d738458f8796fdab6412d66c7b99d351a665a39a28e58ab07f70002cac75fde34bbe0363af3ff42fd485d2f5230acc49343381af4296d661075a04f470121563932fcefba0fe320c9e0c370b0a20841edfc0a9e3d6563ef56dac71849d482e60bd5c05c1341045b24aaf3ceebefed8c626e08db19460df70cab653228dedaeba6ee854696eca4119037cd2a376f2faf3716131a0852e1207e94dda9e14785de58e536d313456cdac1c3aea5ff332ba97cf9b9c21fbf079afaecb2e3aa00e33c66ecce0c89fd2cdb76968ce07f42e60d54f8c0461f33a06fe9053733657b86cce1052b56f177e89a2839d532df91189859fc7ad1f50d9e5ca3f7656818f7c573a0c008e78b8ce688ea6c857a88b62e6c9554b43e8dc0daaa970f4ea2032e5cc5dab7648b86d2073ee1c0d02d20e6318b59883c566969aebe8eafbcc0993120a922074489ce9d99397ba8cad5c117f1564a9f9d359863659fedebfae8269687075fade2029b6cbd0af46c1f8e3ab6d5ca8c01a9c076d0fcc12e2d70a684432ea6014d8e71a29683302b6cf9d831e2e203f3396d381ecb6b8b4407fb4502c8bfc4e73dc2d2c852a0a1c1eca"}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r3 = fcntl$dupfd(r1, 0x406, r1) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000001480)={0x200, 0x1, 0xffffffffffffffe0, 0x20, 0x0}, &(0x7f00000014c0)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000001500)={0x100, 0x8, 0x9, 0x8, r4}, 0x10) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) clone(0x42000, &(0x7f0000001300)="605334174ab0f1d4d921d99a78fe4351978ca92e75e1ed93e16efec2df24c55a0289d5ef75f71b04d2291707df07dcb304551e65566438fa52aff44daf17c274777e234d23aa52d840436b", &(0x7f0000001380), &(0x7f00000013c0), &(0x7f0000001400)="2cb4a55fbdd8ecfd4fe3afe1cbca8626255daf2fc4326e3d83b78f223073bdaf60b52c9b230d0da21725a99b4c98869e110b14edffd9bc5ef9c5627f1958ec9cef885bef83e1be11b52c291b3cba17db9e79490f407c502047eea459a8") ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/kvm\x00', 0x800, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101001}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f0000000280)=0x4) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000001540)="b46ea67d98cb956c6fa4833811d8407ccb3a6d8082761fc4b318c834bd2cbd221355ef311d4ac177d6785025510edf061303298c4f028175858f553f1df61adb13bba648389a3285a7b3628da8e065bc694070863b674e99dad8db94752db867b60c91b1") getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r6, 0xae80, 0x0) [ 2061.690122][T10735] binder_alloc: binder_alloc_mmap_handler: 10730 20000000-20002000 already mapped failed -16 [ 2061.756682][T10731] binder: BINDER_SET_CONTEXT_MGR already set [ 2061.807596][T10731] binder: 10730:10731 ioctl 40046207 0 returned -16 [ 2061.808459][T10743] binder_alloc: 10730: binder_alloc_buf, no vma 14:41:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6500) 14:41:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x1200}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2062.009088][T10752] binder: 10748:10752 got transaction with invalid parent offset or type [ 2062.063908][T10754] binder_alloc: binder_alloc_mmap_handler: 10748 20000000-20002000 already mapped failed -16 [ 2062.091829][T10754] binder: BINDER_SET_CONTEXT_MGR already set [ 2062.119855][T10755] binder_alloc: 10748: binder_alloc_buf, no vma [ 2062.145761][T10754] binder: 10748:10754 ioctl 40046207 0 returned -16 14:41:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000100)=[@timestamp, @timestamp, @mss={0x2, 0x6}, @timestamp, @timestamp, @window={0x3, 0x0, 0x7f}], 0x6) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) ioctl$TIOCEXCL(r1, 0x540c) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) prlimit64(r2, 0x0, &(0x7f0000000000)={0x100000001, 0x20}, &(0x7f0000000040)) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f00000000c0)={0x7, &(0x7f0000000080)=[{0x2, 0xffffffffffffffff}, {0x7fff, 0x6}, {0x3, 0x2}, {0x3, 0x200}, {0x0, 0x70}, {0xfffffffffffffff7, 0x400}, {0x2, 0x6}]}) openat$md(0xffffffffffffff9c, &(0x7f0000000140)='/dev/md0\x00', 0x200000, 0x0) 14:41:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6400) 14:41:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6600) 14:41:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x4000, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x48e0, 0x0, 0x9, 0xbe, 0x7, 0xfffffffffffffffb, 0x5, 0xffffffff, 0x80000001, 0x1, 0x8}, 0xb) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x2000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2062.365855][T10764] binder: 10762:10764 got transaction with invalid parent offset or type 14:41:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000040)=[@in6={0xa, 0x4e21, 0x10001, @mcast2, 0x6}, @in={0x2, 0x4e23, @local}, @in6={0xa, 0x4e23, 0x2, @mcast1, 0x3}, @in6={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x1c}}, @in6={0xa, 0x4e22, 0x14e3, @mcast2, 0x6000000}, @in6={0xa, 0x4e20, 0x2, @rand_addr="ba26ea1e7c332ba4997301ec66e97388", 0x6}], 0x9c) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x102, 0x0) setsockopt$inet6_buf(r0, 0x29, 0xca, 0x0, 0xfffffffffffffc92) r4 = geteuid() getresuid(&(0x7f0000000200), &(0x7f0000000800)=0x0, &(0x7f0000000840)) r6 = getuid() syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x5, 0x6, &(0x7f0000000740)=[{&(0x7f00000001c0)="aba1d9f05dda174ed5a4c3b3b54c4f55720ade0b", 0x14, 0x9}, {&(0x7f00000002c0)="2e211f103893a9820aea9ca0a637d9bbe21240fee6f7ea5c8914eff9b5702e3ec3786f1ada3c84cac9cfdf849e03bec948e1b562411ef8466e9bdae06c4e37bed3eed614184935984c9ce27122c46b2e16247f8c3d282fce79efa240e34e2b41f30a6e09bb6734b53a98ed73bdbbedae6dad47b7f667ba0370b4ce8b98109397cbc0266ea19e42fd15481efc5284490425cd2d81fdfe41f5d6e505fd044f58abf2edfc7117bd8034052dd81d620af07a6f9480a891712d2bb1e1b665d3e2dcb7e852c81079f049a79b4f2aed42c4e0bc6d8b0413dbd0718e48a8a96037", 0xdd, 0x3ff}, {&(0x7f00000003c0)="8dc259570dee0db28afa09c7e02b811080198120f9fc8f2017332227a7a203f48c79e2e787b198c478288c4523ba6b3420167416a909566e7a4e94bce09bc9bc637dc945cc2a7c91a43559a57d17af860ab8de526e9eb4dcab9f6be6085489559b1abb78e3bffc64cc462b0b38c5f007c803fa6723a2ac17da5118b6ca1c3108f54487933f57057375c860c4ea0a7f0da9235efc25242fc8154c9eee9b225cec3e6bba", 0xa3, 0x3}, {&(0x7f0000000480)="215367228eba4fe5bcecbcbcc3ba9f79fba7f82d304547d30247040bfae12cdb1f68f45d53399cc804ea44be54d88971540000329cfd2b35a55da73cde36133d1c8ee829b2ee2dde4f1e23c5fc1db1c18253dabe3ac6efeec1744c42d43818a5f9b0524378de1d4f84d5e509d1f8c0eedc0eff9c6c198f54b4bb696e109319cbc2bfb16704f5a65342d741a21bed418a4c8bb68ce1e7575c7d", 0x99, 0x7}, {&(0x7f0000000540)="dd322b61fe86e4496d0d501322047a0603577e92c3505ffb16b86abd73599f5f55b7365ec69434a626c87f5671f841fb674a1b71599a89d2ee9608cada85d3bc6458b5b0141b647f58778df5c834b23941d0dfc54704d873f23e81c427ed915d2e5451dc405532ad0694d3851f80f62687f867806bc4539b819f5ddf812ee9b69d7a3436555f14c1c2a588e759252320e58d71b0c587eed760f25d027a4286f71e9bb7f69a56009bea73e93f4d72cedffe42fd8ac8f4eb42266d1b754a4621d78fb0d5d8bd7cbbc5", 0xc8, 0x4}, {&(0x7f0000000640)="0b93f6216901f913227d5df24713c1732f835db6910e994540366a213d51ed4a021d8ad02b584e9c42a36dc58367fcaaae15509e925c5275a004274498a7a47430917ef066048b483da17afc5dc5adff84cde483ffa24369e01c0fb5f9dd8b8cc287fd5a3953520e168dae79171aea20ce418b0587a579b0fee9979f5e3954d4677944f47f6c77992dc524a109866d6a0bdebee88e4b51bcb6c661dc35a0d38dfc4436a8db32db70ed25ea54d0eaecc62231c0be588733c84d03a54209f75c80016d6797653f4ba39c5402fc8e5bcfee84e5d098f1bd6faa4dd386168dca8f8e25e6babd", 0xe4, 0x2}], 0x4000, &(0x7f0000000880)={[{@space_cache_v2='space_cache=v2'}, {@compress='compress'}, {@nossd_spread='nossd_spread'}, {@inode_cache='inode_cache'}], [{@fowner_eq={'fowner', 0x3d, r4}}, {@subj_type={'subj_type', 0x3d, 'vboxnet0(&@\x00'}}, {@obj_type={'obj_type', 0x3d, 'vboxnet0+'}}, {@uid_lt={'uid<', r5}}, {@subj_type={'subj_type', 0x3d, ':trustedlosecurity'}}, {@uid_gt={'uid>', r6}}]}) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2062.427960][T10772] binder_alloc: binder_alloc_mmap_handler: 10762 20000000-20002000 already mapped failed -16 14:41:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x2000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6700) [ 2062.522802][T10772] binder_alloc: 10762: binder_alloc_buf, no vma [ 2062.557747][T10775] binder: BINDER_SET_CONTEXT_MGR already set 14:41:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c5813747c0000d5"], 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2062.590101][T10775] binder: 10762:10775 ioctl 40046207 0 returned -16 [ 2062.620716][T10781] binder: 10780:10781 got transaction with invalid parent offset or type 14:41:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x3000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x5, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6df53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r3 = dup(r0) setsockopt$inet_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f0000000000), 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000180)={0x1, 0x0, @pic={0x3, 0x1, 0xdcf, 0x7fffffff, 0x2, 0x3, 0x7, 0x3, 0xb4, 0x80000001, 0x3f, 0xb06, 0x1, 0x7ff, 0x8, 0x3}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x700) [ 2062.768357][T10791] binder: BINDER_SET_CONTEXT_MGR already set [ 2062.788855][T10791] binder: 10790:10791 ioctl 40046207 0 returned -16 14:41:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x7e0f) 14:41:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2062.845599][T10794] binder_alloc: binder_alloc_mmap_handler: 10790 20000000-20002000 already mapped failed -16 [ 2062.939736][T10794] binder_alloc: 10790: binder_alloc_buf, no vma 14:41:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x240000, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 14:41:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x8004) 14:41:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x3f00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2063.235529][T10811] binder: 10809:10811 got transaction with invalid parent offset or type [ 2063.273606][T10813] binder_alloc: binder_alloc_mmap_handler: 10809 20000000-20002000 already mapped failed -16 14:41:09 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) getsockopt(r0, 0x3, 0x7, &(0x7f0000000040)=""/247, &(0x7f0000000140)=0xf7) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x2100c2, 0x0) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x10000, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x1000) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x10001, 0x400000000003, 0x3000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xfffffffffffff800, 0x38980) r4 = syz_open_dev$amidi(&(0x7f0000000200)='/dev/amidi#\x00', 0x5, 0x80000) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, 0x0, &(0x7f00000001c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2063.314415][T10811] binder: BINDER_SET_CONTEXT_MGR already set [ 2063.356442][T10811] binder: 10809:10811 ioctl 40046207 0 returned -16 14:41:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe0fe) 14:41:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x240000, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 2063.412143][T10813] binder_alloc: 10809: binder_alloc_buf, no vma 14:41:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x4800}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000180), &(0x7f00000001c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000200)={'team0\x00', 0x5}) [ 2063.573917][T10833] binder: BINDER_SET_CONTEXT_MGR already set [ 2063.610930][T10833] binder: 10832:10833 ioctl 40046207 0 returned -16 14:41:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe803) 14:41:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x4c00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x240000, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 2063.913565][T10851] binder: BINDER_SET_CONTEXT_MGR already set [ 2063.938701][T10851] binder: 10849:10851 ioctl 40046207 0 returned -16 14:41:09 executing program 4: r0 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000040)={{0x3, @default}, [@null, @remote, @null, @bcast, @bcast, @null, @null, @rose]}, &(0x7f00000000c0)=0x48, 0x80800) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000240), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1) fcntl$setstatus(r1, 0x4, 0x2000) ioctl$sock_inet_SIOCSIFNETMASK(r2, 0x891c, &(0x7f0000000000)={'gre0\x00', {0x2, 0x4e20, @broadcast}}) 14:41:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x40000) 14:41:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:09 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000180), &(0x7f00000001c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000200)={'team0\x00', 0x5}) 14:41:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x240000, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r4, 0xae9a) [ 2064.141118][T10861] binder_transaction: 16 callbacks suppressed [ 2064.141135][T10861] binder: 10857:10861 transaction failed 29201/-22, size 40-8 line 3317 14:41:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xc0000) [ 2064.251125][T10861] binder: BINDER_SET_CONTEXT_MGR already set [ 2064.272589][T10872] binder: 10857:10872 transaction failed 29189/-3, size 40-8 line 3147 [ 2064.328876][T10861] binder: 10857:10861 ioctl 40046207 0 returned -16 14:41:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r5, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x240000, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) 14:41:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6800}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2064.496572][T10885] binder_transaction: 3 callbacks suppressed [ 2064.496582][T10885] binder: 10884:10885 got transaction with invalid parent offset or type [ 2064.512069][T10885] binder: 10884:10885 transaction failed 29201/-22, size 40-8 line 3317 14:41:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000180), &(0x7f00000001c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000200)={'team0\x00', 0x5}) [ 2064.562168][T10886] binder_alloc_mmap_handler: 3 callbacks suppressed [ 2064.562183][T10886] binder_alloc: binder_alloc_mmap_handler: 10884 20000000-20002000 already mapped failed -16 [ 2064.586596][T10885] binder: BINDER_SET_CONTEXT_MGR already set [ 2064.605890][T10885] binder: 10884:10885 ioctl 40046207 0 returned -16 [ 2064.637831][T13966] binder_release_work: 17 callbacks suppressed [ 2064.637840][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2064.645244][T10886] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2064.645252][T10886] binder_alloc: 10884: binder_alloc_buf, no vma [ 2064.706467][T10886] binder: 10884:10886 transaction failed 29189/-3, size 40-8 line 3147 [ 2064.752350][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:10 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@dev, @in6=@remote}}, {{@in6=@mcast1}, 0x0, @in6=@mcast1}}, &(0x7f0000000140)=0xe8) r3 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() io_setup(0x0, &(0x7f0000000180)=0x0) io_submit(r5, 0x9, &(0x7f0000001900)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0x5, r1, &(0x7f00000002c0)="fe6a1586c850628863b36ec592e89ae6cf5098b25c488cc2ac0d19a05d97b3be346433c6126395bf2b9155e0ed91e53819fc9274220a6ac59689a6955263e77a2aaa8fd5b95d871df471424429a98d907c7705c8535a7c3b7d08c1f04cddd8c9cc55141115fe87a0fc46b5cbdd63014dc3625844592b05cd988fcab51e38495e8f895d73ce88bec3ceb2d7f974d95264bcaccb3c49beb3", 0x97, 0x3, 0x0, 0x0, r3}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x3, 0x0, r3, &(0x7f0000000380)="72fd720d854251e75cf2ee488b69e2242afcdc1b02badf0eb4e8c27d7d0f452fbd5bb0eaf928b973d4d791a30fef4d846aa971643292294ea185231bd19121b5eb7e322c1ae6ed3d53e031b24ba9fe698aeb11085932f32212c9d9da03abb3a43372507991f652a7f36e0318e5b6028a96ba088d1a0dc52e19fd7f08cf1a1460231bfb7fdac5bd29d7f588a6df48a920f88f2617cb7b0c21fc5d036c4a64bca2ba94937c3277900e19d59352adf737845b6b67c8dd6fd4bbdde7d1a4d21fedd0f3d3bb4eb93f66b776f0602471511b474ced35c291e5a2c89cecc9584811ac2fbe3733de3e8a7b8dd47e42d9b89e0ff275f1d24edd0d7aced0e3bf7b1bb22abf40b479f3a43d92f3f450cc591ca1e90606c9830de9170fd2d77525866628ef60eab7f3336984f3446de3e268ce6bde97c4c2b72457531fd15a42d466d2f1395f892cd68e17cd37cf41a7d6e4220da6597afa80a79a7d433ee8328b7d85bbd91db9192c44eb0dac889182305b72b950f46bfc9e37a8fe4383bee57f09cecac172a6258521727530deda9aa14b05e3fc0c25e62903af2f895209cc8a6b436b9cf35e73eb14d444b3a31f667289359ac644066d03590f1a1276de6a6d46aef683fa3168840725742292ef421a97b636b4adfc85299b3b4b259ed17382d5467bbce0ded593cb15f5cd1cf3467c9e11a599c9242f797807e7180b0a4c840a2c121a4b6f7eb3c29abbe5439a26f7d1901939cbbc866a44d1083fdfb657a911b247a7b79e9693392c22606d6161d29855efe7b22f9d8eeda843d6580019af1eb18d1f2f505573c2ae164baa459426714028181b193263333c48584279bff66547a5461956ec0705e9eb659f31d67a17e668e0041a96342efeca1b617054ffae6ab7e90e501ce6985f6272175a50898ff81c4e2c1c188ab7b49bc4d263fdb673dc2699e88b581343e99c6cdc333a7fd61442d427df6f7b4446c767c56df8417635e83ffab756e7944f62c106e4e18253fcb18019b43af69f14eba33b906f4beab2cb96d8c8f7050361f975fc935919621def9cb47005ed5f462116c979f7b2c702ce48535db7acabf097f631e19d9e3202649776b6d64690316e77c32b6ccac9f07de92d9e78d4248437c0b5cf167b1a62ce8ef3a4d459251ecfebfc5a2ab91aa9011fa5e9637bcc7723d0abd642f267bcc17f942122a351d029e41c8d050f41246ae859d092260870ce3c4d924618120630ac4de2dafaf11df8be3c14565de040d6c9cabb0ec99eb3f10e884452bdce1a484faed108413eeb7f33cc592fb75b81317cd759f2a6a285eb6a05793ae2d981837f13e20bffadc12dda540ebeb80591ee608e400bb36751f34ff9479e54b33086ddabf6558d8f9392e580ec64ea511dbe23273f395c691444c97dd632bb50cdafd8bcbff2fab532ea4c7ec91ec55dcdb9e3fa275b19c1a3f9c53530ec80e762c9124fc06110bcc5030ed49b4ee44d28855ec8df3bde6c055401660545048100a52be6b3c7140f6fa9d6912851ebc2961eaf6dc9389f6e1aecebde42d6c9cbc042ca43d562dc82b48f2fdaf75b4d1f79d70cee12d4e43e0cb66c7f4284d6a05b5e36a4df3ad7f810afadf2a53c57ca59ade74be3761327137d651f9de7eeb3cf2788f96749fb71e189490fa2f4716f5b39789f0344cbef543629796180a0f8839a4d950abc25e2ebdd2de4c4709f297ec89cd500ea11e89926cd0c2b89d69f6d71f27b25753ab1316d55c04d474dbe6b19942dc7ddedecf105aa40d175f3e36d6cea403fcaf11004d9162c7b8ca5977666986315d236e4519ec77fb948f4d9a0a2e0c369a3a060890bbf332e7263b6cfa1c4c9a5a7f5601e8709f2b51ea1e1fea89e1202d5dbf257a89091d6512fb64d967ef4ddb9cb7509e4a569eb42b309b232d21f72b797e69030b665d5f59dcc99099528fb820dcd1aabc11078958d4f83104ec3c5596516ad837997ec0d4ec71d458bd41cb35f5b2fd0657d092056ba99e8a18c1f3d9b32f6ff7abf4a570297b4efcc715de2167295b2352052955b2e30dace9ac1a7959c193953b67e71c2c4626bf31e2731c496b1272bc02add82a65a2a157faffadc2fe15763e262896a1675373cad89ee13eda340f69a120a156707bac86536081bd86c25d2046f88d07415e9444332e56c76fc6fdf90665d65271bf57a7a6f1480f7112cf3d63e724d86c8013121ce1d0af254d90407d18225933cad4dba1e333788f30408f556a06fbfa022d0dd4c5e3fef37202666c491a1fd6625533ee6d86efd6055636e87b0a081c2962cfa7b8c783adf5566e65256dcff95ac5856890b3ed3d0287f5c5e5de3b5d5e2d92dfea3c56a6aaeea7fddf08e4e6d492b3f9c30c3ce0405618ecef5e3ecd948556bc4bfabb61ee2ddbd961323c3da7e32a1d43965cb01c48c2c7ba0b5d5063cc9e16fa5e5a25285b9953b55111d239910d259ff29d4455e1ad0fc82a8dc544175f9f6c321efad477601c9503c393efe31a3f78460f476ed50988e847971a18059cba902f8700f959e34841080540e637f4e0058c857542954a4000687e4efb7cb7a6581fd191edf381e601411bbf8ba7c569708cf3c60a999524e1e4191add1db14980c20288e9d45da6b4984dd2b8a6210a73d6f44c94e4ca1f36a291863fe8968101dbcc09c27d51db67c8a4024a359969d1cec02469f899458b60daca15975fefe7f6c5d5bda1b347b003ee15e73f4db03d9961c12fb40c0d00da7dbe5eb3d09f867a6ccb3aa6f4dd082fe951fac68c7225ba53ce6d447b3b333dfbdcc70a72d23e2068076c2d505c209f039e554ff8f3ad4bc9225cb1da5a2891c2f63af6d2d86b85a59a5abdb23f1533c41c4f5cd953691f518ef2707c158cce7f0290a6f8e860df6f5a7ac0da22eeab3aa4c6f1b1b733f9e11aa624c1ca546d5e3c00181a77fc5ee797f7fea7e8183ace10e05377b7441b0df7081c19aa8ca2b87f334680545aaf5727c5643ac5c6486494c7536111db3e48c4d60a1b4623cbe99c76fce95f514b36bb3a8dfb3ff5991440ede79f97c9014ceed8ffe148f0402524155c527b4a80e41db4aa65a177e494a59ee14943135085f6164d071d5ebbfdf042f51403a42c9ce3c39620452720a0e01382924e1676506221718f7fd7104c12c4ba6e3539b9685924dbb9a0a8f32756925c6303962b6d7a9f61f3362a5bfc51bbf82fe33ff3e27410f4bfb9631d889788eee095e49875f5f0739aa18d44016891a619254e24713facce59dd47b8fc26f5bac44c7ecd9f7ba33d88942e3bfb9e616508ac159e1f09763f78771b764f87cd1d4dba6a99a34d89950e601295f002383fe2d3e96315d26e7838bebe404698524d85f89a59f6c60ccefd130d6d627caa641e0131524f421ec9425c5e290ccfd46bdceedbe6c0795074ce0b9873d81fcda58df7a7aa933ad25ae5e29a0c0fb0dbdab5c3083e46eea749cf5795810f71b3503aca1515e96fca63e3bbb59c8ea69663ff97eaa86931d89da566e7b8a6e0c8aa03a419d27012ef834cf7487b1286585e244ff409ddc241be21350173cd4cfdf23c5b0a5bf12b2c42b9a34a1871d380f9a85d8ca1b512282d01c083e0cbd75b697e77104163b09ce540a2d176a5fc2f1e283edf91e2ee8428098d0b4385c321689cf27ce6d4fba8f399b92331ca50ee6a68a5e7dec07bcb5099a118ee6c7a7eafe5a9300023fdfb3bd41393e6a24f6f11934bf34ae20852da8db57d2d52d74f5b25f6d7f9b46186d6f1dbbe3812296e5c1b520b227cf576e083a6c9ac651ce7eed3d94dc37eb877f86cd6365684c863455cc202b591ab56ec056285427b32f75c3f00726f660c52e20f95a00a25c6d5146206086deabf79d5ba1777af3905938fb350d32153a3bfc3cdaaf00c0994c86831dcb566c14912c0cc3d477daf37e2aad96ec0e827826cb76f9929a6196c2e47455fab804207683360085f3808b4d8a50d5c8a299588a8486228e134c0df69fda784ed60a395222c6517b31d896ab68d5361e837fb07ca3dc8b28032aa282f947c231dda61646d9c39c4151f8386490e5d98a9ca42d1708b09fcbea185f5696f35da31b606146195ed5157a54f33f57836d160648a8ed6bca7d57e795448820397a4c4677567af1f6b2017b9d6839e76f820f02a2be334ff57af1d1934222a25a94e72e110f85d76688f7c3668ccf8462946352897f0138faab3b2cbeadd708d44c96a692562db40051d030276c03af325a35857a00978cc320840846f0d71707e9f37939ab4287ddf561ed82bd73a465fe977489193a408b35649472e7b12a87dd1ad07d6cedc3c1f052a3927dcbc59115a6584f00c7b5bff25a4edeeaf28c83cf7f4f35b6e165daf59e1982599896d91b1676d8383186f23ad92d5a3d1b8dacd576bc5fa4cb5eb72da365d7fa81a5bef767f0f059db7174f73ec86f3148ff15bda4a6edc7afe824b9ded8a78d16ed7e6561ba566a309a238bed7fd916e521db7167353530ea6e039b319044c75b12f06149b99631e6b38c88e51e20ab4edf72cd00fb095f733ce90709d8983b2c21fded94e96df1c342189fc661e85d7ee8b921c911730eada914517e105a32a28a6742cc32edabc49dd2bc355153be51c464520d5c54d16ea0c630bb4a59156fc5559bc52b65c12ac955405bca3908f1c871862af18f3e88fb97b4898c47a15c741b8e031131429b0ebc1bf0f40000cf12e5f29b8504469e2356376c4ddf3723edc19001958970b31d3f8af65eb2cedf1bb4a471828b69653d4ac6b2b320d868c92498e3f834866f42584ac805fb9adef5fab9b06c1167dc1171faebbf54bcbb98d4dd5f3dfe784c360ab2cc2ae69e2cf066cc3b6cf3a98cf7ec9fbdc516847fba57f9f4e6e5b1d3c7f92c9e5c32c6c0a3d4213eefd0dc0aa950cddadd56853b34b9fd6aa529216724dcb5f12138efd1207ea109f54bb40a21182e191b5527b50256d02811ba607977266b391354e352dc04b3884388679cba50d337d3b98da6c0477354b01b8720641bb8014f8d7cb8c9593cc9d73aea9990514c03c257098d535dd4d8b371907782a6d2e148391faa31c0b13596685ff69b608c4c176003af016d1b7715859cd36244da3fb23db64f2ad7b50a3b40ccf89013a177781c2573451a4c19fb9cc5aaf173ae5a249bd102efa73e69606522493032aaed5b82c7606f0ba111ff6cd91c9b03cb48c9a946483e67532c94f4e0dd272ca9cc4f837e34060c7d4313a5252f7e32c5cc170232122b90ceb6548ab10f8af59d917656b46b7f9b3c122f48ac4d7fa18e96490e9e8451f25da3586cd9098bddba8d99af4edc4f85df5b5f5f7c4f2ead05aef3323b489073bd055d41a5cf7d1258fc7ddbb0f5423d4d6d1f746e1b284335f1587e076c188e476f5e0f8fc40a6b24919a8aba9db5b7ee2637c8fe2db23018aeec1fd5f2467426e64bc21e398bd425e23b7adba911738ce322412cfcc95795dda0d6b2c814547a78cce7f43d9a92ff2599c8ac7ba4c59ce06ffc6b954dd16f6bb0800deee5cb443da83924c041a5fc3ba2c6f8451d7dab4f9aa30130054c229fed5b51d94661a62616460bfc73d370192801cc340acf69e8b605a8fe1db122087e1d639ae8ab7d00ce7d0a637a45e479edef6afb37c473c7eadafaf367d4bda28c1035aa66384ba8249625bdbf798d4dea05c936582f519ba2d0b810143eaae47337dc3e431cc14c4f08ec733bce6bcbc478b1f6a08a67a4eb0f146cc9a9b1b42e449b53c9647c3d3efb7f186bf61d1347ddba3c2615f8", 0x1000, 0x4, 0x0, 0x3, 0xffffffffffffff9c}, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x3, 0xfce7, r2, &(0x7f0000001380)="9c37a0ac3c9660f60d39361ecdb8aec5fcd06c8adde74c", 0x17, 0xff, 0x0, 0x1, r1}, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x5, 0x9, r3, &(0x7f0000001400)="9ad532c2b90e614cb9a4f7af38b0a76713874574c1702906ceb341b7f99a9c9092993a00f00a524761d9bcacb2196d404d122257de50f70bc0d9a42982fd3912be299b24a391a8b434c4789c9327fcd6299f0814bff15aa3752dd42d0d232b2612c219245471a4b5084a4b15fdb2c1c18bc257f7314e089eac5ce68f83aee03cbd0af968f26be24bc15fd5f174386aa5019b82cdf78bdd866e40bc2f9d1e9f62663b280be2b01bef0577ab86ea49ffbafa8c6721e5620c2e83b95059728903915b4cf5f51866ab61fbb22042ed3b02cd4c8f3e663f5c654b061cfa78457bb9a9b8f28a14e714", 0xe6, 0x120, 0x0, 0x0, r3}, &(0x7f0000001580)={0x0, 0x0, 0x0, 0x7, 0x7ff, r0, &(0x7f0000001540)="88472cff49c15298ab55d6729ff0b9ce723c7b8cf5c3c0506b", 0x19, 0x5, 0x0, 0x2, r3}, &(0x7f0000001680)={0x0, 0x0, 0x0, 0x7, 0x7dc2, r2, &(0x7f00000015c0)="49a194184b0a8129d91c32927674f8726db2c15468a1d36442cf0c050fd74ec5c7772e3d297748b1af74762eb7065b2f609120f9259432a4ea58c46559d7089512ec3881cc915fc68917cb8c548dc8c12e52fbd8b3b0897b887238f3c2a1f9362b96299086742008c738408c16533aae9b41aca808784847766ceb1cbb3b801f5c2112829d423c3fc02dd257aac7224701282f6177d0381754b61735fcf0b3aa", 0xa0, 0x0, 0x0, 0x1, r3}, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x1, 0x10001, r1, &(0x7f00000016c0)="b8d120c3adb83448cf8ceda679b31039ce2877334dd42770f46c73aa3f9df564d23389c62ce28d0819479a631f6061cb4300838f05668d25c8a74fed6ef9abf94806948f26c26b7a2ed64c1cbba33690fee6e0b3ec932a93de3018ef21a66368bb7c2918d9033f360bde8b907dc111cbcebb1083b1a07ec97519e017db13aa8e3a73a754fbc8a9bb7019b0acbe95e971948abbfaea2da874408952415ec27af7aedc50928f4764929637cece6338ba54b79936392d1caae5421e9d85c399f46d6a933a9f3ea7bbf4bb689766aedfcff2bf5b4c36a8b2", 0xd6, 0x6, 0x0, 0x12c27f769a8c5602, r1}, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x3, 0x4, r3, &(0x7f0000001800)="7fcb29e3", 0x4, 0x1000, 0x0, 0x2, r1}, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, 0x100000000, r2, &(0x7f0000001880)="071ab8b5998d318dbcfa896d238519af0e8b", 0x12, 0x10000, 0x0, 0x2, r2}]) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x1) 14:41:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x100000) 14:41:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6c00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x240000, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r5, 0x6, 0x23, 0x0, &(0x7f00000000c0)) 14:41:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 14:41:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000180), &(0x7f00000001c0)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2065.076394][T10898] binder: 10897:10898 got transaction with invalid parent offset or type [ 2065.085782][T10898] binder: 10897:10898 transaction failed 29201/-22, size 40-8 line 3317 14:41:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 14:41:10 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000000)={0x800100f, 0x1f, 0x1}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r1, 0x4, 0x2000) 14:41:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x240000, 0x0) [ 2065.194563][T10914] binder_alloc: binder_alloc_mmap_handler: 10897 20000000-20002000 already mapped failed -16 [ 2065.242537][T10898] binder: BINDER_SET_CONTEXT_MGR already set [ 2065.296583][T10898] binder: 10897:10898 ioctl 40046207 0 returned -16 [ 2065.296649][T10919] binder_alloc: 10897: binder_alloc_buf, no vma [ 2065.331797][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2065.339079][T10919] binder: 10897:10919 transaction failed 29189/-3, size 40-8 line 3147 [ 2065.348072][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) pipe(&(0x7f0000000040)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 14:41:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x7400}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080045117f9"], 0x0) 14:41:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x23185e) [ 2065.529204][T10930] binder: 10929:10930 got transaction with invalid parent offset or type 14:41:11 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 2065.590627][T10930] binder: 10929:10930 transaction failed 29201/-22, size 40-8 line 3317 [ 2065.623781][T10934] binder_alloc: binder_alloc_mmap_handler: 10929 20000000-20002000 already mapped failed -16 [ 2065.680879][T10930] binder: BINDER_SET_CONTEXT_MGR already set 14:41:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) [ 2065.722396][T10930] binder: 10929:10930 ioctl 40046207 0 returned -16 [ 2065.723444][T10937] binder_alloc: 10929: binder_alloc_buf, no vma 14:41:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2065.770382][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:41:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x80ffff) [ 2065.820720][T10937] binder: 10929:10937 transaction failed 29189/-3, size 40-8 line 3147 [ 2065.839157][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:11 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(r0, 0xae80, 0x0) 14:41:14 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x4000000fd, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x7a00}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 14:41:14 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(r0, 0xae80, 0x0) 14:41:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x940004) 14:41:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2068.244330][T10962] binder: 10960:10962 got transaction with invalid parent offset or type [ 2068.296827][T10962] binder: 10960:10962 transaction failed 29201/-22, size 40-8 line 3317 14:41:14 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 2068.338238][T10969] binder_alloc: binder_alloc_mmap_handler: 10960 20000000-20002000 already mapped failed -16 14:41:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r4, 0x0, 0x43, &(0x7f0000000280)={'ah\x00'}, &(0x7f0000000300)=0x1e) 14:41:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xa54ff0) [ 2068.383063][T10962] binder: BINDER_SET_CONTEXT_MGR already set [ 2068.417419][T10962] binder: 10960:10962 ioctl 40046207 0 returned -16 14:41:14 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 2068.458069][T10974] binder_alloc: 10960: binder_alloc_buf, no vma [ 2068.495482][T10974] binder: 10960:10974 transaction failed 29189/-3, size 40-8 line 3147 14:41:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2068.559734][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2068.576244][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x1000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2068.700071][T10985] binder: 10984:10985 got transaction with invalid parent offset or type [ 2068.743512][T10986] binder_alloc: binder_alloc_mmap_handler: 10984 20000000-20002000 already mapped failed -16 [ 2068.765554][T10985] binder: BINDER_SET_CONTEXT_MGR already set [ 2068.780152][T10985] binder: 10984:10985 ioctl 40046207 0 returned -16 [ 2068.795905][T10986] binder_alloc: 10984: binder_alloc_buf, no vma [ 2068.811131][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2068.820614][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:14 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x384) dup2(r0, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = socket(0x19, 0x3, 0x1) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) fchdir(r2) tkill(r1, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x2, 0x0) 14:41:14 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) 14:41:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1000000) 14:41:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x2000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2069.147642][T10999] binder: 10991:10999 got transaction with invalid parent offset or type [ 2069.184237][T10999] binder_transaction: 2 callbacks suppressed 14:41:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2069.184256][T10999] binder: 10991:10999 transaction failed 29201/-22, size 40-8 line 3317 14:41:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r3, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 14:41:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2000000) [ 2069.306402][T11012] binder_alloc: binder_alloc_mmap_handler: 10991 20000000-20002000 already mapped failed -16 14:41:15 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x1, @remote, 'bridge0\x00'}}) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ioctl$IMDELTIMER(r1, 0x80044941, &(0x7f0000000000)=0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x40000) 14:41:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2069.350928][T10999] binder: BINDER_SET_CONTEXT_MGR already set [ 2069.386721][T10999] binder: 10991:10999 ioctl 40046207 0 returned -16 14:41:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2069.466842][T11025] binder_alloc: 10991: binder_alloc_buf, no vma 14:41:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) setxattr$security_ima(&(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='security.ima\x00', &(0x7f0000001040)=@v2={0x3, 0x1, 0x14, 0x7f, 0x1000, "9a443bd15113031a30d44a4e174e1b0409b8142ba60e38a9826fe5b05964f52bef047372fc0df1f45d238d6779332c3b7a3dd4ee7ac1d87a553e37012dc9454b17d31b07a6da08618425affa6507ac853129e46ca0258f54532be479b910ccfb5ec73f8c5f89f4cc5ce3f8c6a5ea310e07d5094e061508c191e1a313020167fa0d01c889385e5a7b713ceadc515c26e081ddd9bc4c1be66271884f74204ef31c4f42d4c8916ff25d3ab778276805ff697b8a6729d4e8cc53286af21783d6b1d2331190f4ecb6d9502234252083d67e9540c1e0e56bea589f09f2b3672e3ffad6b2eec9adc5c0d3a0ae0939a82f81626378b0f094781304ad9f79a2a389fafd71f342419ffcb575d78d49793b7ffb86659d10115d1a4f61e9638b1e7a3d77bd3ac6a900605b15661a69faa15f3435f193f5945fcc14f39084663d24b140c69065f9e35e14c4390ced72a81c6b88227a2079e607845860dfdfa82740690417cf502ff36b162dfc52d6b58a42b7e56c25232b9c43ffb3e568225ca8089674bc4e186c8e80eb6e0d15a67e088a8c9576fc81f9dc1897c1ead87cac669d5ca89bf0d0aba00e638f01b233e27d1e293239223a3ce0479f7011f6b684a8018412027e627b7284bee7b8e7166ddd1e5d19b44ae9bfdecac1514302ce70115051b9e921c21223c80ef0a5d9667b6706c9a40596fa24c05ac8d48d9ce446315f23801e1382f4859176a310ff6f776fe874fb7731539cd07e3d959c0c476c4dd8b79ecb770c62ade7ac28781525a34903bf6f4873a8dadaa506aa6c82ee446e0c28bdb3bd66d637795d22053ce3c1e3b846cd71b1225507d6fac517a79138a8da10350bca1564b4b858975c7b0fb4f37658b7201cd909431e112566a5d5459b3b9c1cdb9715279e0e3f0da5d9c646e91082c9a0f8c856417dfbac46876be5b609b855dac1135515e3bf72c94b5da15c600363552122fa900cae881f56055ec7f7d73afe3480017b6da72864dd529a7d6ea76f4310853784c08ad3f07978f710f0215f80ae57ea87680220acbe740b5aeea1aedfc9a3a0ebdf142ad7074aeecbdb26189721e53cf889eb38c7ebd79cbf58c7287f888f0c5baf665f706328da69866c4aac4a64652cc46af36eec2f7c916d5b8e1c61b7ce4393529680181e1757b031fe691e2597a4876ac67d0d30f87d163baa20163617c6cbf27127b2db5c64864140cbe2a46596a6d3af3aee34dab1e45a0bbb7067267512d2a7f946de9ad26db3cf745be28209a479278b810fd0e7fa6fd10d6f8da9876b23339d2a40036a9b51495905f1acb4564135b834f913022192dad0fa3bfa5c993c2051a9f484e2c5651a33a5501665a63aaadbf50b8fa17edd4460225f1d457b218c91863afba313e263bd5c7d14b7702e97e896f881829c85975b01a733031f29ecf8286bdaa9b7973d9eb07544ae4f6f16dc0aeac80cf50e5f3ad25dc68498f9fd2e7e6f7f9d446bc9a7e20301901a961e4786d006f8c69f2094960a432fee16adf63d5d41cce32645afdf73db965183f870e694861e205436956443e6f26c5cf86362536157a0975abea20abca93d6f0271962a4a45d881b9711f7e74e3d33b6fbc825a81b369822683c8d2150e223a4bbc1ee9289e92dcfc421d36bc28104fe6a97ac57ddc10b8228f7445c423e48e296f81ec23bcb169c2fa7c5af883ae1b59dc4a6ca2ee12579ea4e55fefb2b530989b605ee7fb3a7c86360caf943477cca050b03ba7cb3d9ab8db754afe2c8588c66658cd230b26dc835b86b2be91b31c751e547bae8b3af160596f57bc17c292f33855cac83bac1bec5ec1aa05515dd78e6ce168b1bfe4300d94bbd3d9332cc15ddb8118edee44b3aeda2d1988c21bed8698c07ee0f61a261fceec8092ab320ec26c6a49b72f6e91060e527f5fbaab7b5affbbd560624539ec587aa13c6fdea524e33aff12ba1fc917e24dae666b0f9de065997193d1b1232e03d684aa384ec7aa5cebfeecef0ff79e873b9616a861b9bb63db3640d8cf91461b68b5da4492d7cdf3d973429418bad838c58b0c901556b5db4bde50a9fdf234a49ee2f19f565e554810251d86481e130e0c0cd501855c29de7afb3154ae09f1e1198fb938ae9e5821608023a13a0fa827691fd16a50b826f0a65c38bf5c6f36894c336614d3e8d5aa17677dd01e14c15b9469b35654e3e39d2cdaac8da0c74e92afd70fac8b07b283777109309c28902ff4d9195455b953e4157cbc00d0a7710b5842d1f8f1b2d61d9041007d7cb18121762083b2d41e06ead845f26fc6ab30b783962eae29c15865e983e25570a574beb64126d468dcd3a253b99d5725e871f9e64f3f80022ee467359f695a70d1b8c40e19b4984efcbde7b92dcbcf1654a67dfb162d672c5929a2f86254612d0626ab5e4ea847a08b3a2f463bcae32b73787a4382344aff17c74c059624292bb664542313c5c5dac61ad7a392d886086ea1dce1211af73bd01948c7a299c331aa4c0f17d5b7c9879448d3e7dd5d335a5d9e1d6d2d42b6f87927a8dcc918ea281f6ab3e445b6152f2cc41f16ba569028bcb9a7ba831c6886ec7f44fb14d5e60a26fe5b41430c87782c5863bf1f3c47cb55040679f2069edd1b1fabb23988e2dd5303f7be16d3841467d12a993fcd3b6fdc0bf07833384644c7575cb4a0809f8ab30af26188e78b86b72d3acd9b43c7857d3930928f755296c6b755bb40a7e10ad4c39e126e125a6e89c7a4e51696848090a0a445a0c4e6a710682831715c39611c63f9fd5ad0d9e38758e57758c4999a1a5ea14c9abe86ecc56e742f59f5eaac4255c629a9ed44e7e07d60bd9967d54c5aba3bd8ce4b138c852306d68f81e87ea7f5dc73f7c97bb0f634f57e087b695578c5b4c4f11a49a0548822462a7175ee329664a979bd580cae5573862d7315dd5dc40995d5e40d738574d44434409eae3bcbc5b39085a1c5b0cbf9402c6984effb0717eafa7cbb25d14eb9e3e2c17756747c6d254b5d5656030cc507eaf9e45214dc502b252ba76de911e992160fec4f31379f5a2c898c2a27658336602e2066d845b9c971357393383ba5abd7cbe0f016ad2e09ace4ca0ce9aacdd2784078897be01be0e367030d44a657e6e693123602b217c4c8529904adfb416e23e023e592d4e6902b09fa9a3bec42685aad343f0ed814e3726f2762c068c12eccb01bd21e3b3c15692aef73cc47b20027f4d8a7051fc8558d679a0f4a6ddd33a15f973d2424f0f3a05ff5d4da992c58d369a86f7c2324036c38bad4da84cf5d110d9de866addae6dec4bd70d3fb5b09aa579fcc41b1e71c5b9abfd38e5d17671dbb480d4f18ade6ce87c172dff9929bdaf09a2f3b0b1eeda1c4044f6da5359640161bd5f491e99a680156d07eace98f1fd42104bcc7c195e13a5ad3310928a3e8a638a908d8f22376951078a96c60970c473847643487fdd5f8ad9fec9bfac4e81e9735f41c2720104ac1e62b945c075a5a1dcc8d739e32b4687c6bde6f3f97b32102ef41f22b4afc0f96615b0ab0e2efc36ad6ef84356f78b790b1c876b9ddac2133b2793f6ba458c506ed1a152301d6aebbef96bc4dab27c498793b702dc997ab756947a9646819730eab78739e4e90dac1b4a01e224bc479427d2dbf10841c6d03c2cd1e70bfc2f32580434fb42853fbbadf3e2dd784d323ab9ded34b8f57080a4f9877d8ab6676f2744f79433a7e80639ef032c8ba4b04938b8a6d5779a16434513f5f0cf1007eb6459d88feb5f08b6044d6b583b6358c00e0525f132170335b17ec8c55d967aeeaee048064d5ce387557374ce8c83a8185bc143a2ac8c019137344f7b1e827a901e7feda57fdd8660750bb26241727e66a1c5f3f19c47003fac32a9dd9ec35d5bd5667cc70256a7a0713427e04d58d48939bec6df4011101029431ca94ea6a4eb4ac8ec6e2191a98d11495fa749188823d1ef98e8e79c424e3837cfb29c31122bd1dd1f9356145ca9e1771b5e6e2dbbb378bca6bae2c22fb3c0538887af4e55be147e696f286a3151ac129be201e32fe955e5e8047d80d96fced81a7a4240aec39677e5a034e0e94927a9184fd2171d027f72b2d4c8d50680435e14f3202c04a61e1251d22d4b04bfb2c13719f33c49c2c03fdda7edfd6da59e6bfb453f19271531e10080fadd6ea202f32fb0e1b8313ac23c3e5f6d6b172b94a58c21b45b0a698b3abad63e867c9cc0733f6d69c0467ee08c24233bc0f3a1356a9d9cfda974d4362071dc81bb1c224369f96a7280feb82e076fa56aebfddf497a0c1a04c3ede401e32b26774d5849578e78a3a7249f528b3664e7330ab040c2066586c859624a0afd84f5f042f6601bc5ab6ee4519a8e96af4d5f2a0a365f99226a47a96b3c5214d4c6569cd1859a8ab0d8bef72705e56fddf4234cd48c6503255207865aa835d670fa0c06542f945e659568266a04473cd2e8136acb8b5eb26f537db8ec8a2badf7e6502358b0c735e47c373fe4a646234bd2615749b8088180dfa7d9b52f6e42038e91d041f92784dd98d2c9133cd3b21f15b8756b5e129c8970ba664927597fb9d171065671501b98d117c664a443213110327155cac2afb5630f7e70acabd8b91c10824476f8efa1c3d8ff556a82d95c11a4f484f1cea00b2e5700ed6eac98760dbd014d725253bd48999dacdc48a64585d8b378de8f7ea60a962522b5bed179dbe4c5b96a254c7469a7f946c0040ffdee203cf081a392c4a2493141ac70f4137750b5d1aaa793c103b79f7df47610dbb30767ade1afdea65a26659c134fae5c4b16b4f5619eae62cc9b1f0f7e7a246f59e2a848a267cc2e17329a3895d6255c653e27c7756dd5cdcdc1aa739f02e754b1c812520b701bbd6c2b8595a2bac58cbafacc899a641a1d62e18b089f85532a080c12a9b0c8009f58db1278d7d34a98bf4a985fb485bcb4d942d1834ba6cb318d99460dd7b5af308cf243ca0bc35572043d7d76147c83e6cf574bc7336ceab6600a0df0ea1563eae702f1276b9c64dadd0c826226f3c1d0bb100f322831e8d6d67b28197907f7dfdffdf4a8166783601cc45e30149f02be1473576ca1964af69c17a4b85aa090e91166516d1bf62481da6fdc5913c40c8c2e15ca2ff9db7764b8e23bb2b0f322a0db077b8c62f65a3c022b54c0f6383e5649024b04ee9e8613447e20653524a413e994f482598877a86449249ea9bd2c779dfb8335c72c8672bb8f495e260f903f14772de7c6b4d6aeaa4e9998ed9520f37c63538a7a1297baaf07cf59ee9e8a6c24e93c343d76f64e360f60413e0f2d95087e4617c014a532ab2a1624bd66f40f32912e5baff99eb181b0f1f6d50c992b67cbd6e9112e0e27d45b87357e95fd638ea80d7a3575707948304b07186ff2fcbcb1152efa1ebb79925378e075c27d328a215a378ba7ebb948ddd1996a95a0c9f7a66299eb379993928e1929f2c45466cd92e40317794f67061f5c1bb1494253c210bcbbf0f5533626cef4cd27b3d03ae32f0239dc92528421b930ae0504b16a3a78b457d5083bdf14b6a4334f75df48ed6f2400c2c01862f709388b8b82990ebbe3dbb486698566c8a13aa6413b82cfc1cf3d2fa5bc3ffdc27161f406bad094f6b3f5215ed78f8ab512fb7a47cb3c7b1ae1ff67da286fe3d064fc31f79c01570843f8baae62e54f30de5803a90b3e44c7a2b7dcede5700a71d3f18c929334c2d1dc05ce5e974d507a9403fd67f0ca0557ec6078a4d7bac922a1e4229a99b3604519b0ac0088a079855adafbcf180e4bd8ce29ed01"}, 0x100a, 0x1) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2069.528954][T11025] binder: 10991:11025 transaction failed 29189/-3, size 40-8 line 3147 14:41:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x3000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3000000) 14:41:15 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) 14:41:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2069.691616][T11033] binder: 11032:11033 got transaction with invalid parent offset or type [ 2069.726548][T11033] binder: 11032:11033 transaction failed 29201/-22, size 40-8 line 3317 14:41:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:15 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 2069.792648][T11042] binder_alloc: binder_alloc_mmap_handler: 11032 20000000-20002000 already mapped failed -16 [ 2069.830990][T11033] binder: BINDER_SET_CONTEXT_MGR already set [ 2069.846790][T11033] binder: 11032:11033 ioctl 40046207 0 returned -16 [ 2069.862885][T11042] binder_alloc: 11032: binder_alloc_buf, no vma [ 2069.879090][T13966] binder_release_work: 2 callbacks suppressed [ 2069.879099][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:41:15 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4000000) [ 2069.897329][T11042] binder: 11032:11042 transaction failed 29189/-3, size 40-8 line 3147 [ 2069.925753][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:15 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x20000000000001d9) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:15 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) 14:41:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x4000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2070.158522][T11059] binder: 11058:11059 got transaction with invalid parent offset or type 14:41:16 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) setsockopt$netrom_NETROM_N2(r1, 0x103, 0x3, &(0x7f0000000040)=0x5, 0x4) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x10001, 0x591b}) r2 = gettid() getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) getresgid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x10000, &(0x7f00000002c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xe000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@max_read={'max_read', 0x3d, 0x7}}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@allow_other='allow_other'}], [{@fsuuid={'fsuuid', 0x3d, {[0x34, 0x62, 0x31, 0x7e, 0x7f, 0x36, 0x30, 0x39], 0x2d, [0x75, 0x63, 0x3e, 0x36], 0x2d, [0x63, 0x7b, 0x61, 0x72], 0x2d, [0x35, 0x0, 0x76, 0x33], 0x2d, [0x37, 0x64, 0x37, 0x31, 0x34, 0x32, 0x0, 0x37]}}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}}) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4009400) [ 2070.223595][T11059] binder: 11058:11059 transaction failed 29201/-22, size 40-8 line 3317 [ 2070.256517][T11064] binder_alloc: binder_alloc_mmap_handler: 11058 20000000-20002000 already mapped failed -16 14:41:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2070.346837][T11059] binder: BINDER_SET_CONTEXT_MGR already set [ 2070.363579][T11059] binder: 11058:11059 ioctl 40046207 0 returned -16 14:41:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2070.393979][T11072] binder_alloc: 11058: binder_alloc_buf, no vma [ 2070.441154][T11072] binder: 11058:11072 transaction failed 29189/-3, size 40-8 line 3147 [ 2070.456947][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2070.474655][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x5000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x5000000) 14:41:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2070.588181][T11083] binder: 11082:11083 got transaction with invalid parent offset or type 14:41:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2070.662904][T11083] binder: 11082:11083 transaction failed 29201/-22, size 40-8 line 3317 [ 2070.725220][T11093] binder_alloc: binder_alloc_mmap_handler: 11082 20000000-20002000 already mapped failed -16 14:41:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2070.772021][T11083] binder: BINDER_SET_CONTEXT_MGR already set [ 2070.794553][T11083] binder: 11082:11083 ioctl 40046207 0 returned -16 14:41:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2070.832729][T11095] binder_alloc: 11082: binder_alloc_buf, no vma [ 2070.862534][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2070.886475][T11095] binder: 11082:11095 transaction failed 29189/-3, size 40-8 line 3147 [ 2070.910110][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:19 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000200), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000000)=0x80000001, 0x4) ioctl$KVM_IOEVENTFD(r4, 0x4010ae42, &(0x7f0000000080)={0x0, 0x0}) request_key(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='\x00', 0xfffffffffffffffc) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000380)=ANY=[@ANYBLOB="ac1e00000041e5174df303000000ac149414ff0900ffe0000002efffffffe0000002000000024fe673a08c4e214354d88e4bca029faa4bfecf2667c01aef1f0bd10d7ef76c1bd1af71440461a7f7e25689dd0fcb1c3aca271761e0caddf86e5270a71520004874fc313210403696e876bd0fed71d40bdbd42f29c315d1b872559fab2fa9c67e322c8320880c1bba39fbc9960ba424ed93bd1a84cc3c977102bb0138b56ddc09349b8e94b5ec6257492c42f801d726622b1a2870d1ca83296224107f05adfc5fd343293497b13a34390be6826c4e7f7fbc17a829ddf776dd4a89ec7c48986e9577ed0bb5f83eb41068f4d5afb89d8775338d39ce7a64255323abd89b881d6055476c547aced53722d26475009918a1ec6cf2199ae041631b67e117537313cfa415f6285b5db4139be863117cd27bb6dcac9ff859c5aad3dbc874fc1b9aabf6ea2eb170626acada2a707dd8778c6a16f99218fe0b0a4060befbd838eb020f9d1dd0d3d7ac61b6facc5e1441f1998d30d47cfc6fd96165d2e090bbf733020989184dc224f3e056112fb5"], 0x1) symlink(0x0, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x400480) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000640)={0x0, @in6={{0xa, 0x4e24, 0x9, @local, 0x100000001}}, 0x2, 0x5}, &(0x7f0000000240)=0x90) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000180)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r6 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) gettid() open(&(0x7f00000000c0)='./file0\x00', 0x408ff, 0x0) 14:41:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6000000) 14:41:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000e8ff0080042db984fc7e6db53ca58b5d56905117f9"], 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2073.393841][T11111] binder: 11102:11111 got transaction with invalid parent offset or type [ 2073.433080][T11111] binder: 11102:11111 transaction failed 29201/-22, size 40-8 line 3317 [ 2073.464587][T11117] binder_alloc: binder_alloc_mmap_handler: 11102 20000000-20002000 already mapped failed -16 [ 2073.485542][T11111] binder: BINDER_SET_CONTEXT_MGR already set [ 2073.492014][T11111] binder: 11102:11111 ioctl 40046207 0 returned -16 14:41:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x7000000) 14:41:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2073.512245][T11117] binder_alloc: 11102: binder_alloc_buf, no vma [ 2073.580656][T11117] binder: 11102:11117 transaction failed 29189/-3, size 40-8 line 3147 [ 2073.593227][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:41:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x7000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2073.632166][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2073.756491][T11134] binder: 11132:11134 got transaction with invalid parent offset or type [ 2073.821040][T11136] binder_alloc: binder_alloc_mmap_handler: 11132 20000000-20002000 already mapped failed -16 [ 2073.891825][T11137] binder: BINDER_SET_CONTEXT_MGR already set [ 2073.916449][T11137] binder: 11132:11137 ioctl 40046207 0 returned -16 [ 2073.916475][T11136] binder_alloc: 11132: binder_alloc_buf, no vma [ 2073.967207][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2073.974127][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:41:22 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) getsockopt$packet_buf(r1, 0x107, 0x6, &(0x7f0000000000)=""/5, &(0x7f0000000040)=0x5) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x8000000) 14:41:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x8000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2076.636118][T11144] binder: 11143:11144 got transaction with invalid parent offset or type [ 2076.655712][T11144] binder_transaction: 2 callbacks suppressed [ 2076.655729][T11144] binder: 11143:11144 transaction failed 29201/-22, size 40-8 line 3317 14:41:22 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2076.710969][T11155] binder_alloc: binder_alloc_mmap_handler: 11143 20000000-20002000 already mapped failed -16 [ 2076.748950][T11144] binder: BINDER_SET_CONTEXT_MGR already set 14:41:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2076.765821][T11144] binder: 11143:11144 ioctl 40046207 0 returned -16 14:41:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x9000000) [ 2076.823050][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2076.830117][T11155] binder_alloc: 11143: binder_alloc_buf, no vma [ 2076.862251][T11155] binder: 11143:11155 transaction failed 29189/-3, size 40-8 line 3147 14:41:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0xa000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2076.895741][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2077.033513][T11167] binder: 11164:11167 got transaction with invalid parent offset or type [ 2077.057800][T11167] binder: 11164:11167 transaction failed 29201/-22, size 40-8 line 3317 [ 2077.072451][T11170] binder_alloc: binder_alloc_mmap_handler: 11164 20000000-20002000 already mapped failed -16 [ 2077.085813][T11167] binder: BINDER_SET_CONTEXT_MGR already set [ 2077.121686][T11167] binder: 11164:11167 ioctl 40046207 0 returned -16 [ 2077.129445][T11170] binder_alloc: 11164: binder_alloc_buf, no vma [ 2077.135941][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2077.148987][T11170] binder: 11164:11170 transaction failed 29189/-3, size 40-8 line 3147 [ 2077.180728][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:23 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000000)=0x4802, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xa000000) 14:41:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x12000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2077.408812][T11179] binder: 11175:11179 got transaction with invalid parent offset or type [ 2077.436271][T11179] binder: 11175:11179 transaction failed 29201/-22, size 40-8 line 3317 14:41:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2077.483659][T11187] binder_alloc: binder_alloc_mmap_handler: 11175 20000000-20002000 already mapped failed -16 14:41:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xb000000) [ 2077.574717][T11179] binder: BINDER_SET_CONTEXT_MGR already set [ 2077.606398][T11193] binder_alloc: 11175: binder_alloc_buf, no vma [ 2077.644672][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2077.655772][T11179] binder: 11175:11179 ioctl 40046207 0 returned -16 14:41:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 14:41:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2077.692652][T11193] binder: 11175:11193 transaction failed 29189/-3, size 40-8 line 3147 [ 2077.731688][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:23 executing program 4: syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x7, 0xb0000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x20000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xc000000) 14:41:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 14:41:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2078.036732][T11215] binder: 11209:11215 got transaction with invalid parent offset or type 14:41:23 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2078.088500][T11215] binder: 11209:11215 transaction failed 29201/-22, size 40-8 line 3317 14:41:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2078.154276][T11222] binder_alloc: binder_alloc_mmap_handler: 11209 20000000-20002000 already mapped failed -16 14:41:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r2, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xd000000) [ 2078.206595][T11215] binder: BINDER_SET_CONTEXT_MGR already set [ 2078.277005][T11215] binder: 11209:11215 ioctl 40046207 0 returned -16 14:41:24 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 14:41:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2078.330385][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:41:24 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x7fff, 0x40000) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000100)={0x9, 0x8, 0x100000001, 0x400, 0x5, 0x1, 0x6, 0x2000000000000, 0x8, 0x1d17, 0x1ff}) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={0xffffffffffffffff}, 0x106, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r2, &(0x7f0000000080)={0x4, 0x8, 0xfa00, {r4, 0xed5d}}, 0x10) tkill(r3, 0x1) fcntl$setstatus(r2, 0x4, 0x2000) 14:41:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x30000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:24 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 14:41:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe000000) 14:41:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2078.787888][T11245] binder: 11244:11245 got transaction with invalid parent offset or type 14:41:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2078.839160][T11245] binder: 11244:11245 transaction failed 29201/-22, size 40-8 line 3317 14:41:24 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 14:41:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2078.900240][T11260] binder_alloc: binder_alloc_mmap_handler: 11244 20000000-20002000 already mapped failed -16 14:41:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf000000) [ 2078.981940][T11245] binder_alloc: 11244: binder_alloc_buf, no vma [ 2078.985824][T11267] binder: BINDER_SET_CONTEXT_MGR already set [ 2079.016374][T11267] binder: 11244:11267 ioctl 40046207 0 returned -16 [ 2079.016389][T11245] binder: 11244:11245 transaction failed 29189/-3, size 40-8 line 3147 14:41:24 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 2079.027142][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2079.080463][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 14:41:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:25 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video2\x00', 0x2, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x0, 0x1, 0x8001, 0x2, 0x80}}) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x40c00) 14:41:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:25 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 14:41:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x10000000) 14:41:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x3f000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2079.439851][T11286] binder: 11279:11286 got transaction with invalid parent offset or type 14:41:25 executing program 1: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 14:41:25 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000000000)={0x1, {{0x2, 0x4e21, @broadcast}}}, 0x88) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2079.483731][T11286] binder: 11279:11286 transaction failed 29201/-22, size 40-8 line 3317 14:41:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2079.541444][T11295] binder_alloc: binder_alloc_mmap_handler: 11279 20000000-20002000 already mapped failed -16 14:41:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x11000000) 14:41:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2079.587368][T11286] binder: BINDER_SET_CONTEXT_MGR already set [ 2079.621629][T11286] binder: 11279:11286 ioctl 40046207 0 returned -16 14:41:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2079.667790][T11302] binder_alloc: 11279: binder_alloc_buf, no vma [ 2079.687469][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:41:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x48000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:25 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2079.827375][T11315] binder: 11313:11315 got transaction with invalid parent offset or type [ 2079.863844][T11317] binder_alloc: binder_alloc_mmap_handler: 11313 20000000-20002000 already mapped failed -16 14:41:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2079.897754][T11315] binder: BINDER_SET_CONTEXT_MGR already set [ 2079.928899][T11315] binder: 11313:11315 ioctl 40046207 0 returned -16 14:41:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x4c000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:25 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2080.084487][T11326] binder: 11325:11326 got transaction with invalid parent offset or type 14:41:25 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() sched_getparam(r2, &(0x7f0000000100)) setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_id=0x0, &(0x7f0000000040)=0x4) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000080)={r3, 0x8}, 0x0) tkill(r2, 0x1) 14:41:25 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 2080.131901][T11329] binder_alloc: binder_alloc_mmap_handler: 11325 20000000-20002000 already mapped failed -16 [ 2080.162939][T11326] binder: BINDER_SET_CONTEXT_MGR already set [ 2080.202205][T11326] binder: 11325:11326 ioctl 40046207 0 returned -16 [ 2080.216473][T11329] binder_alloc: 11325: binder_alloc_buf, no vma 14:41:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x12000000) 14:41:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:26 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x60000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:26 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 14:41:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2080.407262][T11346] binder: 11341:11346 got transaction with invalid parent offset or type 14:41:26 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:26 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r1, 0xae9a) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 2080.473251][T11347] binder_alloc: binder_alloc_mmap_handler: 11341 20000000-20002000 already mapped failed -16 [ 2080.484036][T11346] binder: BINDER_SET_CONTEXT_MGR already set 14:41:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x13000000) [ 2080.530671][T11346] binder: 11341:11346 ioctl 40046207 0 returned -16 14:41:26 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2080.593354][T11357] binder_alloc: 11341: binder_alloc_buf, no vma 14:41:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x68000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:29 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80000, 0x0) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080), 0x10) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x200000000000001b) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xc) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:29 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x14000000) 14:41:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2083.230522][T11377] binder: 11371:11377 got transaction with invalid parent offset or type [ 2083.276226][T11377] binder_transaction: 7 callbacks suppressed [ 2083.276245][T11377] binder: 11371:11377 transaction failed 29201/-22, size 40-8 line 3317 14:41:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2083.335132][T11388] binder_alloc: binder_alloc_mmap_handler: 11371 20000000-20002000 already mapped failed -16 14:41:29 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x15000000) [ 2083.415699][T11377] binder: BINDER_SET_CONTEXT_MGR already set [ 2083.438265][T11377] binder: 11371:11377 ioctl 40046207 0 returned -16 [ 2083.477119][T11392] binder_alloc: 11371: binder_alloc_buf, no vma [ 2083.487467][ T8052] binder_release_work: 7 callbacks suppressed [ 2083.487488][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2083.503744][T11392] binder: 11371:11392 transaction failed 29189/-3, size 40-8 line 3147 14:41:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2083.571992][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6c000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:29 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2083.701869][T11408] binder: 11407:11408 got transaction with invalid parent offset or type 14:41:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x16000000) [ 2083.756281][T11408] binder: 11407:11408 transaction failed 29201/-22, size 40-8 line 3317 [ 2083.800498][T11412] binder_alloc: binder_alloc_mmap_handler: 11407 20000000-20002000 already mapped failed -16 [ 2083.845712][T11408] binder: BINDER_SET_CONTEXT_MGR already set [ 2083.860456][T11408] binder: 11407:11408 ioctl 40046207 0 returned -16 [ 2083.882175][T11412] binder_alloc: 11407: binder_alloc_buf, no vma 14:41:29 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x6}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)={0x37c, 0xe, 0x1, 0x704, 0x70bd2d, 0x25dfdbfd, {0x2, 0x0, 0x1}, [@typed={0x14, 0x27, @ipv6=@loopback}, @typed={0x8, 0x5d, @pid=r2}, @generic="69bce23927733579c7a1fa3be4928fae0346848481c36ed11b6a751e3b4f5bcfaf4f9ef985b240310c03cbeb5bcf20a6ff2a0af1a00f5abbfafda86f74f6a2494d6f8615813a133fef5ed5f1ec646286a6b63149309086569d2d0f79110a500911c44ce414332cb3fe77d7a48c53914b4cff136feb036b66a2548fdce124c8c9727ff820c475bf588bc6fc2a447601e1c5857bd55c6ef83fb37c", @typed={0xc, 0x10, @u64=0x5}, @nested={0x294, 0x69, [@generic="14343516a03157f10c480a983858847af89b4a2e921edb9be2645b6d8b653422b14baf06be4f7b0f6f508ed7889f2a3eae7d60e377c74fe0ae9c6f2eae1839e4cea25b7b47ede52eed29b4ea8ebf19866be5cc234bd71bad85c2800de98ea53e9e7af67aeec995bdb83edbad4a72988ca32944223d1863e813af08016d191fb424fc0fe1efd62e2fcf64081e5ffdf06940003b4f5dfac198625dc094043f798f1595c7997205c7d9bf0d12b33d995aaa3afb4499f4c8b3958a040ac2df3f6941f8b3a548ea5912b4e155158aed7003b398c4ce1af95a230ddc193b9f36a26e31e418b1487b", @typed={0x8, 0x81, @fd=r0}, @generic="35fd91351b34e120b05f1d1c70d7fe8ccfe35121cda263a41da9c3f945bcb4a6dd9a23e8c9450fedf9fc57f9271cb69a2618cdd26bbee30913e7d4b1ea84bc9e9fb78f1afcc70dbdbb47d2a92dfe8ca381501a47cb4f9fdfd7fccd0aceee169e82ffde504ff4f41d3340641550a1a6286721351b451a52310a0882ad2b680a610c8d44a58360803b6bae012ef2dbb81c5bc986f31e749692b1b9264c289f157af97199affef193f1effc3b08f4013a435efb95e51799fcc67d763e66edc58e5d6994adea59686d115938c11a1d180b16ae0f1303", @generic="b35961d9c51c8229c0a914d6b5e1d487553f95df10130d54becbc369ce19b02566ab254b24a9442308101e6c4d878fa3ad4631a106101c3d2f014477a3406b3df3e4fd4332509c8afd04a688de755feeb0a43119affdb12356", @generic="050c920f816df21d1c6fe7754161234311486c9fa98f8fbd301fe3c36f1a7ca406245c5adaf52cc7d784ba3c050d9871298bacbce29514d4b21f03232c3eb356cf5d98ff8c568bc4df0dececd4bb85fcd1fea976c0bc6f3da45f771710205c095415d4ee58c40ad840dd6f3b9b94221866a1bbe3c441"]}, @typed={0x10, 0xc, @str='cpuseteth1\x00'}]}, 0x37c}, 0x1, 0x0, 0x0, 0x800}, 0x4000000) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:29 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2083.896365][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2083.903050][T11412] binder: 11407:11412 transaction failed 29189/-3, size 40-8 line 3147 [ 2083.923876][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x74000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x17000000) 14:41:29 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2084.099234][T11427] binder: 11424:11427 got transaction with invalid parent offset or type 14:41:29 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2084.140085][T11427] binder: 11424:11427 transaction failed 29201/-22, size 40-8 line 3317 [ 2084.197351][T11434] binder_alloc: binder_alloc_mmap_handler: 11424 20000000-20002000 already mapped failed -16 [ 2084.242079][T11434] binder: BINDER_SET_CONTEXT_MGR already set [ 2084.277321][T11442] binder_alloc: 11424: binder_alloc_buf, no vma 14:41:30 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x18000000) 14:41:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2084.303499][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2084.319858][T11434] binder: 11424:11434 ioctl 40046207 0 returned -16 [ 2084.336144][T11442] binder: 11424:11442 transaction failed 29189/-3, size 40-8 line 3147 [ 2084.391620][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:30 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x6685) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r1, 0xc040563d, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x1, {0x7, 0x9, 0x7fff, 0x2}}) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x7a000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:30 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x19000000) 14:41:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2084.656682][T11460] binder: 11457:11460 got transaction with invalid parent offset or type 14:41:30 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2084.707994][T11460] binder: 11457:11460 transaction failed 29201/-22, size 40-8 line 3317 [ 2084.765987][T11471] binder_alloc: binder_alloc_mmap_handler: 11457 20000000-20002000 already mapped failed -16 14:41:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1a000000) [ 2084.861623][T11460] binder: BINDER_SET_CONTEXT_MGR already set [ 2084.888898][T11473] binder_alloc: 11457: binder_alloc_buf, no vma 14:41:30 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2084.936327][T11460] binder: 11457:11460 ioctl 40046207 0 returned -16 [ 2084.936946][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2084.994361][T11473] binder: 11457:11473 transaction failed 29189/-3, size 40-8 line 3147 14:41:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2085.049343][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:31 executing program 4: syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x10000, 0x401) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:31 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1b000000) 14:41:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2085.527618][T11495] binder: 11488:11495 got transaction with invalid parent offset or type [ 2085.571075][T11495] binder: 11488:11495 transaction failed 29201/-22, size 40-8 line 3317 14:41:31 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2085.613273][T11503] binder_alloc: binder_alloc_mmap_handler: 11488 20000000-20002000 already mapped failed -16 14:41:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1c000000) [ 2085.697283][T11503] binder_alloc: 11488: binder_alloc_buf, no vma [ 2085.730587][T11503] binder: 11488:11503 transaction failed 29189/-3, size 40-8 line 3147 [ 2085.750832][T11504] binder: BINDER_SET_CONTEXT_MGR already set 14:41:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:31 executing program 0: socket$inet6(0xa, 0x2, 0x0) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2085.831888][T11504] binder: 11488:11504 ioctl 40046207 0 returned -16 [ 2085.831893][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2085.831937][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2086.010950][T11519] binder: 11518:11519 got transaction with invalid parent offset or type [ 2086.030432][T11520] binder_alloc: binder_alloc_mmap_handler: 11518 20000000-20002000 already mapped failed -16 [ 2086.044006][T11519] binder: BINDER_SET_CONTEXT_MGR already set [ 2086.053779][T11519] binder: 11518:11519 ioctl 40046207 0 returned -16 [ 2086.063750][T11520] binder_alloc: 11518: binder_alloc_buf, no vma 14:41:34 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) recvmmsg(r0, &(0x7f0000005580)=[{{&(0x7f00000000c0)=@rc, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/211, 0xd3}], 0x1}, 0x5}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000300)=""/53, 0x35}, {&(0x7f0000000340)=""/193, 0xc1}, {&(0x7f0000000440)=""/80, 0x50}, {&(0x7f00000004c0)=""/132, 0x84}, {&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000680)=""/15, 0xf}, {&(0x7f00000006c0)=""/4096, 0x1000}], 0x7, &(0x7f0000001740)=""/188, 0xbc}, 0x7f}, {{&(0x7f0000001800)=@rc, 0x80, &(0x7f0000001a80)=[{&(0x7f0000001880)=""/183, 0xb7}, {&(0x7f0000001940)=""/172, 0xac}, {&(0x7f0000001a00)=""/58, 0x3a}, {&(0x7f0000001a40)=""/11, 0xb}], 0x4, &(0x7f0000001ac0)=""/55, 0x37}, 0x2}, {{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001b00)=""/239, 0xef}], 0x1, &(0x7f0000001c40)}, 0x1}, {{&(0x7f0000001c80), 0x80, &(0x7f0000001dc0)=[{&(0x7f0000001d00)=""/133, 0x85}], 0x1}, 0x401}, {{&(0x7f0000001e00)=@alg, 0x80, &(0x7f0000003040)=[{&(0x7f0000001e80)=""/4096, 0x1000}, {&(0x7f0000002e80)=""/33, 0x21}, {&(0x7f0000002ec0)=""/28, 0x1c}, {&(0x7f0000002f00)=""/200, 0xc8}, {&(0x7f0000003000)=""/6, 0x6}], 0x5, &(0x7f00000030c0)=""/170, 0xaa}, 0x9}, {{&(0x7f0000003180)=@alg, 0x80, &(0x7f0000005500)=[{&(0x7f0000003200)=""/4096, 0x1000}, {&(0x7f0000004200)=""/193, 0xc1}, {&(0x7f0000004300)=""/4096, 0x1000}, {&(0x7f0000005300)=""/105, 0x69}, {&(0x7f0000005380)=""/160, 0xa0}, {&(0x7f0000005440)=""/189, 0xbd}], 0x6}, 0xffffffffffffffa2}], 0x7, 0x2000, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000000)={0x9, 0x0, [], {0x0, @reserved}}) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0xc004ae02, &(0x7f0000001c40)={0x2, [0x0, 0x0]}) 14:41:34 executing program 0: socket$inet6(0xa, 0x2, 0x0) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1d000000) 14:41:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2088.547167][T11526] binder: 11525:11526 got transaction with invalid parent offset or type [ 2088.567640][T11526] binder_transaction: 2 callbacks suppressed [ 2088.567658][T11526] binder: 11525:11526 transaction failed 29201/-22, size 40-8 line 3317 [ 2088.595988][T11533] binder_alloc: binder_alloc_mmap_handler: 11525 20000000-20002000 already mapped failed -16 [ 2088.648642][T11526] binder: BINDER_SET_CONTEXT_MGR already set [ 2088.679933][T11526] binder: 11525:11526 ioctl 40046207 0 returned -16 14:41:34 executing program 0: socket$inet6(0xa, 0x2, 0x0) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r0, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2088.704060][T11539] binder_alloc: 11525: binder_alloc_buf, no vma [ 2088.730093][T13966] binder_release_work: 2 callbacks suppressed [ 2088.730101][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2088.745001][T11539] binder: 11525:11539 transaction failed 29189/-3, size 40-8 line 3147 14:41:34 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1e000000) 14:41:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2088.773284][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:34 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2088.972769][T11556] binder: 11553:11556 got transaction with invalid parent offset or type [ 2089.026289][T11556] binder: 11553:11556 transaction failed 29201/-22, size 40-8 line 3317 [ 2089.063700][T11557] binder_alloc: binder_alloc_mmap_handler: 11553 20000000-20002000 already mapped failed -16 [ 2089.105520][T11556] binder: BINDER_SET_CONTEXT_MGR already set [ 2089.129598][T11556] binder: 11553:11556 ioctl 40046207 0 returned -16 [ 2089.129630][T11557] binder_alloc: 11553: binder_alloc_buf, no vma [ 2089.144212][T11557] binder: 11553:11557 transaction failed 29189/-3, size 40-8 line 3147 [ 2089.159714][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2089.170358][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:37 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1000805) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:37 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1f000000) 14:41:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2091.667892][T11565] binder: 11563:11565 got transaction with invalid parent offset or type 14:41:37 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2091.730199][T11565] binder: 11563:11565 transaction failed 29201/-22, size 40-8 line 3317 14:41:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x21000000) [ 2091.791487][T11575] binder_alloc: binder_alloc_mmap_handler: 11563 20000000-20002000 already mapped failed -16 14:41:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2091.856378][T11565] binder: BINDER_SET_CONTEXT_MGR already set [ 2091.879136][T11565] binder: 11563:11565 ioctl 40046207 0 returned -16 14:41:37 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2091.950612][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:41:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2092.085088][T11590] binder: 11589:11590 got transaction with invalid parent offset or type [ 2092.106673][T11590] binder: 11589:11590 transaction failed 29201/-22, size 40-8 line 3317 [ 2092.148480][T11591] binder_alloc: binder_alloc_mmap_handler: 11589 20000000-20002000 already mapped failed -16 [ 2092.186388][T11590] binder: BINDER_SET_CONTEXT_MGR already set [ 2092.193240][T11591] binder_alloc: 11589: binder_alloc_buf, no vma [ 2092.201874][T11590] binder: 11589:11590 ioctl 40046207 0 returned -16 [ 2092.212583][T11591] binder: 11589:11591 transaction failed 29189/-3, size 40-8 line 3147 [ 2092.221536][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2092.232355][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x80000000, 0x1) ioctl$KVM_RUN(r1, 0xae80, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) getsockopt$sock_int(r0, 0x1, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0x4) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r2, 0x111, 0x3, 0x1, 0x4) r3 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3d) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x23000000) 14:41:38 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x500000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2092.432291][T11600] binder: 11598:11600 got transaction with invalid parent offset or type [ 2092.476417][T11600] binder: 11598:11600 transaction failed 29201/-22, size 40-8 line 3317 14:41:38 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x25000000) [ 2092.555763][T11611] binder_alloc: binder_alloc_mmap_handler: 11598 20000000-20002000 already mapped failed -16 14:41:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c12") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2092.620464][T11611] binder_alloc: 11598: binder_alloc_buf, no vma [ 2092.620484][T11600] binder: BINDER_SET_CONTEXT_MGR already set [ 2092.653551][T11611] binder: 11598:11611 transaction failed 29189/-3, size 40-8 line 3147 14:41:38 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2092.683827][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2092.696665][T11600] binder: 11598:11600 ioctl 40046207 0 returned -16 14:41:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x600000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2092.761075][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2092.889716][T11627] binder: 11626:11627 got transaction with invalid parent offset or type [ 2092.913703][T11627] binder: 11626:11627 transaction failed 29201/-22, size 40-8 line 3317 14:41:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x38, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000040)=[@mss={0x2, 0x7f}, @mss={0x2, 0x7}], 0x2000000000000305) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000000c0)=0x16000, 0x4) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000080)={0x5, 0x5}) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x26000000) 14:41:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:38 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2092.955486][T11628] binder_alloc: binder_alloc_mmap_handler: 11626 20000000-20002000 already mapped failed -16 [ 2092.977547][T11628] binder: BINDER_SET_CONTEXT_MGR already set [ 2092.984471][T11629] binder_alloc: 11626: binder_alloc_buf, no vma 14:41:38 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x108) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2092.995489][T11628] binder: 11626:11628 ioctl 40046207 0 returned -16 [ 2093.026529][T13966] binder: undelivered TRANSACTION_ERROR: 29201 14:41:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:38 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2093.200198][T11647] binder: 11646:11647 got transaction with invalid parent offset or type 14:41:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x27000000) [ 2093.251115][T11652] binder_alloc: binder_alloc_mmap_handler: 11646 20000000-20002000 already mapped failed -16 [ 2093.304363][T11647] binder: BINDER_SET_CONTEXT_MGR already set [ 2093.328198][T11647] binder: 11646:11647 ioctl 40046207 0 returned -16 14:41:39 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2093.356936][T11656] binder_alloc: 11646: binder_alloc_buf, no vma 14:41:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x800000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x29000000) 14:41:39 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2093.527991][T11665] binder: 11664:11665 got transaction with invalid parent offset or type [ 2093.577583][T11665] binder_transaction: 3 callbacks suppressed [ 2093.577601][T11665] binder: 11664:11665 transaction failed 29201/-22, size 40-8 line 3317 [ 2093.619746][T11671] binder_alloc: binder_alloc_mmap_handler: 11664 20000000-20002000 already mapped failed -16 [ 2093.703595][T11665] binder: BINDER_SET_CONTEXT_MGR already set [ 2093.722704][T11665] binder: 11664:11665 ioctl 40046207 0 returned -16 [ 2093.755526][T11681] binder_alloc: 11664: binder_alloc_buf, no vma [ 2093.764600][T11681] binder: 11664:11681 transaction failed 29189/-3, size 40-8 line 3147 [ 2093.780037][ T8052] binder_release_work: 3 callbacks suppressed [ 2093.780044][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2093.805229][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:39 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x4000fffffffd, 0xffffffffffffff2a) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) ptrace$cont(0xffffffffffffffff, r2, 0x9, 0x2) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:39 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2b000000) 14:41:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2094.022498][T11690] binder: 11687:11690 got transaction with invalid parent offset or type 14:41:39 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2094.076472][T11690] binder: 11687:11690 transaction failed 29201/-22, size 40-8 line 3317 14:41:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2094.128169][T11698] binder_alloc: binder_alloc_mmap_handler: 11687 20000000-20002000 already mapped failed -16 14:41:40 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x1, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2094.173920][T11690] binder: BINDER_SET_CONTEXT_MGR already set [ 2094.200243][T11690] binder: 11687:11690 ioctl 40046207 0 returned -16 [ 2094.202234][T11701] binder_alloc: 11687: binder_alloc_buf, no vma 14:41:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:40 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2d000000) [ 2094.259560][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2094.266794][T11701] binder: 11687:11701 transaction failed 29189/-3, size 40-8 line 3147 [ 2094.275605][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:40 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2e000000) [ 2094.443280][T11717] binder: 11716:11717 got transaction with invalid parent offset or type [ 2094.509999][T11717] binder: 11716:11717 transaction failed 29201/-22, size 40-8 line 3317 14:41:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b0") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x18, 0x10000031, 0x829, 0x0, 0x0, {0x2802, 0x1000000}, [@nested={0x4}]}, 0x18}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2094.562258][T11724] binder_alloc: binder_alloc_mmap_handler: 11716 20000000-20002000 already mapped failed -16 [ 2094.608010][T11717] binder: BINDER_SET_CONTEXT_MGR already set 14:41:40 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2094.649649][T11717] binder: 11716:11717 ioctl 40046207 0 returned -16 [ 2094.676768][T11731] binder_alloc: 11716: binder_alloc_buf, no vma 14:41:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2f000000) [ 2094.717364][T11731] binder: 11716:11731 transaction failed 29189/-3, size 40-8 line 3147 [ 2094.757007][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2094.783015][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:40 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) rt_sigtimedwait(&(0x7f0000000140)={0x80000001}, &(0x7f0000000180), &(0x7f00000002c0)={r2, r3+30000000}, 0x8) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000000)=""/183, &(0x7f00000000c0)=0xb7) r4 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x400000, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) recvmsg$kcm(r1, &(0x7f0000000700)={&(0x7f0000000300)=@alg, 0x80, &(0x7f0000000680)=[{&(0x7f0000000380)=""/224, 0xe0}, {&(0x7f0000000480)=""/213, 0xd5}, {&(0x7f0000000580)=""/198, 0xc6}], 0x3, &(0x7f00000006c0)}, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/zero\x00', 0x4000, 0x0) 14:41:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 14:41:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:40 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x31000000) [ 2094.946709][T11743] binder: 11741:11743 got transaction with invalid parent offset or type [ 2095.001009][T11743] binder: 11741:11743 transaction failed 29201/-22, size 40-8 line 3317 14:41:40 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2095.043209][T11751] binder_alloc: binder_alloc_mmap_handler: 11741 20000000-20002000 already mapped failed -16 14:41:40 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaacd7, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 14:41:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x33000000) [ 2095.099848][T11743] binder: BINDER_SET_CONTEXT_MGR already set [ 2095.129047][T11743] binder: 11741:11743 ioctl 40046207 0 returned -16 14:41:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180), 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2095.174667][T11759] binder_alloc: 11741: binder_alloc_buf, no vma [ 2095.186338][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2095.199834][T11759] binder: 11741:11759 transaction failed 29189/-3, size 40-8 line 3147 [ 2095.240228][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x3000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2095.378162][T11772] binder: 11771:11772 got transaction with invalid parent offset or type [ 2095.444303][T11772] binder: 11771:11772 transaction failed 29201/-22, size 40-8 line 3317 [ 2095.469272][T11773] binder_alloc: binder_alloc_mmap_handler: 11771 20000000-20002000 already mapped failed -16 14:41:41 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10eab6) sync() clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r1, 0x4, 0x2008) 14:41:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180), 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x35000000) [ 2095.516919][T11773] binder_alloc: 11771: binder_alloc_buf, no vma [ 2095.520673][T11774] binder: BINDER_SET_CONTEXT_MGR already set [ 2095.523260][T11773] binder: 11771:11773 transaction failed 29189/-3, size 40-8 line 3147 [ 2095.545899][T11774] binder: 11771:11774 ioctl 40046207 0 returned -16 [ 2095.545904][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2095.545951][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2095.635516][T11784] binder: 11783:11784 got transaction with invalid parent offset or type 14:41:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180), 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x36000000) [ 2095.708848][T11790] binder_alloc: binder_alloc_mmap_handler: 11783 20000000-20002000 already mapped failed -16 14:41:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2095.753885][T11784] binder: BINDER_SET_CONTEXT_MGR already set [ 2095.773333][T11784] binder: 11783:11784 ioctl 40046207 0 returned -16 14:41:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[]}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2095.815883][T11798] binder_alloc: 11783: binder_alloc_buf, no vma 14:41:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x37000000) 14:41:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[]}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2095.987943][T11805] binder: 11803:11805 got transaction with invalid parent offset or type [ 2096.030323][T11808] binder_alloc: binder_alloc_mmap_handler: 11803 20000000-20002000 already mapped failed -16 14:41:41 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) connect$netlink(r1, &(0x7f00000000c0)=@proc={0x10, 0x0, 0x25dfdbfe}, 0xc) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r1, 0x808c563d, &(0x7f0000000000)) tkill(r2, 0x1b) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2096.112674][T11805] binder: BINDER_SET_CONTEXT_MGR already set 14:41:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[]}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x39000000) [ 2096.153889][T11805] binder: 11803:11805 ioctl 40046207 0 returned -16 [ 2096.154713][T11817] binder_alloc: 11803: binder_alloc_buf, no vma 14:41:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB]}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3b000000) 14:41:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB]}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2096.475908][T11834] binder: 11833:11834 got transaction with invalid parent offset or type 14:41:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB]}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2096.521943][T11842] binder_alloc: binder_alloc_mmap_handler: 11833 20000000-20002000 already mapped failed -16 14:41:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:42 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f0000000000)=0x9) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3d000000) [ 2096.627505][T11842] binder_alloc: 11833: binder_alloc_buf, no vma [ 2096.642247][T11847] binder: BINDER_SET_CONTEXT_MGR already set 14:41:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102000000"], 0x8}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2096.670814][T11847] binder: 11833:11847 ioctl 40046207 0 returned -16 14:41:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3e000000) 14:41:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102000000"], 0x8}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2096.835566][T11861] binder: 11860:11861 got transaction with invalid parent offset or type [ 2096.855398][T11862] binder_alloc: binder_alloc_mmap_handler: 11860 20000000-20002000 already mapped failed -16 [ 2096.903083][T11861] binder: BINDER_SET_CONTEXT_MGR already set 14:41:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102000000"], 0x8}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2096.947093][T11861] binder: 11860:11861 ioctl 40046207 0 returned -16 [ 2096.966959][T11869] binder_alloc: 11860: binder_alloc_buf, no vma 14:41:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3f000000) 14:41:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b00010200000000004000"], 0xc}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2097.095499][T11876] binder: 11875:11876 got transaction with invalid parent offset or type [ 2097.182054][T11882] binder_alloc: binder_alloc_mmap_handler: 11875 20000000-20002000 already mapped failed -16 [ 2097.222909][T11876] binder: BINDER_SET_CONTEXT_MGR already set [ 2097.261922][T11876] binder: 11875:11876 ioctl 40046207 0 returned -16 [ 2097.274387][T11884] binder_alloc: 11875: binder_alloc_buf, no vma 14:41:45 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x10000, 0x0) ioctl$KDSETKEYCODE(r1, 0x4b4d, &(0x7f00000000c0)={0x6, 0x3}) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) fsetxattr$security_capability(r0, &(0x7f0000000000)='security.capability\x00', &(0x7f0000000040)=@v1={0x1000000, [{0xa2d, 0x4d4a}]}, 0xc, 0x1) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) tkill(r3, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:45 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b00010200000000004000"], 0xc}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x40000000) 14:41:45 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2099.749459][T11891] binder: 11890:11891 got transaction with invalid parent offset or type 14:41:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:45 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b00010200000000004000"], 0xc}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2099.790868][T11891] binder_transaction: 10 callbacks suppressed [ 2099.790886][T11891] binder: 11890:11891 transaction failed 29201/-22, size 40-8 line 3317 14:41:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2099.845649][T11901] binder_alloc: binder_alloc_mmap_handler: 11890 20000000-20002000 already mapped failed -16 [ 2099.877258][T11901] binder: BINDER_SET_CONTEXT_MGR already set 14:41:45 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x41000000) [ 2099.910497][T11901] binder: 11890:11901 ioctl 40046207 0 returned -16 [ 2099.917210][T11906] binder_alloc: 11890: binder_alloc_buf, no vma [ 2099.917249][T11906] binder: 11890:11906 transaction failed 29189/-3, size 40-8 line 3147 [ 2099.917472][T13966] binder_release_work: 10 callbacks suppressed [ 2099.917516][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2099.940282][T11908] binder: BINDER_SET_CONTEXT_MGR already set 14:41:45 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102000000000040000000"], 0xe}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2099.981645][T11908] binder: 11905:11908 ioctl 40046207 0 returned -16 [ 2100.001254][T13966] binder: undelivered TRANSACTION_ERROR: 29189 [ 2100.008632][T11913] binder_alloc: 11890: binder_alloc_buf, no vma 14:41:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2100.078787][T11913] binder: 11905:11913 transaction failed 29189/-3, size 40-8 line 3147 [ 2100.125637][T11920] binder: 11918:11920 got transaction with invalid parent offset or type [ 2100.165704][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2100.198336][T11920] binder: 11918:11920 transaction failed 29201/-22, size 40-8 line 3317 [ 2100.241344][T11921] binder_alloc: binder_alloc_mmap_handler: 11918 20000000-20002000 already mapped failed -16 [ 2100.259628][T11920] binder: BINDER_SET_CONTEXT_MGR already set [ 2100.271133][T11920] binder: 11918:11920 ioctl 40046207 0 returned -16 [ 2100.280290][T11921] binder_alloc: 11918: binder_alloc_buf, no vma [ 2100.290777][T11921] binder: 11918:11921 transaction failed 29189/-3, size 40-8 line 3147 [ 2100.301933][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2100.314090][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:46 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1f, &(0x7f0000000000)=0x400100000001, 0x3) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xf8, 0x101000) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x8080, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r2, 0x4, 0x80000000, r3}) r4 = dup2(r2, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:41:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102000000000040000000"], 0xe}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x43000000) 14:41:46 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2100.417770][T11929] binder: 11927:11929 got transaction with invalid parent offset or type 14:41:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102000000000040000000"], 0xe}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:46 executing program 1: ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, &(0x7f0000000080)=0x1c, 0x4) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x2000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000980), 0x0, 0x0, 0xfffffffffffffe03}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bpq0\x00', 0x21}) r0 = syz_open_procfs(0x0, &(0x7f0000000580)='ns\x00') getdents(r0, &(0x7f0000000040)=""/46, 0x2e) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') pipe2(0x0, 0x80800) syz_open_procfs(0x0, 0x0) syz_genetlink_get_family_id$team(0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000540)={@empty, @initdev}, &(0x7f00000005c0)=0xc) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, &(0x7f0000000640)) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000e00)={'team0\x00'}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000fc0)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) getpeername$packet(r1, &(0x7f0000001740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001780)=0x14) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001b80)={0x0, @broadcast, @multicast1}, &(0x7f0000001bc0)=0xc) 14:41:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2100.466245][T11929] binder: 11927:11929 transaction failed 29201/-22, size 40-8 line 3317 14:41:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x45000000) [ 2100.541981][T11939] binder_alloc: binder_alloc_mmap_handler: 11927 20000000-20002000 already mapped failed -16 14:41:46 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f0000000000)="92e87cc2f0148a607276b9aaf1b59f4e13df44319dc19a0be0b3b653bcfb798b1bf581eec104e856513709770c9a3b829da86857af66795d813b8369c019dcca573b91666887d6086641b58c7e4cdcd760156f68c01507") tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2100.662939][T11953] binder: BINDER_SET_CONTEXT_MGR already set [ 2100.683160][T11953] binder: 11927:11953 ioctl 40046207 0 returned -16 [ 2100.683524][T11939] binder_alloc: 11927: binder_alloc_buf, no vma 14:41:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b00010200000000004000000000"], 0xf}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2100.708613][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2100.719073][T11939] binder: 11927:11939 transaction failed 29189/-3, size 40-8 line 3147 [ 2100.759878][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b00010200000000004000000000"], 0xf}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x47000000) 14:41:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 14:41:46 executing program 1: socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000140)="eb3c906d6b66732e6661740002047e0002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000280)='./file0\x00', 0x0) [ 2100.918969][T11966] binder: 11965:11966 got transaction with invalid parent offset or type [ 2100.969918][T11966] binder: 11965:11966 transaction failed 29201/-22, size 40-8 line 3317 14:41:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b00010200000000004000000000"], 0xf}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 2101.045597][T11976] binder_alloc: binder_alloc_mmap_handler: 11965 20000000-20002000 already mapped failed -16 14:41:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x0, 0x0, 0x0, 0x0) [ 2101.096988][T11966] binder: BINDER_SET_CONTEXT_MGR already set [ 2101.127152][T11966] binder: 11965:11966 ioctl 40046207 0 returned -16 14:41:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x49000000) [ 2101.157995][T11983] binder_alloc: 11965: binder_alloc_buf, no vma [ 2101.196387][ T8052] binder: undelivered TRANSACTION_ERROR: 29201 [ 2101.203559][T11983] binder: 11965:11983 transaction failed 29189/-3, size 40-8 line 3147 14:41:47 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2101.244195][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:49 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) getsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:49 executing program 1: futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x200080000000000a, 0x0, 0x0, 0x0, 0x2) 14:41:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) 14:41:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:49 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4b000000) [ 2103.750499][T11999] binder: 11998:11999 got transaction with invalid parent offset or type 14:41:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2103.798386][T11999] binder: 11998:11999 transaction failed 29201/-22, size 40-8 line 3317 [ 2103.826002][T12012] binder_alloc: binder_alloc_mmap_handler: 11998 20000000-20002000 already mapped failed -16 [ 2103.843417][T11999] binder: BINDER_SET_CONTEXT_MGR already set 14:41:49 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d30173"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:49 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getgid() 14:41:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4d000000) [ 2103.874670][T11999] binder: 11998:11999 ioctl 40046207 0 returned -16 [ 2103.901766][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2103.909085][T12012] binder_alloc: 11998: binder_alloc_buf, no vma 14:41:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}], &(0x7f000000afd0)=[0x0]}}], 0x0, 0x800020, 0x0}) [ 2104.086224][T12029] binder: 12028:12029 got transaction with invalid parent offset or type [ 2104.118112][T12030] binder_alloc: binder_alloc_mmap_handler: 12028 20000000-20002000 already mapped failed -16 [ 2104.148430][T12029] binder: BINDER_SET_CONTEXT_MGR already set [ 2104.165656][T12029] binder: 12028:12029 ioctl 40046207 0 returned -16 [ 2104.173925][T12030] binder_alloc: 12028: binder_alloc_buf, no vma 14:41:52 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) recvmmsg(r0, &(0x7f0000003540)=[{{&(0x7f0000000040)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000000580)=[{&(0x7f00000000c0)=""/7, 0x7}, {&(0x7f0000000100)=""/175, 0xaf}, {&(0x7f00000002c0)=""/215, 0xd7}, {&(0x7f00000001c0)=""/14, 0xe}, {&(0x7f00000003c0)=""/143, 0x8f}, {&(0x7f0000000200)=""/19, 0x13}, {&(0x7f0000000480)=""/186, 0xba}, {&(0x7f0000000540)=""/56, 0x38}], 0x8}, 0x4}, {{&(0x7f0000000600)=@caif, 0x80, &(0x7f00000016c0)=[{&(0x7f0000000680)=""/32, 0x20}, {&(0x7f00000006c0)=""/4096, 0x1000}], 0x2}, 0x9}, {{&(0x7f0000001700)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000001a80)=[{&(0x7f0000001780)=""/239, 0xef}, {&(0x7f0000001880)=""/156, 0x9c}, {&(0x7f0000001940)=""/93, 0x5d}, {&(0x7f00000019c0)=""/164, 0xa4}], 0x4, &(0x7f0000001ac0)=""/22, 0x16}, 0x2}, {{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001b00)=""/252, 0xfc}, {&(0x7f0000001c00)=""/117, 0x75}, {&(0x7f0000001c80)=""/216, 0xd8}], 0x3, &(0x7f0000001dc0)=""/170, 0xaa}, 0x4}, {{&(0x7f0000001e80)=@nfc_llcp, 0x80, &(0x7f00000022c0)=[{&(0x7f0000001f00)=""/121, 0x79}, {&(0x7f0000001f80)=""/78, 0x4e}, {&(0x7f0000002000)=""/223, 0xdf}, {&(0x7f0000002100)=""/226, 0xe2}, {&(0x7f0000002200)=""/145, 0x91}], 0x5, &(0x7f0000002340)=""/33, 0x21}, 0x1f}, {{&(0x7f0000002380)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000002580)=[{&(0x7f0000002400)=""/172, 0xac}, {&(0x7f00000024c0)=""/135, 0x87}], 0x2, &(0x7f00000025c0)=""/162, 0xa2}, 0x2}, {{0x0, 0x0, &(0x7f0000002700)=[{&(0x7f0000002680)=""/66, 0x42}], 0x1, &(0x7f0000002740)=""/66, 0x42}}, {{&(0x7f00000027c0)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000002a40)=[{&(0x7f0000002840)=""/101, 0x65}, {&(0x7f00000028c0)=""/163, 0xa3}, {&(0x7f0000002980)=""/135, 0x87}], 0x3}, 0x8}, {{&(0x7f0000002a80)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002b00)=""/71, 0x47}], 0x1, &(0x7f0000002bc0)=""/204, 0xcc}, 0x1}, {{&(0x7f0000002cc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f0000003380)=[{&(0x7f0000002d40)=""/4, 0x4}, {&(0x7f0000002d80)=""/113, 0x71}, {&(0x7f0000002e00)=""/173, 0xad}, {&(0x7f0000002ec0)=""/189, 0xbd}, {&(0x7f0000002f80)=""/114, 0x72}, {&(0x7f0000003000)=""/221, 0xdd}, {&(0x7f0000003100)=""/173, 0xad}, {&(0x7f00000031c0)=""/154, 0x9a}, {&(0x7f0000003280)=""/140, 0x8c}, {&(0x7f0000003340)=""/60, 0x3c}], 0xa, &(0x7f0000003440)=""/253, 0xfd}, 0xfccd}], 0xa, 0x10000, &(0x7f00000037c0)) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000003800)=0xfffffffffffffffb, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) r2 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x12, 0x0, 0xf) ioctl$KVM_REINJECT_CONTROL(r2, 0xae71, &(0x7f0000000000)={0x54af}) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000480)="64f5d9f7", 0x4) 14:41:52 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:52 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4f000000) 14:41:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x2]}}], 0x0, 0x800020, 0x0}) 14:41:52 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2106.856467][T12036] binder: 12035:12036 got transaction with invalid offset (2, min 0 max 40) or object. [ 2106.876290][T12036] binder_transaction: 3 callbacks suppressed [ 2106.876327][T12036] binder: 12035:12036 transaction failed 29201/-22, size 40-8 line 3241 14:41:52 executing program 1: 14:41:52 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2106.976815][T12051] binder_alloc: binder_alloc_mmap_handler: 12035 20000000-20002000 already mapped failed -16 14:41:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x51000000) [ 2107.021966][T12036] binder: BINDER_SET_CONTEXT_MGR already set [ 2107.033367][T12036] binder: 12035:12036 ioctl 40046207 0 returned -16 [ 2107.044648][T12051] binder_alloc: 12035: binder_alloc_buf, no vma 14:41:52 executing program 1: 14:41:52 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2107.065015][T12051] binder: 12035:12051 transaction failed 29189/-3, size 40-8 line 3147 [ 2107.069340][T13966] binder_release_work: 3 callbacks suppressed [ 2107.069347][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2107.144419][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:53 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = fcntl$getown(r0, 0x9) ptrace$getregs(0xe, r1, 0x9, &(0x7f0000000000)=""/149) r2 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) 14:41:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x3]}}], 0x0, 0x800020, 0x0}) 14:41:53 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:53 executing program 1: 14:41:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x53000000) 14:41:53 executing program 1: [ 2107.384400][T12070] binder: 12069:12070 got transaction with invalid offset (3, min 0 max 40) or object. 14:41:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:53 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000240), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000), 0x10e755) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x1) fcntl$setstatus(r0, 0x4, 0x2000) [ 2107.444977][T12070] binder: 12069:12070 transaction failed 29201/-22, size 40-8 line 3241 14:41:53 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x55000000) 14:41:53 executing program 4: 14:41:53 executing program 1: [ 2107.529426][T12078] binder_alloc: binder_alloc_mmap_handler: 12069 20000000-20002000 already mapped failed -16 [ 2107.536122][T12070] binder: BINDER_SET_CONTEXT_MGR already set [ 2107.623331][T12070] binder: 12069:12070 ioctl 40046207 0 returned -16 [ 2107.674133][T12090] binder_alloc: 12069: binder_alloc_buf, no vma [ 2107.687367][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2107.706500][T12090] binder: 12069:12090 transaction failed 29189/-3, size 40-8 line 3147 14:41:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x4]}}], 0x0, 0x800020, 0x0}) 14:41:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:53 executing program 1: r0 = socket(0x2, 0x80002, 0x0) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000180)=0xdc1, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000821ff0)={0x2, 0x4e20}, 0x10) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40032021) 14:41:53 executing program 4: socketpair$unix(0x1, 0x200000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040), 0x4) 14:41:53 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2107.723869][T13966] binder: undelivered TRANSACTION_ERROR: 29189 14:41:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x5e182300) 14:41:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:53 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/psched\x00') sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)}], 0x1, 0x0, 0x0, 0x20000001}, 0x800) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe9\xdc\x00', 0x200085}) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000500)=""/4096) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x2) socketpair(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000280)='security.evm\x00', &(0x7f0000000340)=@v2={0x0, 0x0, 0xf, 0x8, 0xc3, "06ecc34acace6356a005b73d3c8041c519b95b725d1eb3d42487d5493dfdf808f23f36d97228e83aefd78f504e0ff5b9d4c5071d237b9cbb50b88bdf10e90c10613b072bafde6e2d74da2b512ed3377c80a09e6109e78b3e57ca8d6a183420e39f89f5b5199350665860e36e69dc5f896992cff958398e8a1216e702994f95ca53f96c376e9b8146bc1787a2197932554e821122b057fa5e45b396cfe1ddb2e2f65156539f6acbc791f15daa81395b507038d2bb74f07988ef8fdeb5efcb37d2449e65"}, 0xcd, 0x1) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') 14:41:53 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2107.851996][T12104] binder: 12103:12104 got transaction with invalid offset (4, min 0 max 40) or object. 14:41:53 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f00000003c0)=@getspdinfo={0x14, 0x25, 0x3}, 0x14}}, 0x0) [ 2107.910040][T12104] binder: 12103:12104 transaction failed 29201/-22, size 40-8 line 3241 14:41:53 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:53 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x64000000) [ 2107.969346][T12114] binder_alloc: binder_alloc_mmap_handler: 12103 20000000-20002000 already mapped failed -16 [ 2107.999531][T12117] [ 2108.001979][T12117] ============================= [ 2108.021483][T12117] WARNING: suspicious RCU usage [ 2108.042146][T12104] binder: BINDER_SET_CONTEXT_MGR already set [ 2108.052158][T12117] 5.1.0-rc1-next-20190319 #6 Not tainted [ 2108.070891][T12104] binder: 12103:12104 ioctl 40046207 0 returned -16 [ 2108.070927][T12123] binder_alloc: 12103: binder_alloc_buf, no vma [ 2108.094545][T12117] ----------------------------- [ 2108.099647][T12117] net/xfrm/xfrm_user.c:1080 suspicious rcu_dereference_check() usage! [ 2108.118570][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2108.120456][T12123] binder: 12103:12123 transaction failed 29189/-3, size 40-8 line 3147 [ 2108.145725][T12117] [ 2108.145725][T12117] other info that might help us debug this: [ 2108.145725][T12117] [ 2108.162175][T12117] [ 2108.162175][T12117] rcu_scheduler_active = 2, debug_locks = 1 [ 2108.170707][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x5]}}], 0x0, 0x800020, 0x0}) 14:41:54 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:54 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:54 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = fcntl$dupfd(r0, 0x0, r0) connect$unix(r1, &(0x7f0000000080)=@abs, 0x6e) 14:41:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x65000000) [ 2108.192636][T12117] 1 lock held by syz-executor.1/12117: [ 2108.211833][T12117] #0: 00000000a66bcbae (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: xfrm_netlink_rcv+0x61/0x90 [ 2108.272157][T12117] [ 2108.272157][T12117] stack backtrace: [ 2108.285990][T12117] CPU: 1 PID: 12117 Comm: syz-executor.1 Not tainted 5.1.0-rc1-next-20190319 #6 [ 2108.295020][T12117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2108.305076][T12117] Call Trace: [ 2108.308379][T12117] dump_stack+0x172/0x1f0 [ 2108.312800][T12117] lockdep_rcu_suspicious+0x153/0x15d [ 2108.318216][T12117] xfrm_get_spdinfo+0x923/0xb20 [ 2108.323077][T12117] ? xfrm_send_state_notify+0x1b90/0x1b90 [ 2108.328817][T12117] ? audit_add_tree_rule+0x390/0xbc0 [ 2108.334116][T12117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2108.334904][T12137] binder: 12134:12137 transaction failed 29189/-22, size 40-8 line 2994 [ 2108.340364][T12117] ? __nla_parse+0x12a/0x340 [ 2108.340384][T12117] ? nla_parse+0x45/0x60 [ 2108.340403][T12117] ? xfrm_send_state_notify+0x1b90/0x1b90 [ 2108.340418][T12117] xfrm_user_rcv_msg+0x458/0x770 [ 2108.340437][T12117] ? xfrm_dump_sa_done+0xf0/0xf0 [ 2108.340459][T12117] ? mark_held_locks+0xf0/0xf0 [ 2108.340473][T12117] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2108.340512][T12117] ? __mutex_lock+0x3cd/0x1310 [ 2108.387991][T12117] ? xfrm_netlink_rcv+0x61/0x90 [ 2108.392856][T12117] netlink_rcv_skb+0x17a/0x460 [ 2108.397647][T12117] ? xfrm_dump_sa_done+0xf0/0xf0 [ 2108.402590][T12117] ? netlink_ack+0xb50/0xb50 [ 2108.407199][T12117] xfrm_netlink_rcv+0x70/0x90 [ 2108.411886][T12117] netlink_unicast+0x536/0x720 [ 2108.416667][T12117] ? netlink_attachskb+0x770/0x770 [ 2108.421833][T12117] ? _copy_from_iter_full+0x259/0x8f0 [ 2108.427214][T12117] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2108.432938][T12117] ? __check_object_size+0x3d/0x42f [ 2108.438151][T12117] netlink_sendmsg+0x8ae/0xd70 [ 2108.442925][T12117] ? netlink_unicast+0x720/0x720 [ 2108.447876][T12117] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 2108.453434][T12117] ? apparmor_socket_sendmsg+0x2a/0x30 [ 2108.458902][T12117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2108.465187][T12117] ? security_socket_sendmsg+0x93/0xc0 [ 2108.470655][T12117] ? netlink_unicast+0x720/0x720 [ 2108.475601][T12117] sock_sendmsg+0xdd/0x130 [ 2108.480026][T12117] ___sys_sendmsg+0x806/0x930 [ 2108.484709][T12117] ? copy_msghdr_from_user+0x430/0x430 [ 2108.490190][T12117] ? kasan_check_read+0x11/0x20 [ 2108.495051][T12117] ? __fget+0x381/0x550 [ 2108.499224][T12117] ? ksys_dup3+0x3e0/0x3e0 [ 2108.503682][T12117] ? lock_downgrade+0x880/0x880 [ 2108.508544][T12117] ? __fget_light+0x1a9/0x230 [ 2108.513227][T12117] ? __fdget+0x1b/0x20 [ 2108.517301][T12117] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2108.523549][T12117] __sys_sendmsg+0x105/0x1d0 [ 2108.528145][T12117] ? __ia32_sys_shutdown+0x80/0x80 [ 2108.533278][T12117] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2108.538742][T12117] ? do_syscall_64+0x26/0x610 [ 2108.543431][T12117] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2108.549502][T12117] ? do_syscall_64+0x26/0x610 [ 2108.554190][T12117] __x64_sys_sendmsg+0x78/0xb0 [ 2108.558959][T12117] do_syscall_64+0x103/0x610 [ 2108.563564][T12117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2108.569459][T12117] RIP: 0033:0x458079 [ 2108.573360][T12117] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2108.592964][T12117] RSP: 002b:00007f298ee73c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2108.601384][T12117] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458079 [ 2108.609355][T12117] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003 14:41:54 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') getdents(r0, &(0x7f0000000040)=""/46, 0x2e) getdents(r0, &(0x7f0000000080)=""/128, 0x80) 14:41:54 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2108.617329][T12117] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2108.625303][T12117] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f298ee746d4 [ 2108.633276][T12117] R13: 00000000004c56c3 R14: 00000000004d95f0 R15: 00000000ffffffff [ 2108.649696][T12137] binder: 12134:12137 transaction failed 29189/-22, size 40-8 line 2994 14:41:54 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x6]}}], 0x0, 0x800020, 0x0}) [ 2108.693261][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 [ 2108.702156][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:54 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f00000003c0)=@getspdinfo={0x14, 0x25, 0x3}, 0x14}}, 0x0) 14:41:54 executing program 4: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000180)=@full={0xb, @remote, @netrom, 0x600, [@netrom, @bcast, @rose, @remote, @rose, @default]}, 0x40) 14:41:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x66000000) 14:41:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:54 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2108.812157][T12148] binder: 12147:12148 got transaction with invalid offset (6, min 0 max 40) or object. [ 2108.861146][T12148] binder: 12147:12148 transaction failed 29201/-22, size 40-8 line 3241 14:41:54 executing program 4: syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000080), 0x1c) pipe(&(0x7f0000000640)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28) 14:41:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2108.902656][T12159] binder_alloc: binder_alloc_mmap_handler: 12147 20000000-20002000 already mapped failed -16 14:41:54 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[]}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x67000000) [ 2108.970751][T12148] binder: BINDER_SET_CONTEXT_MGR already set [ 2108.995326][T12164] tls_set_device_offload_rx: netdev lo with no TLS offload 14:41:54 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x202, 0x1) ioctl$KVM_SET_CPUID(r0, 0x40085511, 0x0) 14:41:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2109.035483][T12148] binder: 12147:12148 ioctl 40046207 0 returned -16 [ 2109.048702][T13966] binder: undelivered TRANSACTION_ERROR: 29201 [ 2109.063909][T12159] binder: 12147:12159 transaction failed 29189/-22, size 40-8 line 2994 [ 2109.082272][T12171] tls_set_device_offload_rx: netdev lo with no TLS offload [ 2109.109831][ T8052] binder: undelivered TRANSACTION_ERROR: 29189 14:41:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x7]}}], 0x0, 0x800020, 0x0}) 14:41:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:55 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[]}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000080), 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28) 14:41:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() r2 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/222, 0xde}], 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x2000000000000015) sendmsg$nl_generic(r2, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20111010}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0x90, 0x20, 0x100, 0x70bd2b, 0x25dfdbfb, {0xf}, [@generic="589b107064873ef414c6ead68b89a31828b2013f6866033a0aeb1bbcb97982101c150ab6135243959f986f3cd9fed176365d6436024ea8d4327eb7964c25ee8bbed45fa6fcfb163f979428decb17cdb495af41a9024c63c6ca5ab7952ff845350abbfe1ef9d26f9f812a97acf5a9fe3df973b64d", @typed={0x8, 0x82, @pid=r1}]}, 0x90}, 0x1, 0x0, 0x0, 0x40000}, 0x1) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x6685) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000044c0)=[{0x0, 0x0, 0x0}], 0x1, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000180)) openat$nullb(0xffffffffffffff9c, 0x0, 0x8000002000, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) 14:41:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x7e0f0000) [ 2109.239425][T12181] binder: 12178:12181 got transaction with invalid offset (7, min 0 max 40) or object. 14:41:55 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2109.290298][T12185] tls_set_device_offload_rx: netdev lo with no TLS offload [ 2109.314382][T12190] binder_alloc: binder_alloc_mmap_handler: 12178 20000000-20002000 already mapped failed -16 14:41:55 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[]}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2109.357969][T12181] binder: BINDER_SET_CONTEXT_MGR already set 14:41:55 executing program 1: ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28) 14:41:55 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2109.406956][T12181] binder: 12178:12181 ioctl 40046207 0 returned -16 [ 2109.446647][T12201] binder_alloc: 12178: binder_alloc_buf, no vma 14:41:55 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000100)={{}, {}, 0x0, 0x0, 0x0, [], [0x0, 0x0, 0x0, 0xff03]}) 14:41:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x80040000) [ 2109.462082][T12200] tls_set_device_offload_rx: netdev lo with no TLS offload 14:41:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x8]}}], 0x0, 0x800020, 0x0}) 14:41:55 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:55 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB]}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:55 executing program 1: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x1000100) fsetxattr$security_evm(r0, &(0x7f0000000000)='security.evm\x00', 0x0, 0x0, 0x0) lseek(r0, 0x0, 0x3) 14:41:55 executing program 4: syz_emit_ethernet(0x3e, &(0x7f0000000200)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x4, 0x0, @remote={0xac, 0x223}, @dev}, @icmp=@parameter_prob={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) 14:41:55 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2109.673178][T12217] binder: 12211:12217 got transaction with invalid offset (8, min 0 max 40) or object. 14:41:55 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0) getdents(r0, &(0x7f00000000c0)=""/168, 0xfffffffffffffe85) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r1 = socket(0x1e, 0x4, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000600)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(0xffffffffffffffff, 0x0, 0x8000) getsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f0000000180), &(0x7f00000001c0)=0x4) fremovexattr(r1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000080), 0x10) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000640)) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r0, &(0x7f0000000380)={0x6, 0x118, 0xfa00, {{0x81, 0x101, "a863d8e1d07709536bf187184069a92d0caa5a7f23544d4b93c96ab9981429adf98d41bdfd2b3447c3ffb07e24304b2450ebca80cc34768910da79ea89f573e6692962bb20e61d1c1bcef06a971bc6f7878d83d34001dbf5bddc86882826bb356519a39a7df756f9d99247bb01a01a5668de4f831952d8d4ffbc775368d0020a4982138c29f0c622961d3bfb73ff464fc8b8d660790f5dee971611e8790914052a00fb019b6c926a88b556311816310b9b356742a4ef0e5664de50f0e6b05be2d85d4b5416297c20867ab878a69d97f613e98c3cbad4bf4f824af42c8abcc86f2613c858257f821d01cf93880657a9e24f6fd439aa7e84cfa4aab5551d29fd6c", 0x9e, 0x800, 0x854, 0x400, 0x5, 0x8, 0x200, 0x1}, r3}}, 0x120) readv(r2, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) connect$l2tp(0xffffffffffffffff, &(0x7f0000000700)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x3}}, 0x26) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x62) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}, &(0x7f00000000c0)=0x10) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc, 0x0, 0x2}, 0x10) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000200)={0x0, 0x0, 'client0\x00', 0x0, "4e1520351b1a6a61", "8b3d83d2e50a9a9bcedf1129c0052bfe6a8d5eab4d1b0a7b690018baffdd2ddb"}) openat$userio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/userio\x00', 0x40000000, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000680)='TIPCv2\x00') clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 14:41:55 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB]}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe8030000) 14:41:55 executing program 1: clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() nanosleep(&(0x7f00000002c0)={0x7fffffffffffffff, 0x3b9ac9ff}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, 0x0) tkill(r0, 0x34) [ 2109.766999][T12225] binder_alloc: binder_alloc_mmap_handler: 12211 20000000-20002000 already mapped failed -16 [ 2109.797041][T12225] binder_alloc: 12211: binder_alloc_buf, no vma [ 2109.797365][T12217] binder: BINDER_SET_CONTEXT_MGR already set 14:41:55 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf04fa500) [ 2109.886873][T12217] binder: 12211:12217 ioctl 40046207 0 returned -16 14:41:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0xa]}}], 0x0, 0x800020, 0x0}) 14:41:55 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB]}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x101) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000100), 0x28) 14:41:55 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) [ 2110.024126][T12251] tls_set_device_offload_rx: netdev lo with no TLS offload [ 2110.054393][T12253] binder: 12249:12253 got transaction with invalid offset (10, min 0 max 40) or object. 14:41:55 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="0212000002000000"], 0x8}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf0ffffff) [ 2110.179084][T12259] binder_alloc: binder_alloc_mmap_handler: 12249 20000000-20002000 already mapped failed -16 [ 2110.223871][T12253] binder: BINDER_SET_CONTEXT_MGR already set [ 2110.252838][T12253] binder: 12249:12253 ioctl 40046207 0 returned -16 14:41:56 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000180)=0x1) 14:41:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:56 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$hfsplus(&(0x7f0000000140)='hfsplus\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 2110.287262][T12261] binder_alloc: 12249: binder_alloc_buf, no vma 14:41:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x12]}}], 0x0, 0x800020, 0x0}) 14:41:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) 14:41:56 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_open_procfs(0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x7, 0x0, "daf2c82ef0a4a7fc37bd440c2ea6593f9e24d66405bb48bcfa18288ee8607032d55e3c40da1ab81fef5b37f7d17e608c345d496f6975ffe9d2166bb2e38910798fc7454ae92070dbaa7e5e92da221017"}, 0xd8) syz_genetlink_get_family_id$tipc(0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x40004e22}, 0x1c) sendto$inet6(r0, 0x0, 0x1b4, 0x200408d4, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000100)="8d6e53d715b82d87f4006fba555a5921264282c67ed5ad1517b9cb199e47b6177ec701c98075ada7a77d7c5fd82394222632c46964dbf74c5470d9f953e97a9345f1ebb9d2132c713c22da17f1b753a1f4dd7f80ea359e09a175658494e4d9234135fa0bccbfff5af89f8b20ff986ea5f1e73d8e4739d7c99c11d46b0cf79310d167cc1bbdeaf2a81d7d823017d221e8426d557e6435ae3a4e887f6ffd158dc002a52fed225f9d8245ec22cb8107c986f64f1486bd70f0f520d52f9635", 0xbd, 0x4000810, 0x0, 0x0) 14:41:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000180)="f30f205e27c744240092000000c744240200380000c7442406000000000f011c24b805000000b9000000000f01d90f231c83dd6266baf80cb81818e984ef66bafc0cb8ff000000ef66b828000f00d0b9020b00000f32c4e2cdbe01", 0x5b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2110.423682][T12276] binder: 12275:12276 got transaction with invalid offset (18, min 0 max 40) or object. 14:41:56 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="0212000002000000"], 0x8}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf2ffffff) 14:41:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, 0x0, 0x0) [ 2110.497945][T12279] binder_alloc: binder_alloc_mmap_handler: 12275 20000000-20002000 already mapped failed -16 [ 2110.558910][T12276] binder: BINDER_SET_CONTEXT_MGR already set [ 2110.588748][T12276] binder: 12275:12276 ioctl 40046207 0 returned -16 14:41:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f123c123f3188b070") mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) unshare(0x24020400) lseek(r1, 0x80000000002, 0x1) [ 2110.606596][T12291] binder_alloc: 12275: binder_alloc_buf, no vma 14:41:56 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="0212000002000000"], 0x8}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 14:41:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x44, 0x0, &(0x7f0000004fbc)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f000026c000)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f000000afd0)=[0x30]}}], 0x0, 0x800020, 0x0}) 14:41:56 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48) r0 = socket$kcm(0xa, 0x800000005, 0x0) sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0xa, 0x0, @local={0xac, 0x2c0}}, 0xffd6, &(0x7f0000000640), 0x98, &(0x7f0000000180)=[{0x20}], 0x20}, 0xfc) 14:41:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, 0x0, 0x0) 14:41:56 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000100)={0x0, 0x101000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffe65) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf3ffffff) 14:41:56 executing program 4: [ 2110.751460][T12303] ------------[ cut here ]------------ [ 2110.756964][T12303] kernel BUG at drivers/android/binder_alloc.c:1141! [ 2110.827253][T12303] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 2110.833392][T12303] CPU: 0 PID: 12303 Comm: syz-executor.3 Not tainted 5.1.0-rc1-next-20190319 #6 [ 2110.842407][T12303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2110.852487][T12303] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 14:41:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) bind$alg(r0, 0x0, 0x0) 14:41:56 executing program 4: 14:41:56 executing program 4: [ 2110.858990][T12303] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 ef 43 22 fc 4c 89 e6 4c 89 ef e8 04 45 22 fc 4d 39 e5 76 07 e8 da 43 22 fc <0f> 0b e8 d3 43 22 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 e1 [ 2110.878607][T12303] RSP: 0018:ffff8882151e7550 EFLAGS: 00010216 [ 2110.884672][T12303] RAX: 0000000000040000 RBX: 0000000020000000 RCX: ffffc9000c426000 [ 2110.885022][T12311] kobject: 'kvm' (000000003c7445ed): kobject_uevent_env [ 2110.892646][T12303] RDX: 00000000000003c6 RSI: ffffffff854e5626 RDI: 0000000000000006 [ 2110.892660][T12303] RBP: ffff8882151e75d0 R08: ffff888056bd6280 R09: 0000000000000028 [ 2110.892667][T12303] R10: ffffed1042a3cf01 R11: ffff8882151e780f R12: 0000000000000008 14:41:56 executing program 4: [ 2110.892675][T12303] R13: 0000000000000028 R14: 0000000000000030 R15: 0000000000000000 [ 2110.892686][T12303] FS: 00007f7d08d6d700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 2110.892693][T12303] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2110.892702][T12303] CR2: 000000000073c000 CR3: 0000000218dbe000 CR4: 00000000001426f0 [ 2110.892710][T12303] Call Trace: [ 2110.892732][T12303] ? memcpy+0x46/0x50 [ 2110.892757][T12303] binder_alloc_copy_from_buffer+0x37/0x42 [ 2110.968365][T12303] binder_get_object+0xc3/0x200 [ 2110.973233][T12303] binder_transaction+0x2b4a/0x6690 [ 2110.978450][T12303] ? binder_thread_read+0x3d50/0x3d50 [ 2110.985351][T12303] ? __lock_acquire+0x548/0x3fb0 [ 2110.987204][T12310] kobject: 'kvm' (000000003c7445ed): kobject_uevent_env [ 2110.990298][T12303] ? __might_fault+0x12b/0x1e0 [ 2110.990327][T12303] ? lock_downgrade+0x880/0x880 [ 2110.990350][T12303] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2110.990369][T12303] ? _copy_from_user+0xdd/0x150 [ 2111.017951][T12303] binder_thread_write+0x64a/0x2820 14:41:56 executing program 4: [ 2111.023158][T12303] ? binder_transaction+0x6690/0x6690 [ 2111.028532][T12303] ? __might_fault+0x12b/0x1e0 [ 2111.030644][T12310] kobject: 'kvm' (000000003c7445ed): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2111.033318][T12303] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2111.033333][T12303] ? _copy_from_user+0xdd/0x150 [ 2111.033349][T12303] binder_ioctl+0x1033/0x183b [ 2111.033369][T12303] ? binder_thread_write+0x2820/0x2820 [ 2111.064253][T12303] ? tomoyo_path_number_perm+0x263/0x520 [ 2111.069896][T12303] ? tomoyo_execute_permission+0x4a0/0x4a0 14:41:56 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ip6_flowlabel\x00') ioctl$LOOP_SET_FD(r0, 0x4c00, r0) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a3068d085f45466295fa6994adfc379daaa29d63eb171e7d862431e9c9ddce6dbd48f31da69023c0315eb00b83fb5520e8b77e560fb51c55a9045c34347f6a4e895c7360fb6ee1ed7e6cb399d1e67c8dfb4ac3cb2301994040a6c7c85e5c1441aa79b42fa56b436e618d4e7200929deb4a1a0f9a5201d912e23b82450d33915069de930c3bde2b380e49c21bfcc8b89e0247cd46cb14c9e15b1882523e4f321fac696b0d344834998ba19c82f92aeacd96cc7b31a605ca81b166d8a801c729a14849273573aee0000000000000000000000"], 0xd4) preadv(r0, &(0x7f0000000700), 0x31f, 0x0) preadv(r0, &(0x7f0000000540)=[{&(0x7f0000000100)=""/208, 0xd0}, {&(0x7f0000000300)=""/235, 0xeb}, {&(0x7f0000000400)=""/213, 0xd5}, {&(0x7f0000000200)=""/175, 0xaf}, {&(0x7f0000000500)=""/10, 0xa}], 0x5, 0x0) [ 2111.075721][T12303] ? binder_thread_write+0x2820/0x2820 [ 2111.081181][T12303] do_vfs_ioctl+0xd6e/0x1390 [ 2111.085034][T12311] kobject: 'kvm' (000000003c7445ed): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2111.085773][T12303] ? ioctl_preallocate+0x210/0x210 [ 2111.085788][T12303] ? __fget+0x381/0x550 [ 2111.085807][T12303] ? ksys_dup3+0x3e0/0x3e0 [ 2111.109153][T12303] ? nsecs_to_jiffies+0x30/0x30 [ 2111.114012][T12303] ? tomoyo_file_ioctl+0x23/0x30 [ 2111.118954][T12303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2111.125217][T12303] ? security_file_ioctl+0x93/0xc0 [ 2111.130337][T12303] ksys_ioctl+0xab/0xd0 [ 2111.134497][T12303] __x64_sys_ioctl+0x73/0xb0 [ 2111.139117][T12303] do_syscall_64+0x103/0x610 [ 2111.143729][T12303] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2111.149623][T12303] RIP: 0033:0x458079 [ 2111.153336][T12310] kobject: 'kvm' (000000003c7445ed): kobject_uevent_env [ 2111.153522][T12303] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2111.180026][T12303] RSP: 002b:00007f7d08d6cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2111.188434][T12310] kobject: 'kvm' (000000003c7445ed): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2111.198137][T12303] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458079 [ 2111.206107][T12303] RDX: 0000000020008000 RSI: 00000000c0306201 RDI: 0000000000000003 [ 2111.214089][T12303] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2111.222062][T12303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7d08d6d6d4 [ 2111.230039][T12303] R13: 00000000004bf2fa R14: 00000000004d0ce0 R15: 00000000ffffffff [ 2111.231593][ T3879] kobject: 'loop5' (00000000dea3e9fc): kobject_uevent_env [ 2111.238015][T12303] Modules linked in: [ 2111.239969][T12303] ---[ end trace 7ef5daacbe5d06b5 ]--- [ 2111.250395][ T3879] kobject: 'loop5' (00000000dea3e9fc): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2111.254857][T12303] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 14:41:57 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097"], 0xc}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) [ 2111.271634][T12303] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 ef 43 22 fc 4c 89 e6 4c 89 ef e8 04 45 22 fc 4d 39 e5 76 07 e8 da 43 22 fc <0f> 0b e8 d3 43 22 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 e1 [ 2111.291443][T12303] RSP: 0018:ffff8882151e7550 EFLAGS: 00010216 [ 2111.297679][T12303] RAX: 0000000000040000 RBX: 0000000020000000 RCX: ffffc9000c426000 [ 2111.305938][T12303] RDX: 00000000000003c6 RSI: ffffffff854e5626 RDI: 0000000000000006 [ 2111.317917][T12303] RBP: ffff8882151e75d0 R08: ffff888056bd6280 R09: 0000000000000028 [ 2111.326070][T12303] R10: ffffed1042a3cf01 R11: ffff8882151e780f R12: 0000000000000008 [ 2111.334160][T12303] R13: 0000000000000028 R14: 0000000000000030 R15: 0000000000000000 [ 2111.342344][T12303] FS: 00007f7d08d6d700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 2111.351430][T12303] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2111.358190][T12303] CR2: 0000000020001000 CR3: 0000000218dbe000 CR4: 00000000001426f0 [ 2111.376092][T12303] Kernel panic - not syncing: Fatal exception [ 2111.382880][T12303] Kernel Offset: disabled [ 2111.387195][T12303] Rebooting in 86400 seconds..