er: 21751:21752 ioctl c0306201 0 returned -14 07:32:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:06 executing program 1: r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:06 executing program 2: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 07:32:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:32:06 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0x80800, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) tgkill(r0, r0, 0x8) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) io_setup(0x401, &(0x7f0000000140)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 585.544092][T21762] binder: 21761:21762 ioctl c0306201 0 returned -14 [ 585.552945][T21760] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 585.568151][ T12] binder: release 21759:21764 transaction 55 out, still active [ 585.581748][ T12] binder: unexpected work type, 4, not freed 07:32:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 585.582598][T21760] netlink: 'syz-executor.1': attribute type 29 has an invalid length. 07:32:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 585.619528][ T12] binder: undelivered TRANSACTION_COMPLETE 07:32:06 executing program 1: socket$inet(0x10, 0x2, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000013e95), 0x4) ioctl$sock_SIOCETHTOOL(r5, 0x8971, &(0x7f0000000040)={'gretap0:\x00', 0x0}) close(r5) close(r4) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r6, 0x0) 07:32:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:32:06 executing program 2: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) [ 585.723897][ T22] binder: release 21778:21779 transaction 58 out, still active [ 585.731581][ T22] binder: unexpected work type, 4, not freed [ 585.758687][ T22] binder: undelivered TRANSACTION_COMPLETE 07:32:06 executing program 0: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000140)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000), &(0x7f0000000200)=0x4) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000240)={0xeaf, 0x0, 0x2, 0x4576, 0x1, 0x40, 0x9, 0x0, 0x8, 0x1}) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:06 executing program 1: socket$inet(0x10, 0x2, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:32:06 executing program 1: socket$inet(0x10, 0x2, 0x4) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:07 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:07 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, 0x0, 0x0) 07:32:07 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) ioctl$TIOCSPGRP(r1, 0x5410, &(0x7f0000000200)=r0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x9) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:32:07 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, 0x0, 0x0) 07:32:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:32:07 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, 0x0, 0x0) 07:32:09 executing program 2: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 07:32:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:32:09 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 07:32:09 executing program 0: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000140)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000), &(0x7f0000000200)=0x4) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000240)={0xeaf, 0x0, 0x2, 0x4576, 0x1, 0x40, 0x9, 0x0, 0x8, 0x1}) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:09 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:09 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/create\x00', 0x2, 0x0) r2 = syz_open_dev$vivid(&(0x7f0000000200)='/dev/video#\x00', 0x3, 0x2) sendfile(r1, r2, &(0x7f0000000240), 0x8) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r3, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r5, 0x0) write(r5, &(0x7f0000c34fff), 0xffffff0b) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:09 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 07:32:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 588.970759][ T22] binder: release 21861:21863 transaction 61 out, still active 07:32:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:32:09 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) [ 589.014343][ T22] binder: undelivered TRANSACTION_COMPLETE [ 589.097518][ T12] binder: release 21867:21869 transaction 62 out, still active [ 589.113844][ T12] binder: undelivered TRANSACTION_COMPLETE 07:32:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:32:10 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) [ 589.248784][ T12] binder: release 21873:21875 transaction 63 out, still active [ 589.260033][ T12] binder: undelivered TRANSACTION_COMPLETE 07:32:12 executing program 2: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 07:32:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:32:12 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) 07:32:12 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:12 executing program 0: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000140)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000), &(0x7f0000000200)=0x4) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000240)={0xeaf, 0x0, 0x2, 0x4576, 0x1, 0x40, 0x9, 0x0, 0x8, 0x1}) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:12 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vcs\x00', 0x400, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r3, 0x5411, &(0x7f00000004c0)) openat$nullb(0xffffffffffffff9c, &(0x7f0000000440)='/dev/nullb0\x00', 0x80000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000140), &(0x7f0000000200)=0x4) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000240)={0x0}) ioctl$DRM_IOCTL_DMA(r1, 0xc0406429, &(0x7f00000003c0)={r5, 0x4, &(0x7f00000002c0)=[0x7fffffff, 0x3, 0x1, 0x1], &(0x7f0000000300)=[0xffffffff, 0x8], 0x37, 0x5, 0x0, &(0x7f0000000340)=[0x80, 0x4, 0x4, 0xf3c, 0x1f], &(0x7f0000000380)=[0x1, 0x80000000]}) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:32:12 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) [ 591.898012][ T22] binder: release 21885:21887 transaction 64 out, still active [ 591.924019][ T22] binder: undelivered TRANSACTION_COMPLETE [ 592.011983][ T22] binder: release 21903:21904 transaction 65 out, still active 07:32:12 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) 07:32:13 executing program 2: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000140)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000), &(0x7f0000000200)=0x4) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000240)={0xeaf, 0x0, 0x2, 0x4576, 0x1, 0x40, 0x9, 0x0, 0x8, 0x1}) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 592.062327][ T22] binder: undelivered TRANSACTION_COMPLETE 07:32:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:32:13 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) 07:32:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 592.243413][ T22] binder: release 21916:21917 transaction 66 out, still active [ 592.273227][ T22] binder: undelivered TRANSACTION_COMPLETE 07:32:13 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) [ 592.423301][T21924] binder: 21922:21924 got transaction with invalid offset (0, min 0 max 0) or object. [ 592.472256][T21924] binder: 21922:21924 transaction failed 29201/-22, size 0-8 line 3241 [ 592.502945][ T22] binder: undelivered TRANSACTION_ERROR: 29201 07:32:13 executing program 3: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xc8, r4, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'dummy0\x00'}}]}, @TIPC_NLA_MEDIA={0x68, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe96}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3d}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x44800}, 0x815) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) sched_getattr(r0, &(0x7f0000000140), 0x30, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:13 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:14 executing program 0: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x1c, r4, 0x200, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:14 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)}], 0x1}, 0x0) 07:32:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) write$P9_RLINK(r1, &(0x7f0000000140)={0x7, 0x47, 0x2}, 0x7) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:14 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)}], 0x1}, 0x0) 07:32:14 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000340)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) timer_gettime(0x0, 0x0) ioctl(r0, 0xc1004111, &(0x7f0000000000)) 07:32:14 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:14 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)}], 0x1}, 0x0) 07:32:14 executing program 2 (fault-call:1 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 593.712152][T21962] FAULT_INJECTION: forcing a failure. [ 593.712152][T21962] name failslab, interval 1, probability 0, space 0, times 0 07:32:14 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b682", 0x26}], 0x1}, 0x0) [ 593.822206][T21962] CPU: 1 PID: 21962 Comm: syz-executor.2 Not tainted 5.1.0-rc2+ #38 [ 593.830207][T21962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 593.840248][T21962] Call Trace: [ 593.843535][T21962] dump_stack+0x172/0x1f0 [ 593.847864][T21962] should_fail.cold+0xa/0x15 [ 593.852451][T21962] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 593.858257][T21962] ? ___might_sleep+0x163/0x280 [ 593.863102][T21962] __should_failslab+0x121/0x190 [ 593.868030][T21962] should_failslab+0x9/0x14 [ 593.872529][T21962] kmem_cache_alloc_trace+0x2d1/0x760 [ 593.877893][T21962] ? kasan_check_read+0x11/0x20 [ 593.882746][T21962] ? do_raw_spin_unlock+0x57/0x270 [ 593.887848][T21962] ? _raw_spin_unlock+0x2d/0x50 [ 593.892765][T21962] binder_get_thread+0x1db/0x7c0 [ 593.897698][T21962] ? __might_sleep+0x95/0x190 [ 593.902369][T21962] binder_ioctl+0x1e5/0x183b [ 593.906952][T21962] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 593.913189][T21962] ? binder_thread_write+0x2820/0x2820 [ 593.918663][T21962] ? tomoyo_path_number_perm+0x263/0x520 [ 593.924283][T21962] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 593.930092][T21962] ? ___might_sleep+0x163/0x280 [ 593.934943][T21962] ? binder_thread_write+0x2820/0x2820 [ 593.940419][T21962] do_vfs_ioctl+0xd6e/0x1390 [ 593.945008][T21962] ? ioctl_preallocate+0x210/0x210 [ 593.950136][T21962] ? selinux_file_mprotect+0x620/0x620 [ 593.955601][T21962] ? __fget+0x381/0x550 [ 593.959750][T21962] ? ksys_dup3+0x3e0/0x3e0 [ 593.964166][T21962] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 593.970393][T21962] ? fput_many+0x12c/0x1a0 [ 593.974799][T21962] ? tomoyo_file_ioctl+0x23/0x30 [ 593.979730][T21962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 593.986002][T21962] ? security_file_ioctl+0x93/0xc0 [ 593.991103][T21962] ksys_ioctl+0xab/0xd0 [ 593.995249][T21962] __x64_sys_ioctl+0x73/0xb0 [ 593.999838][T21962] do_syscall_64+0x103/0x610 [ 594.004421][T21962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.010298][T21962] RIP: 0033:0x458209 [ 594.014182][T21962] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 594.033935][T21962] RSP: 002b:00007facb9fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 594.042330][T21962] RAX: ffffffffffffffda RBX: 00007facb9fd9c90 RCX: 0000000000458209 [ 594.050287][T21962] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 594.058252][T21962] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 07:32:14 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b682", 0x26}], 0x1}, 0x0) [ 594.066213][T21962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007facb9fda6d4 [ 594.074176][T21962] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 07:32:15 executing program 3: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xc8, r4, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'dummy0\x00'}}]}, @TIPC_NLA_MEDIA={0x68, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe96}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3d}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x44800}, 0x815) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) sched_getattr(r0, &(0x7f0000000140), 0x30, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:15 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b682", 0x26}], 0x1}, 0x0) [ 594.362211][T21962] binder: 21961:21962 ioctl c0306201 20000440 returned -12 07:32:15 executing program 0 (fault-call:10 fault-nth:0): clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:15 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30", 0x39}], 0x1}, 0x0) 07:32:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) syz_open_procfs$namespace(r0, &(0x7f0000000140)='ns/cgroup\x00') ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:15 executing program 2 (fault-call:1 fault-nth:1): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:15 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:15 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30", 0x39}], 0x1}, 0x0) [ 594.969882][T22002] FAULT_INJECTION: forcing a failure. [ 594.969882][T22002] name failslab, interval 1, probability 0, space 0, times 0 [ 595.022792][T22002] CPU: 1 PID: 22002 Comm: syz-executor.2 Not tainted 5.1.0-rc2+ #38 [ 595.030784][T22002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 595.040828][T22002] Call Trace: [ 595.044122][T22002] dump_stack+0x172/0x1f0 [ 595.048453][T22002] should_fail.cold+0xa/0x15 [ 595.053045][T22002] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 595.058860][T22002] ? ___might_sleep+0x163/0x280 [ 595.063714][T22002] __should_failslab+0x121/0x190 [ 595.068651][T22002] should_failslab+0x9/0x14 [ 595.073146][T22002] kmem_cache_alloc_trace+0x2d1/0x760 [ 595.078518][T22002] ? kasan_check_read+0x11/0x20 [ 595.083360][T22002] ? do_raw_spin_unlock+0x57/0x270 [ 595.088458][T22002] ? _raw_spin_unlock+0x2d/0x50 [ 595.093298][T22002] binder_transaction+0x8d9/0x6690 [ 595.098394][T22002] ? lock_downgrade+0x880/0x880 [ 595.103228][T22002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 595.109455][T22002] ? kasan_check_read+0x11/0x20 [ 595.114300][T22002] ? is_bpf_text_address+0xd3/0x170 [ 595.119496][T22002] ? binder_thread_read+0x3d50/0x3d50 [ 595.125493][T22002] ? find_held_lock+0x35/0x130 [ 595.130252][T22002] ? __might_fault+0x12b/0x1e0 [ 595.135009][T22002] ? lock_downgrade+0x880/0x880 [ 595.139886][T22002] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 595.146113][T22002] ? _copy_from_user+0xdd/0x150 [ 595.150954][T22002] binder_thread_write+0x64a/0x2820 [ 595.156230][T22002] ? binder_transaction+0x6690/0x6690 [ 595.161591][T22002] ? __might_fault+0x12b/0x1e0 [ 595.166364][T22002] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 595.172589][T22002] ? _copy_from_user+0xdd/0x150 [ 595.177537][T22002] binder_ioctl+0x1033/0x183b [ 595.182206][T22002] ? binder_thread_write+0x2820/0x2820 [ 595.187817][T22002] ? tomoyo_path_number_perm+0x263/0x520 [ 595.193439][T22002] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 595.199730][T22002] ? binder_thread_write+0x2820/0x2820 [ 595.205176][T22002] do_vfs_ioctl+0xd6e/0x1390 [ 595.209756][T22002] ? ioctl_preallocate+0x210/0x210 [ 595.214854][T22002] ? selinux_file_mprotect+0x620/0x620 [ 595.220390][T22002] ? __fget+0x381/0x550 [ 595.224544][T22002] ? ksys_dup3+0x3e0/0x3e0 [ 595.228945][T22002] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 595.235165][T22002] ? fput_many+0x12c/0x1a0 [ 595.239582][T22002] ? tomoyo_file_ioctl+0x23/0x30 [ 595.244513][T22002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 595.250747][T22002] ? security_file_ioctl+0x93/0xc0 [ 595.255854][T22002] ksys_ioctl+0xab/0xd0 [ 595.260004][T22002] __x64_sys_ioctl+0x73/0xb0 [ 595.264589][T22002] do_syscall_64+0x103/0x610 [ 595.269172][T22002] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 595.275071][T22002] RIP: 0033:0x458209 [ 595.278960][T22002] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 595.298548][T22002] RSP: 002b:00007facb9fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 595.306942][T22002] RAX: ffffffffffffffda RBX: 00007facb9fd9c90 RCX: 0000000000458209 [ 595.314894][T22002] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 07:32:16 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30", 0x39}], 0x1}, 0x0) [ 595.322850][T22002] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 595.330808][T22002] R10: 0000000000000000 R11: 0000000000000246 R12: 00007facb9fda6d4 [ 595.338764][T22002] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 07:32:16 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d", 0x43}], 0x1}, 0x0) 07:32:16 executing program 2 (fault-call:1 fault-nth:2): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 595.438673][T22002] binder: 22000:22002 transaction failed 29201/-12, size 0-8 line 3073 [ 595.462549][ T22] binder: undelivered TRANSACTION_ERROR: 29201 07:32:16 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d", 0x43}], 0x1}, 0x0) [ 595.596206][T22018] FAULT_INJECTION: forcing a failure. [ 595.596206][T22018] name failslab, interval 1, probability 0, space 0, times 0 [ 595.612260][T22018] CPU: 1 PID: 22018 Comm: syz-executor.2 Not tainted 5.1.0-rc2+ #38 [ 595.620242][T22018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 595.630396][T22018] Call Trace: [ 595.633685][T22018] dump_stack+0x172/0x1f0 [ 595.638021][T22018] should_fail.cold+0xa/0x15 [ 595.642603][T22018] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 595.648401][T22018] ? ___might_sleep+0x163/0x280 [ 595.653241][T22018] __should_failslab+0x121/0x190 [ 595.658236][T22018] should_failslab+0x9/0x14 [ 595.662724][T22018] kmem_cache_alloc_trace+0x2d1/0x760 [ 595.668084][T22018] ? lockdep_init_map+0x1be/0x6d0 [ 595.673105][T22018] binder_transaction+0x9b8/0x6690 [ 595.678205][T22018] ? lock_downgrade+0x880/0x880 [ 595.683039][T22018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 595.689354][T22018] ? kasan_check_read+0x11/0x20 [ 595.694197][T22018] ? is_bpf_text_address+0xd3/0x170 [ 595.699392][T22018] ? binder_thread_read+0x3d50/0x3d50 [ 595.704758][T22018] ? find_held_lock+0x35/0x130 [ 595.709514][T22018] ? __might_fault+0x12b/0x1e0 [ 595.714277][T22018] ? lock_downgrade+0x880/0x880 [ 595.719124][T22018] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 595.725349][T22018] ? _copy_from_user+0xdd/0x150 [ 595.730190][T22018] binder_thread_write+0x64a/0x2820 [ 595.735385][T22018] ? binder_transaction+0x6690/0x6690 [ 595.740742][T22018] ? __might_fault+0x12b/0x1e0 [ 595.745518][T22018] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 595.751745][T22018] ? _copy_from_user+0xdd/0x150 [ 595.756590][T22018] binder_ioctl+0x1033/0x183b [ 595.761261][T22018] ? binder_thread_write+0x2820/0x2820 [ 595.766705][T22018] ? tomoyo_path_number_perm+0x263/0x520 [ 595.772325][T22018] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 595.778138][T22018] ? binder_thread_write+0x2820/0x2820 [ 595.783585][T22018] do_vfs_ioctl+0xd6e/0x1390 [ 595.788167][T22018] ? ioctl_preallocate+0x210/0x210 [ 595.793445][T22018] ? selinux_file_mprotect+0x620/0x620 [ 595.798888][T22018] ? __fget+0x381/0x550 [ 595.803041][T22018] ? ksys_dup3+0x3e0/0x3e0 [ 595.807440][T22018] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 595.813666][T22018] ? fput_many+0x12c/0x1a0 [ 595.818075][T22018] ? tomoyo_file_ioctl+0x23/0x30 [ 595.823004][T22018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 595.829237][T22018] ? security_file_ioctl+0x93/0xc0 [ 595.834350][T22018] ksys_ioctl+0xab/0xd0 [ 595.838493][T22018] __x64_sys_ioctl+0x73/0xb0 [ 595.843073][T22018] do_syscall_64+0x103/0x610 [ 595.847659][T22018] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 595.853534][T22018] RIP: 0033:0x458209 [ 595.857412][T22018] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 595.877002][T22018] RSP: 002b:00007facb9fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 595.885486][T22018] RAX: ffffffffffffffda RBX: 00007facb9fd9c90 RCX: 0000000000458209 07:32:16 executing program 3: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xc8, r4, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'dummy0\x00'}}]}, @TIPC_NLA_MEDIA={0x68, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe96}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3d}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x44800}, 0x815) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) sched_getattr(r0, &(0x7f0000000140), 0x30, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 595.893443][T22018] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 595.901401][T22018] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 595.909358][T22018] R10: 0000000000000000 R11: 0000000000000246 R12: 00007facb9fda6d4 [ 595.917312][T22018] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 [ 595.932268][T22018] binder: 22016:22018 transaction failed 29201/-12, size 0-8 line 3084 07:32:16 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d", 0x43}], 0x1}, 0x0) [ 595.990408][ T12] binder: undelivered TRANSACTION_ERROR: 29201 07:32:18 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:18 executing program 2 (fault-call:1 fault-nth:3): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:18 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d0000000000", 0x48}], 0x1}, 0x0) 07:32:18 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:18 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) pipe(&(0x7f0000000140)={0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000640)={{0x4, 0x2, 0x7f, 0x5, 'syz0\x00', 0x8d1}, 0x0, [0xff, 0x8, 0xfffffffffffffff8, 0x9, 0x800, 0x5, 0x401, 0x7, 0x80000000, 0x9, 0xfffffffffffffff8, 0x401, 0x3, 0x4, 0xfffffffffffffffb, 0x18, 0x7f, 0x7, 0x8, 0x9, 0xa510, 0x4, 0x7, 0x40, 0x7fff, 0xff, 0xffff, 0x3ff, 0x4, 0x9, 0x1, 0x80, 0x83, 0x5, 0x7, 0x3, 0xfffffffffffffffc, 0x5, 0x7ff, 0x84, 0x9, 0x75, 0x1, 0x3, 0x0, 0x2, 0xcbb, 0x6, 0x2, 0x1, 0x68, 0x8, 0x401, 0xec6b, 0x8, 0x1, 0x100000001, 0x8000, 0x1, 0x7, 0x80000001, 0x80, 0x8000, 0x8001, 0xd5, 0x7, 0x4, 0x5, 0x8001, 0x81, 0xffffffff, 0x60000000000000, 0x6, 0x4a8f, 0x4, 0x6, 0x715, 0x7, 0x4, 0x7f, 0x7, 0x4, 0x10001, 0x9, 0x0, 0x7, 0x5, 0x7, 0x3ff, 0x9, 0x5, 0xde2, 0x8001, 0x12000000000, 0x1ff, 0x50b, 0x8000, 0x2, 0xf250, 0xe0a8, 0x5, 0x7ff, 0xe32, 0x9, 0x2596, 0x4, 0x100, 0xfe70, 0x9, 0x7fff, 0x6, 0x100, 0x6, 0x10000, 0x7ff, 0x1, 0x2, 0x5, 0xd21a, 0x20, 0x8, 0x0, 0x8, 0x7f, 0xffffffff, 0x5, 0xe98], {0x0, 0x989680}}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:18 executing program 3 (fault-call:1 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 597.832823][T22048] FAULT_INJECTION: forcing a failure. [ 597.832823][T22048] name failslab, interval 1, probability 0, space 0, times 0 [ 597.864286][T22048] CPU: 0 PID: 22048 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #38 [ 597.872362][T22048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 07:32:18 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d0000000000", 0x48}], 0x1}, 0x0) [ 597.882410][T22048] Call Trace: [ 597.885719][T22048] dump_stack+0x172/0x1f0 [ 597.890049][T22048] should_fail.cold+0xa/0x15 [ 597.894646][T22048] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 597.894664][T22048] ? ___might_sleep+0x163/0x280 [ 597.894680][T22048] __should_failslab+0x121/0x190 [ 597.894696][T22048] should_failslab+0x9/0x14 [ 597.894708][T22048] kmem_cache_alloc_trace+0x2d1/0x760 [ 597.894723][T22048] ? kasan_check_read+0x11/0x20 [ 597.894734][T22048] ? do_raw_spin_unlock+0x57/0x270 [ 597.894746][T22048] ? _raw_spin_unlock+0x2d/0x50 [ 597.894761][T22048] binder_get_thread+0x1db/0x7c0 [ 597.894771][T22048] ? __might_sleep+0x95/0x190 [ 597.894784][T22048] binder_ioctl+0x1e5/0x183b [ 597.894795][T22048] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 597.894810][T22048] ? binder_thread_write+0x2820/0x2820 [ 597.905539][T22048] ? tomoyo_path_number_perm+0x263/0x520 [ 597.905556][T22048] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 597.905578][T22048] ? ___might_sleep+0x163/0x280 [ 597.976988][T22048] ? binder_thread_write+0x2820/0x2820 [ 597.982445][T22048] do_vfs_ioctl+0xd6e/0x1390 [ 597.987050][T22048] ? ioctl_preallocate+0x210/0x210 [ 597.992153][T22048] ? selinux_file_mprotect+0x620/0x620 [ 597.997600][T22048] ? __fget+0x381/0x550 [ 598.001746][T22048] ? ksys_dup3+0x3e0/0x3e0 [ 598.006147][T22048] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 598.012374][T22048] ? fput_many+0x12c/0x1a0 [ 598.016784][T22048] ? tomoyo_file_ioctl+0x23/0x30 [ 598.021711][T22048] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.027943][T22048] ? security_file_ioctl+0x93/0xc0 [ 598.033265][T22048] ksys_ioctl+0xab/0xd0 [ 598.037417][T22048] __x64_sys_ioctl+0x73/0xb0 [ 598.042091][T22048] do_syscall_64+0x103/0x610 [ 598.046681][T22048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 598.052696][T22048] RIP: 0033:0x458209 [ 598.056591][T22048] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:32:19 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d0000000000", 0x48}], 0x1}, 0x0) 07:32:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 598.076186][T22048] RSP: 002b:00007f0035214c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.084586][T22048] RAX: ffffffffffffffda RBX: 00007f0035214c90 RCX: 0000000000458209 [ 598.092544][T22048] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 598.100501][T22048] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 598.108456][T22048] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00352156d4 [ 598.116415][T22048] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 [ 598.167039][T22162] binder: 22161:22162 got transaction with invalid offset (0, min 0 max 0) or object. [ 598.182137][T22048] binder: 22044:22048 ioctl c0306201 20000440 returned -12 07:32:19 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d00000000000000", 0x4a}], 0x1}, 0x0) [ 598.215971][T22162] binder: 22161:22162 transaction failed 29201/-22, size 0-8 line 3241 07:32:19 executing program 3 (fault-call:1 fault-nth:1): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 598.259046][ T22] binder: undelivered TRANSACTION_ERROR: 29201 07:32:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 598.409918][T22174] FAULT_INJECTION: forcing a failure. [ 598.409918][T22174] name failslab, interval 1, probability 0, space 0, times 0 [ 598.515055][T22174] CPU: 1 PID: 22174 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #38 [ 598.523048][T22174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 598.533098][T22174] Call Trace: [ 598.536379][T22174] dump_stack+0x172/0x1f0 [ 598.540700][T22174] should_fail.cold+0xa/0x15 [ 598.545428][T22174] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 598.551230][T22174] ? ___might_sleep+0x163/0x280 [ 598.556074][T22174] __should_failslab+0x121/0x190 [ 598.561002][T22174] should_failslab+0x9/0x14 [ 598.565531][T22174] kmem_cache_alloc_trace+0x2d1/0x760 [ 598.570897][T22174] ? kasan_check_read+0x11/0x20 [ 598.575738][T22174] ? do_raw_spin_unlock+0x57/0x270 [ 598.580830][T22174] ? _raw_spin_unlock+0x2d/0x50 [ 598.585654][T22174] binder_transaction+0x8d9/0x6690 [ 598.590736][T22174] ? lock_downgrade+0x880/0x880 [ 598.595556][T22174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.601773][T22174] ? kasan_check_read+0x11/0x20 [ 598.606600][T22174] ? is_bpf_text_address+0xd3/0x170 [ 598.611779][T22174] ? binder_thread_read+0x3d50/0x3d50 [ 598.617127][T22174] ? find_held_lock+0x35/0x130 [ 598.621863][T22174] ? __might_fault+0x12b/0x1e0 [ 598.626967][T22174] ? lock_downgrade+0x880/0x880 [ 598.631807][T22174] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 598.638041][T22174] ? _copy_from_user+0xdd/0x150 [ 598.642872][T22174] binder_thread_write+0x64a/0x2820 [ 598.648074][T22174] ? binder_transaction+0x6690/0x6690 [ 598.653417][T22174] ? __might_fault+0x12b/0x1e0 [ 598.658162][T22174] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 598.664370][T22174] ? _copy_from_user+0xdd/0x150 [ 598.669196][T22174] binder_ioctl+0x1033/0x183b [ 598.673850][T22174] ? binder_thread_write+0x2820/0x2820 [ 598.679276][T22174] ? tomoyo_path_number_perm+0x263/0x520 [ 598.684878][T22174] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 598.690667][T22174] ? binder_thread_write+0x2820/0x2820 [ 598.696199][T22174] do_vfs_ioctl+0xd6e/0x1390 [ 598.700767][T22174] ? ioctl_preallocate+0x210/0x210 [ 598.705863][T22174] ? selinux_file_mprotect+0x620/0x620 [ 598.711289][T22174] ? __fget+0x381/0x550 [ 598.715418][T22174] ? ksys_dup3+0x3e0/0x3e0 [ 598.719806][T22174] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 598.726104][T22174] ? fput_many+0x12c/0x1a0 [ 598.730492][T22174] ? tomoyo_file_ioctl+0x23/0x30 [ 598.735399][T22174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.741611][T22174] ? security_file_ioctl+0x93/0xc0 [ 598.746696][T22174] ksys_ioctl+0xab/0xd0 [ 598.750822][T22174] __x64_sys_ioctl+0x73/0xb0 [ 598.755384][T22174] do_syscall_64+0x103/0x610 [ 598.759947][T22174] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 598.765813][T22174] RIP: 0033:0x458209 [ 598.769679][T22174] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 598.789249][T22174] RSP: 002b:00007f0035214c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 598.797630][T22174] RAX: ffffffffffffffda RBX: 00007f0035214c90 RCX: 0000000000458209 [ 598.805570][T22174] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 598.813515][T22174] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 598.821454][T22174] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00352156d4 [ 598.829394][T22174] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 [ 598.843126][T22174] binder: 22169:22174 transaction failed 29201/-12, size 24-8 line 3073 07:32:21 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x8, 0x0) 07:32:21 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d00000000000000", 0x4a}], 0x1}, 0x0) 07:32:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4b47, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:21 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:21 executing program 3 (fault-call:1 fault-nth:2): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:21 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000140)={0x5}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:21 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d00000000000000", 0x4a}], 0x1}, 0x0) [ 600.837972][T22189] binder: 22181:22189 ioctl 4b47 20000440 returned -22 [ 600.861847][T22187] FAULT_INJECTION: forcing a failure. [ 600.861847][T22187] name failslab, interval 1, probability 0, space 0, times 0 [ 600.892388][T22187] CPU: 0 PID: 22187 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #38 [ 600.900462][T22187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.910506][T22187] Call Trace: [ 600.913789][T22187] dump_stack+0x172/0x1f0 [ 600.918118][T22187] should_fail.cold+0xa/0x15 [ 600.922704][T22187] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 600.922724][T22187] ? ___might_sleep+0x163/0x280 [ 600.922743][T22187] __should_failslab+0x121/0x190 [ 600.922759][T22187] should_failslab+0x9/0x14 07:32:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4b49, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 600.922773][T22187] kmem_cache_alloc_trace+0x2d1/0x760 [ 600.922786][T22187] ? lockdep_init_map+0x1be/0x6d0 [ 600.922808][T22187] binder_transaction+0x9b8/0x6690 [ 600.933426][T22187] ? lock_downgrade+0x880/0x880 [ 600.933440][T22187] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 600.933457][T22187] ? kasan_check_read+0x11/0x20 [ 600.933475][T22187] ? is_bpf_text_address+0xd3/0x170 [ 600.933499][T22187] ? binder_thread_read+0x3d50/0x3d50 [ 600.933521][T22187] ? find_held_lock+0x35/0x130 [ 600.933534][T22187] ? __might_fault+0x12b/0x1e0 [ 600.933553][T22187] ? lock_downgrade+0x880/0x880 [ 600.933584][T22187] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 600.942970][T22187] ? _copy_from_user+0xdd/0x150 [ 600.942990][T22187] binder_thread_write+0x64a/0x2820 [ 600.943042][T22187] ? binder_transaction+0x6690/0x6690 [ 600.943056][T22187] ? __might_fault+0x12b/0x1e0 [ 600.943091][T22187] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 600.943108][T22187] ? _copy_from_user+0xdd/0x150 [ 600.963348][T22187] binder_ioctl+0x1033/0x183b [ 600.963368][T22187] ? binder_thread_write+0x2820/0x2820 [ 600.963380][T22187] ? tomoyo_path_number_perm+0x263/0x520 [ 600.963396][T22187] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 600.963425][T22187] ? binder_thread_write+0x2820/0x2820 [ 600.963441][T22187] do_vfs_ioctl+0xd6e/0x1390 [ 601.068795][T22187] ? ioctl_preallocate+0x210/0x210 [ 601.073986][T22187] ? selinux_file_mprotect+0x620/0x620 [ 601.079443][T22187] ? __fget+0x381/0x550 [ 601.083592][T22187] ? ksys_dup3+0x3e0/0x3e0 07:32:22 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d0000000000000000", 0x4b}], 0x1}, 0x0) [ 601.087995][T22187] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 601.094226][T22187] ? fput_many+0x12c/0x1a0 [ 601.098634][T22187] ? tomoyo_file_ioctl+0x23/0x30 [ 601.103562][T22187] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 601.109801][T22187] ? security_file_ioctl+0x93/0xc0 [ 601.114913][T22187] ksys_ioctl+0xab/0xd0 [ 601.119065][T22187] __x64_sys_ioctl+0x73/0xb0 [ 601.123647][T22187] do_syscall_64+0x103/0x610 [ 601.128234][T22187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 601.134113][T22187] RIP: 0033:0x458209 [ 601.137993][T22187] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 601.157580][T22187] RSP: 002b:00007f0035214c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 601.165979][T22187] RAX: ffffffffffffffda RBX: 00007f0035214c90 RCX: 0000000000458209 [ 601.173936][T22187] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 601.181889][T22187] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 601.189939][T22187] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00352156d4 [ 601.198055][T22187] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 07:32:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x541b, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:22 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d0000000000000000", 0x4b}], 0x1}, 0x0) 07:32:22 executing program 3 (fault-call:1 fault-nth:3): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 601.272867][T22187] binder: 22185:22187 transaction failed 29201/-12, size 24-8 line 3084 07:32:22 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x3f00, 0x0) [ 601.347419][T22213] binder: 22211:22213 ioctl 541b 20000440 returned -22 07:32:22 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d0000000000000000", 0x4b}], 0x1}, 0x0) [ 601.392382][T22217] FAULT_INJECTION: forcing a failure. [ 601.392382][T22217] name failslab, interval 1, probability 0, space 0, times 0 [ 601.442191][T22217] CPU: 1 PID: 22217 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #38 [ 601.450186][T22217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 601.460228][T22217] Call Trace: [ 601.463512][T22217] dump_stack+0x172/0x1f0 [ 601.467850][T22217] should_fail.cold+0xa/0x15 [ 601.472435][T22217] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 601.478232][T22217] ? ___might_sleep+0x163/0x280 [ 601.483083][T22217] __should_failslab+0x121/0x190 [ 601.488024][T22217] should_failslab+0x9/0x14 [ 601.492552][T22217] kmem_cache_alloc_trace+0x2d1/0x760 [ 601.497921][T22217] ? find_held_lock+0x35/0x130 [ 601.502681][T22217] binder_alloc_new_buf+0x5e9/0x1480 [ 601.507966][T22217] binder_transaction+0x103c/0x6690 [ 601.513259][T22217] ? lock_downgrade+0x880/0x880 [ 601.518091][T22217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 601.524322][T22217] ? kasan_check_read+0x11/0x20 [ 601.529177][T22217] ? binder_thread_read+0x3d50/0x3d50 [ 601.534547][T22217] ? find_held_lock+0x35/0x130 [ 601.539305][T22217] ? __might_fault+0x12b/0x1e0 [ 601.544064][T22217] ? lock_downgrade+0x880/0x880 [ 601.548923][T22217] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 601.555151][T22217] ? _copy_from_user+0xdd/0x150 [ 601.560006][T22217] binder_thread_write+0x64a/0x2820 [ 601.565204][T22217] ? binder_transaction+0x6690/0x6690 [ 601.570570][T22217] ? __might_fault+0x12b/0x1e0 [ 601.575355][T22217] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 601.581596][T22217] ? _copy_from_user+0xdd/0x150 [ 601.586436][T22217] binder_ioctl+0x1033/0x183b [ 601.591102][T22217] ? binder_thread_write+0x2820/0x2820 [ 601.596549][T22217] ? tomoyo_path_number_perm+0x263/0x520 [ 601.602170][T22217] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 601.607986][T22217] ? binder_thread_write+0x2820/0x2820 [ 601.613433][T22217] do_vfs_ioctl+0xd6e/0x1390 [ 601.618020][T22217] ? ioctl_preallocate+0x210/0x210 [ 601.623119][T22217] ? selinux_file_mprotect+0x620/0x620 [ 601.628568][T22217] ? __fget+0x381/0x550 [ 601.632719][T22217] ? ksys_dup3+0x3e0/0x3e0 [ 601.637124][T22217] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 601.643353][T22217] ? fput_many+0x12c/0x1a0 [ 601.647765][T22217] ? tomoyo_file_ioctl+0x23/0x30 [ 601.652684][T22217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 601.658936][T22217] ? security_file_ioctl+0x93/0xc0 [ 601.664030][T22217] ksys_ioctl+0xab/0xd0 [ 601.664046][T22217] __x64_sys_ioctl+0x73/0xb0 [ 601.664060][T22217] do_syscall_64+0x103/0x610 [ 601.664077][T22217] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 601.672748][T22217] RIP: 0033:0x458209 [ 601.672760][T22217] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 601.672775][T22217] RSP: 002b:00007f0035214c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 601.683185][T22217] RAX: ffffffffffffffda RBX: 00007f0035214c90 RCX: 0000000000458209 [ 601.683193][T22217] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 601.683200][T22217] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 07:32:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 601.683211][T22217] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00352156d4 [ 601.746875][T22217] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 [ 601.764349][T22217] binder_alloc: binder_alloc_new_buf_locked: 14113 failed to alloc new buffer struct 07:32:22 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 601.805222][T22217] binder: 22215:22217 transaction failed 29201/-12, size 24-8 line 3147 07:32:22 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0xffffffffffffff4b) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:22 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x1000000, 0x0) 07:32:22 executing program 1 (fault-call:1 fault-nth:0): r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:22 executing program 3 (fault-call:1 fault-nth:4): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 602.070905][T22249] FAULT_INJECTION: forcing a failure. [ 602.070905][T22249] name failslab, interval 1, probability 0, space 0, times 0 [ 602.126970][T22249] CPU: 1 PID: 22249 Comm: syz-executor.1 Not tainted 5.1.0-rc2+ #38 [ 602.134974][T22249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.145018][T22249] Call Trace: [ 602.148307][T22249] dump_stack+0x172/0x1f0 [ 602.152635][T22249] should_fail.cold+0xa/0x15 [ 602.157232][T22249] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 602.163031][T22249] ? ___might_sleep+0x163/0x280 [ 602.167878][T22249] __should_failslab+0x121/0x190 [ 602.172808][T22249] should_failslab+0x9/0x14 [ 602.177295][T22249] kmem_cache_alloc_node+0x264/0x710 [ 602.182641][T22249] __alloc_skb+0xd5/0x5e0 [ 602.186968][T22249] ? skb_trim+0x190/0x190 [ 602.191293][T22249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 602.197588][T22249] ? netlink_autobind.isra.0+0x228/0x310 [ 602.203214][T22249] netlink_sendmsg+0x97b/0xd70 [ 602.208086][T22249] ? netlink_unicast+0x720/0x720 [ 602.213021][T22249] ? tomoyo_socket_sendmsg+0x26/0x30 [ 602.218296][T22249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 602.224542][T22249] ? security_socket_sendmsg+0x93/0xc0 [ 602.229995][T22249] ? netlink_unicast+0x720/0x720 [ 602.234975][T22249] sock_sendmsg+0xdd/0x130 [ 602.239383][T22249] ___sys_sendmsg+0x806/0x930 [ 602.244055][T22249] ? copy_msghdr_from_user+0x430/0x430 [ 602.249511][T22249] ? kasan_check_read+0x11/0x20 [ 602.254356][T22249] ? __fget+0x381/0x550 [ 602.258506][T22249] ? ksys_dup3+0x3e0/0x3e0 [ 602.262908][T22249] ? lock_downgrade+0x880/0x880 [ 602.267758][T22249] ? __fget_light+0x1a9/0x230 [ 602.272430][T22249] ? __fdget+0x1b/0x20 [ 602.276498][T22249] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 602.282733][T22249] __sys_sendmsg+0x105/0x1d0 [ 602.287315][T22249] ? __ia32_sys_shutdown+0x80/0x80 [ 602.292545][T22249] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 602.298088][T22249] ? do_syscall_64+0x26/0x610 [ 602.302757][T22249] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 602.308811][T22249] ? do_syscall_64+0x26/0x610 [ 602.313490][T22249] __x64_sys_sendmsg+0x78/0xb0 [ 602.318246][T22249] do_syscall_64+0x103/0x610 [ 602.322829][T22249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 602.328708][T22249] RIP: 0033:0x458209 [ 602.332586][T22249] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 602.352178][T22249] RSP: 002b:00007f35eb4e6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 602.360581][T22249] RAX: ffffffffffffffda RBX: 00007f35eb4e6c90 RCX: 0000000000458209 [ 602.368541][T22249] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 07:32:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:23 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x8000000, 0x0) [ 602.376499][T22249] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 602.384649][T22249] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f35eb4e76d4 [ 602.392616][T22249] R13: 00000000004c5187 R14: 00000000004d8f38 R15: 0000000000000004 [ 602.459537][T22265] FAULT_INJECTION: forcing a failure. [ 602.459537][T22265] name failslab, interval 1, probability 0, space 0, times 0 [ 602.473124][T22265] CPU: 1 PID: 22265 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #38 [ 602.481092][T22265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.491132][T22265] Call Trace: [ 602.494415][T22265] dump_stack+0x172/0x1f0 [ 602.498747][T22265] should_fail.cold+0xa/0x15 [ 602.503333][T22265] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 602.509136][T22265] ? ___might_sleep+0x163/0x280 [ 602.513980][T22265] __should_failslab+0x121/0x190 [ 602.518918][T22265] should_failslab+0x9/0x14 [ 602.523418][T22265] kmem_cache_alloc_trace+0x2d1/0x760 [ 602.528785][T22265] ? kasan_check_read+0x11/0x20 [ 602.533628][T22265] ? do_raw_spin_unlock+0x57/0x270 [ 602.538730][T22265] binder_new_node+0x51/0x7d0 [ 602.543398][T22265] ? binder_get_node+0x168/0x200 [ 602.548323][T22265] binder_transaction+0x49f8/0x6690 [ 602.553552][T22265] ? binder_thread_read+0x3d50/0x3d50 [ 602.558932][T22265] ? __might_fault+0x12b/0x1e0 [ 602.563703][T22265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 602.569934][T22265] ? _copy_from_user+0xdd/0x150 [ 602.574781][T22265] binder_thread_write+0x64a/0x2820 [ 602.579974][T22265] ? binder_transaction+0x6690/0x6690 [ 602.585332][T22265] ? __might_fault+0x12b/0x1e0 [ 602.590103][T22265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 602.596338][T22265] ? _copy_from_user+0xdd/0x150 [ 602.601192][T22265] binder_ioctl+0x1033/0x183b [ 602.605868][T22265] ? binder_thread_write+0x2820/0x2820 [ 602.611308][T22265] ? tomoyo_path_number_perm+0x263/0x520 [ 602.616937][T22265] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 602.622752][T22265] ? binder_thread_write+0x2820/0x2820 [ 602.628211][T22265] do_vfs_ioctl+0xd6e/0x1390 [ 602.632799][T22265] ? ioctl_preallocate+0x210/0x210 [ 602.637897][T22265] ? selinux_file_mprotect+0x620/0x620 [ 602.643337][T22265] ? __fget+0x381/0x550 [ 602.647484][T22265] ? ksys_dup3+0x3e0/0x3e0 [ 602.651884][T22265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 602.658122][T22265] ? fput_many+0x12c/0x1a0 [ 602.662528][T22265] ? tomoyo_file_ioctl+0x23/0x30 [ 602.667457][T22265] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 602.673684][T22265] ? security_file_ioctl+0x93/0xc0 [ 602.678785][T22265] ksys_ioctl+0xab/0xd0 [ 602.682931][T22265] __x64_sys_ioctl+0x73/0xb0 [ 602.687507][T22265] do_syscall_64+0x103/0x610 [ 602.692184][T22265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 602.698064][T22265] RIP: 0033:0x458209 [ 602.701948][T22265] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 602.721538][T22265] RSP: 002b:00007f0035214c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 602.729939][T22265] RAX: ffffffffffffffda RBX: 00007f0035214c90 RCX: 0000000000458209 [ 602.737895][T22265] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 602.745848][T22265] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 07:32:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 602.753898][T22265] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00352156d4 [ 602.761857][T22265] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 [ 602.777000][T22265] binder: 22250:22265 transaction failed 29201/-12, size 24-8 line 3257 [ 602.800934][T22273] binder: BINDER_SET_CONTEXT_MGR already set [ 602.827636][T22273] binder: 22272:22273 ioctl 40046207 20000440 returned -16 07:32:23 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r1, 0x0) write(r1, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:23 executing program 1 (fault-call:1 fault-nth:1): r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 602.925445][T22282] FAULT_INJECTION: forcing a failure. [ 602.925445][T22282] name failslab, interval 1, probability 0, space 0, times 0 [ 603.210280][T22282] CPU: 1 PID: 22282 Comm: syz-executor.1 Not tainted 5.1.0-rc2+ #38 [ 603.218483][T22282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.228523][T22282] Call Trace: [ 603.231804][T22282] dump_stack+0x172/0x1f0 [ 603.236129][T22282] should_fail.cold+0xa/0x15 [ 603.240718][T22282] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 603.246517][T22282] ? ___might_sleep+0x163/0x280 [ 603.251368][T22282] __should_failslab+0x121/0x190 [ 603.256304][T22282] should_failslab+0x9/0x14 [ 603.260798][T22282] kmem_cache_alloc_node_trace+0x270/0x720 [ 603.266698][T22282] __kmalloc_node_track_caller+0x3d/0x70 [ 603.272321][T22282] __kmalloc_reserve.isra.0+0x40/0xf0 [ 603.277684][T22282] __alloc_skb+0x10b/0x5e0 [ 603.282089][T22282] ? skb_trim+0x190/0x190 [ 603.286416][T22282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 603.292652][T22282] ? netlink_autobind.isra.0+0x228/0x310 [ 603.298274][T22282] netlink_sendmsg+0x97b/0xd70 [ 603.303025][T22282] ? netlink_unicast+0x720/0x720 [ 603.307948][T22282] ? tomoyo_socket_sendmsg+0x26/0x30 [ 603.313215][T22282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 603.319438][T22282] ? security_socket_sendmsg+0x93/0xc0 [ 603.324876][T22282] ? netlink_unicast+0x720/0x720 [ 603.329802][T22282] sock_sendmsg+0xdd/0x130 [ 603.334208][T22282] ___sys_sendmsg+0x806/0x930 [ 603.338875][T22282] ? copy_msghdr_from_user+0x430/0x430 [ 603.344333][T22282] ? kasan_check_read+0x11/0x20 [ 603.349182][T22282] ? __fget+0x381/0x550 [ 603.353330][T22282] ? ksys_dup3+0x3e0/0x3e0 [ 603.357733][T22282] ? lock_downgrade+0x880/0x880 [ 603.362577][T22282] ? __fget_light+0x1a9/0x230 [ 603.367241][T22282] ? __fdget+0x1b/0x20 [ 603.371290][T22282] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 603.377506][T22282] __sys_sendmsg+0x105/0x1d0 [ 603.382073][T22282] ? __ia32_sys_shutdown+0x80/0x80 [ 603.387169][T22282] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 603.392596][T22282] ? do_syscall_64+0x26/0x610 [ 603.397243][T22282] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 603.403277][T22282] ? do_syscall_64+0x26/0x610 [ 603.407934][T22282] __x64_sys_sendmsg+0x78/0xb0 [ 603.412669][T22282] do_syscall_64+0x103/0x610 [ 603.417230][T22282] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 603.423095][T22282] RIP: 0033:0x458209 [ 603.426963][T22282] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 603.446535][T22282] RSP: 002b:00007f35eb4e6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 07:32:24 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) ppoll(&(0x7f0000000140)=[{r1, 0x2}, {r1, 0x2}, {r1, 0x200}, {r1}, {r1, 0x10}, {r1, 0x8200}, {r1}], 0x7, &(0x7f0000000240)={r2, r3+10000000}, &(0x7f00000002c0)={0x53}, 0x8) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r5, 0x0) write(r5, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:24 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x3f000000, 0x0) 07:32:24 executing program 3 (fault-call:1 fault-nth:5): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 603.454913][T22282] RAX: ffffffffffffffda RBX: 00007f35eb4e6c90 RCX: 0000000000458209 [ 603.462854][T22282] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 603.470792][T22282] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 603.478731][T22282] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f35eb4e76d4 [ 603.486674][T22282] R13: 00000000004c5187 R14: 00000000004d8f38 R15: 0000000000000004 07:32:24 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r1, 0x0) write(r1, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 603.529374][T22300] FAULT_INJECTION: forcing a failure. [ 603.529374][T22300] name failslab, interval 1, probability 0, space 0, times 0 [ 603.584922][T22300] CPU: 0 PID: 22300 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #38 [ 603.592923][T22300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.602966][T22300] Call Trace: [ 603.606248][T22300] dump_stack+0x172/0x1f0 [ 603.610579][T22300] should_fail.cold+0xa/0x15 [ 603.615171][T22300] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 603.620972][T22300] ? ___might_sleep+0x163/0x280 [ 603.625936][T22300] __should_failslab+0x121/0x190 [ 603.630877][T22300] should_failslab+0x9/0x14 [ 603.635378][T22300] kmem_cache_alloc_trace+0x2d1/0x760 [ 603.640756][T22300] ? kasan_check_read+0x11/0x20 [ 603.645605][T22300] ? do_raw_spin_unlock+0x57/0x270 [ 603.650715][T22300] ? _raw_spin_unlock+0x2d/0x50 [ 603.655577][T22300] binder_inc_ref_for_node+0x208/0xc20 [ 603.661037][T22300] ? selinux_binder_transfer_binder+0x33c/0x530 [ 603.667275][T22300] binder_transaction+0x45b0/0x6690 [ 603.672491][T22300] ? binder_thread_read+0x3d50/0x3d50 [ 603.677868][T22300] ? __might_fault+0x12b/0x1e0 07:32:24 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x9cffffff, 0x0) [ 603.682648][T22300] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 603.688879][T22300] ? _copy_from_user+0xdd/0x150 [ 603.693727][T22300] binder_thread_write+0x64a/0x2820 [ 603.698935][T22300] ? binder_transaction+0x6690/0x6690 [ 603.704295][T22300] ? __might_fault+0x12b/0x1e0 [ 603.709072][T22300] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 603.715301][T22300] ? _copy_from_user+0xdd/0x150 [ 603.720153][T22300] binder_ioctl+0x1033/0x183b [ 603.724832][T22300] ? binder_thread_write+0x2820/0x2820 [ 603.730283][T22300] ? tomoyo_path_number_perm+0x263/0x520 [ 603.735902][T22300] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 603.741714][T22300] ? binder_thread_write+0x2820/0x2820 [ 603.747161][T22300] do_vfs_ioctl+0xd6e/0x1390 [ 603.751742][T22300] ? ioctl_preallocate+0x210/0x210 [ 603.756838][T22300] ? selinux_file_mprotect+0x620/0x620 [ 603.762282][T22300] ? __fget+0x381/0x550 [ 603.766433][T22300] ? ksys_dup3+0x3e0/0x3e0 [ 603.770832][T22300] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 603.777056][T22300] ? fput_many+0x12c/0x1a0 [ 603.781463][T22300] ? tomoyo_file_ioctl+0x23/0x30 [ 603.786389][T22300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 603.792638][T22300] ? security_file_ioctl+0x93/0xc0 [ 603.797739][T22300] ksys_ioctl+0xab/0xd0 [ 603.801887][T22300] __x64_sys_ioctl+0x73/0xb0 [ 603.806467][T22300] do_syscall_64+0x103/0x610 [ 603.811053][T22300] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 603.817015][T22300] RIP: 0033:0x458209 [ 603.820896][T22300] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 603.840484][T22300] RSP: 002b:00007f0035214c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 603.848878][T22300] RAX: ffffffffffffffda RBX: 00007f0035214c90 RCX: 0000000000458209 [ 603.856835][T22300] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 [ 603.864789][T22300] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 603.872747][T22300] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00352156d4 07:32:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:24 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0xfeffffff, 0x0) [ 603.880703][T22300] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 07:32:24 executing program 1 (fault-call:1 fault-nth:2): r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 603.948240][T22300] binder: 22296:22300 transaction failed 29201/-12, size 24-8 line 3257 07:32:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40086602, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:25 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0xffffff9c, 0x0) [ 604.072946][T22335] FAULT_INJECTION: forcing a failure. [ 604.072946][T22335] name failslab, interval 1, probability 0, space 0, times 0 [ 604.152861][T22335] CPU: 1 PID: 22335 Comm: syz-executor.1 Not tainted 5.1.0-rc2+ #38 [ 604.160859][T22335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 604.170899][T22335] Call Trace: [ 604.174181][T22335] dump_stack+0x172/0x1f0 [ 604.178499][T22335] should_fail.cold+0xa/0x15 [ 604.183078][T22335] ? debug_smp_processor_id+0x3c/0x280 [ 604.188523][T22335] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 604.194330][T22335] __should_failslab+0x121/0x190 [ 604.199260][T22335] should_failslab+0x9/0x14 [ 604.203758][T22335] kmem_cache_alloc+0x47/0x6f0 [ 604.208517][T22335] ? lock_acquire+0x16f/0x3f0 [ 604.213182][T22335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 604.219417][T22335] skb_clone+0x150/0x3b0 [ 604.223649][T22335] netlink_deliver_tap+0x95c/0xc00 [ 604.228769][T22335] netlink_unicast+0x5a7/0x720 [ 604.233530][T22335] ? netlink_attachskb+0x770/0x770 [ 604.238628][T22335] ? _copy_from_iter_full+0x25d/0x900 [ 604.243986][T22335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 604.250320][T22335] netlink_sendmsg+0x8ae/0xd70 [ 604.255077][T22335] ? netlink_unicast+0x720/0x720 [ 604.260003][T22335] ? tomoyo_socket_sendmsg+0x26/0x30 [ 604.265294][T22335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 604.271522][T22335] ? security_socket_sendmsg+0x93/0xc0 [ 604.276964][T22335] ? netlink_unicast+0x720/0x720 [ 604.281890][T22335] sock_sendmsg+0xdd/0x130 [ 604.286299][T22335] ___sys_sendmsg+0x806/0x930 [ 604.290967][T22335] ? copy_msghdr_from_user+0x430/0x430 [ 604.296431][T22335] ? kasan_check_read+0x11/0x20 [ 604.301277][T22335] ? __fget+0x381/0x550 [ 604.305430][T22335] ? ksys_dup3+0x3e0/0x3e0 [ 604.309833][T22335] ? lock_downgrade+0x880/0x880 [ 604.314675][T22335] ? __fget_light+0x1a9/0x230 [ 604.319336][T22335] ? __fdget+0x1b/0x20 [ 604.323393][T22335] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 604.329624][T22335] __sys_sendmsg+0x105/0x1d0 [ 604.334197][T22335] ? __ia32_sys_shutdown+0x80/0x80 [ 604.339309][T22335] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 604.344753][T22335] ? do_syscall_64+0x26/0x610 [ 604.349417][T22335] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 604.355469][T22335] ? do_syscall_64+0x26/0x610 [ 604.360138][T22335] __x64_sys_sendmsg+0x78/0xb0 [ 604.364893][T22335] do_syscall_64+0x103/0x610 [ 604.369476][T22335] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 604.375348][T22335] RIP: 0033:0x458209 [ 604.379227][T22335] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 604.398814][T22335] RSP: 002b:00007f35eb4e6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 604.407206][T22335] RAX: ffffffffffffffda RBX: 00007f35eb4e6c90 RCX: 0000000000458209 [ 604.415159][T22335] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 604.423111][T22335] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 604.431067][T22335] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f35eb4e76d4 [ 604.439019][T22335] R13: 00000000004c5187 R14: 00000000004d8f38 R15: 0000000000000004 07:32:25 executing program 3 (fault-call:1 fault-nth:6): r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 604.452704][T22346] binder: 22345:22346 ioctl 40086602 20000440 returned -22 [ 604.551957][ T22] binder: release 22351:22353 transaction 77 out, still active 07:32:25 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000140)) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40087602, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:25 executing program 1 (fault-call:1 fault-nth:3): r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:25 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0xfffffffe, 0x0) 07:32:25 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r1, 0x0) write(r1, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 604.773158][T22367] binder: 22366:22367 ioctl 40087602 20000440 returned -22 [ 604.801398][ T12] binder: release 22371:22372 transaction 80 out, still active 07:32:25 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x1000000000000, 0x0) 07:32:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 604.859275][T22399] binder: BINDER_SET_CONTEXT_MGR already set [ 604.892607][T22399] binder: 22384:22399 ioctl 4018620d 20000440 returned -16 07:32:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:25 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4b47, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 605.127503][T22506] binder: 22503:22506 ioctl 4b47 20000440 returned -22 07:32:26 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x10000002000009, 0x10010, 0xffffffffffffffff, 0x0) 07:32:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x80086601, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:26 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x100000000000000, 0x0) 07:32:26 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x2, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4b49, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:26 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:26 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 605.583633][T22518] binder: 22517:22518 ioctl 4b49 20000440 returned -22 [ 605.596034][T22519] binder: 22514:22519 ioctl 80086601 20000440 returned -22 07:32:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x541b, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:26 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x800000000000000, 0x0) 07:32:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x80087601, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:26 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xa, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 605.743812][T22539] binder: 22537:22539 ioctl 541b 20000440 returned -22 [ 605.773122][T22542] binder: 22541:22542 ioctl 80087601 20000440 returned -22 07:32:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:26 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x2900, 0x0) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video37\x00', 0x2, 0x0) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r3, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r5, 0x0) write(r5, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r3, 0x111, 0x1, 0x6, 0x4) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:26 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xe, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:26 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x3f00000000000000, 0x0) 07:32:26 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:27 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:27 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x8000000000000000, 0x0) 07:32:27 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x60, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:27 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:27 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x9cffffff00000000, 0x0) 07:32:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:27 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:27 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snapshot\x00', 0xfe, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) write$P9_RMKDIR(r1, &(0x7f0000000200)={0x14, 0x49, 0x1, {0x4, 0x0, 0x8}}, 0x14) clock_nanosleep(0x4, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000300)={0x400, 0x7, 0x4, 0x84000, {r4, r5/1000+30000}, {0x3, 0x9, 0x9, 0x7fff, 0x5, 0x1, "239a0b7e"}, 0x2354, 0x3, @fd=r1, 0x4}) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000240)=0x10001, 0x4) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) ioctl$KDGETMODE(r3, 0x4b3b, &(0x7f0000000140)) 07:32:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:27 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xa00, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:27 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0xfeffffff00000000, 0x0) [ 607.047152][T22636] binder: 22635 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 607.047163][T22636] binder: 22635:22636 ioctl c018620c 20000440 returned -22 07:32:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:28 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xc13, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:28 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xe00, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 607.265011][T22656] binder: BINDER_SET_CONTEXT_MGR already set 07:32:28 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xec0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 607.312264][T22656] binder: 22654:22656 ioctl 40046207 20000440 returned -16 07:32:28 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:28 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x1, 0x1, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000140)) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:28 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0xffffffff00000000, 0x0) 07:32:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:28 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf00, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:28 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x130c, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306202, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:28 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x8) [ 607.997584][T22698] binder: 22697:22698 ioctl c0306202 20000440 returned -22 07:32:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40086602, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:28 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x6000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 608.055503][T22698] binder: 22697:22698 ioctl c0306202 20000440 returned -22 [ 608.135546][T22709] binder: 22707:22709 ioctl 40086602 20000440 returned -22 07:32:29 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:29 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x80, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000100), 0x4) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:29 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x3f00) 07:32:29 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xc00e, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306225, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40087602, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc030625c, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 609.039771][T22728] binder: 22727:22728 ioctl 40087602 20000440 returned -22 [ 609.069340][T22737] binder: 22726:22737 ioctl c0306225 20000440 returned -22 07:32:30 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:30 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x1000000) [ 609.237179][T22752] binder: BINDER_SET_CONTEXT_MGR already set [ 609.258373][T22751] binder: 22744:22751 ioctl c030625c 20000440 returned -22 07:32:30 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 609.282529][T22752] binder: 22747:22752 ioctl 4018620d 20000440 returned -16 07:32:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:30 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:30 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) close(r3) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x6, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) write$cgroup_int(r1, &(0x7f0000000240)=0xb4, 0x12) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) delete_module(&(0x7f0000000200)='/dev/nullb0\x00', 0xa00) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x9a2, 0x0, 0x2, 0x1, 0x0, 0x0, 0x2, 0x800, 0x8, 0x9, 0x7fff, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000140)=0x1f) 07:32:30 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x8000000) 07:32:30 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x400300, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc030626b, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x80086601, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 610.017982][T22774] binder: 22773:22774 ioctl 80086601 20000440 returned -22 [ 610.020428][T22781] binder: 22779:22781 ioctl c030626b 20000440 returned -22 07:32:30 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf0ffff, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:31 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x3f000000) 07:32:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x80087601, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x5c, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:31 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x1000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 610.236444][T22796] binder: 22795:22796 ioctl 80087601 20000440 returned -22 [ 610.256090][T22798] binder: 22797:22798 got transaction with invalid offset (0, min 0 max 0) or object. 07:32:31 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x9cffffff) [ 610.315246][T22798] binder: 22797:22798 transaction failed 29201/-22, size 0-8 line 3241 [ 610.366575][T22798] binder: 22797:22798 got transaction with invalid offset (0, min 0 max 0) or object. [ 610.429183][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 610.437283][T22798] binder: 22797:22798 transaction failed 29201/-22, size 0-8 line 3241 [ 610.469994][ T12] binder: undelivered TRANSACTION_ERROR: 29201 07:32:31 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:31 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) epoll_create1(0x80000) perf_event_open(&(0x7f0000000200)={0x3, 0x70, 0x101, 0xffffffff, 0x100000000, 0x6, 0x0, 0x2, 0x86020, 0x8, 0x8000, 0x3, 0x10000, 0x400, 0x5, 0x9, 0x4, 0x8001, 0xffffffff, 0x46, 0x8001, 0x0, 0xcd, 0x800, 0x6, 0x9e9f, 0x100000001, 0x4b, 0x9, 0x6, 0x1, 0x94, 0x3, 0x988d, 0x1, 0x5, 0x3538, 0x5, 0x0, 0x3, 0x1, @perf_bp={&(0x7f0000000140), 0x4}, 0x20225, 0x5, 0x5, 0x2, 0x1, 0x1000000, 0xffffffffffffffff}, 0x0, 0x10, r1, 0x9) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x12, 0xffffffffffffffff, 0x0) 07:32:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x6b, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:31 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x2000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:31 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0xfeffffff) 07:32:31 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 611.041294][T22839] binder: 22837:22839 got transaction with invalid offset (0, min 0 max 0) or object. 07:32:32 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x4000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:32 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0xffffff9c) [ 611.111172][T22839] binder: 22837:22839 transaction failed 29201/-22, size 0-8 line 3241 07:32:32 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xa000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 611.190643][ T22] binder: undelivered TRANSACTION_ERROR: 29201 07:32:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x6c, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:32 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0xfffffffe) [ 611.342695][T22865] binder: 22864:22865 got transaction with invalid offset (0, min 0 max 0) or object. [ 611.387841][T22865] binder: 22864:22865 transaction failed 29201/-22, size 0-8 line 3241 [ 611.404338][ T22] binder: undelivered TRANSACTION_ERROR: 29201 07:32:32 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000280), 0x2) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:32 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xc130000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x2, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:32 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x1000000000000) 07:32:32 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:32 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xe000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 612.040461][T22891] binder: 22887:22891 unknown command 16448 [ 612.061955][T22891] binder: 22887:22891 ioctl c0306201 20000440 returned -22 07:32:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 612.093326][T22891] binder: 22887:22891 unknown command 16448 [ 612.099295][T22891] binder: 22887:22891 ioctl c0306201 20000440 returned -22 07:32:33 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x100000000000000) 07:32:33 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x3, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:33 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x60000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 612.383477][T22911] binder: 22909:22911 unknown command 64 [ 612.412168][T22911] binder: 22909:22911 ioctl c0306201 20000440 returned -22 07:32:33 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) r4 = getuid() getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@ipv4={[], [], @initdev}}}, &(0x7f00000003c0)=0xe8) mount$9p_unix(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x1004000, &(0x7f00000004c0)={'trans=unix,', {[{@fscache='fscache'}, {@mmap='mmap'}, {@version_9p2000='version=9p2000'}, {@afid={'afid', 0x3d, 0xffffffffffffffc5}}, {@msize={'msize', 0x3d, 0x1000}}], [{@appraise='appraise'}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/nullb0\x00'}}, {@audit='audit'}, {@fowner_eq={'fowner', 0x3d, r4}}, {@fowner_lt={'fowner<', r5}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}]}}) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:33 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x800000000000000) 07:32:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x4, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:33 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x9effffff, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:33 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:33 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xc00e0000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 612.874881][T22930] binder: 22929:22930 unknown command 0 [ 612.893727][T22937] binder: 22934 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 612.893737][T22937] binder: 22934:22937 ioctl c018620c 20000440 returned -22 [ 612.905965][T22930] binder: 22929:22930 ioctl c0306201 20000440 returned -22 07:32:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x5, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:33 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x3f00000000000000) 07:32:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:34 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf0ffffff, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 613.057434][T22953] binder: 22952:22953 unknown command 0 [ 613.084556][T22953] binder: 22952:22953 ioctl c0306201 20000440 returned -22 07:32:34 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x3, &(0x7f0000000140)=0x80000, 0x4) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000000200), 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:34 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x8000000000000000) 07:32:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x2, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:34 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xfffff000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:34 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:34 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xffffff7f, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x7, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 613.715137][T22981] binder: 22980:22981 unknown command 0 [ 613.723547][T22988] binder: 22978:22988 unknown command 16448 [ 613.735603][T22981] binder: 22980:22981 ioctl c0306201 20000440 returned -22 [ 613.745772][T22988] binder: 22978:22988 ioctl c0306201 20000440 returned -22 07:32:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x8, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:34 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x9cffffff00000000) 07:32:34 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xffffff9e, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 613.936913][T23008] binder: 23002:23008 unknown command 0 [ 613.937254][T23003] binder: 23001:23003 unknown command 0 07:32:34 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0xfeffffff00000000) [ 613.981985][T23008] binder: 23002:23008 ioctl c0306201 20000440 returned -22 [ 613.989404][T23003] binder: 23001:23003 ioctl c0306201 20000440 returned -22 07:32:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x8, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xfffffff0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x12, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:35 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0xffffffff00000000) 07:32:35 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:35 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000200)='fou\x00') sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="4400fc020d5dcd3c1b620000", @ANYRES16=r3, @ANYBLOB="120a28bd7000fddbdf250100000004000500080003007f00000008000400010000000400050008000400030000000800040001000000080001004e240000"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) write$nbd(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="674466980000000001000100020000007f3134e1e88bd5c27a8cf6b2cb5b3434ede5abb3349c244fa30d4e3a61a29f327939b19a743f230fba44488ac8782d9b53e88c8d088e5ae827f2c56b7db8bf6ab767f0d58f15fb4c7b408b11cc8caf55813bcf05a055fbc1a99481badb19eed3a1b336206b98b248ba5b"], 0x7a) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 614.384438][T23034] binder: 23027:23034 unknown command 0 [ 614.392234][T23034] binder: 23027:23034 ioctl c0306201 20000440 returned -22 [ 614.399968][T23032] binder: 23028:23032 unknown command 0 07:32:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x1200, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x40030000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 614.439606][T23032] binder: 23028:23032 ioctl c0306201 20000440 returned -22 07:32:35 executing program 0: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x18, &(0x7f0000000080)=')usermime_typemime_type\x00', 0xffffffffffffffff}, 0x30) ptrace$peekuser(0x3, r0, 0x5) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) getpid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x0, 0x0, 0xffffffff, 0x118}) r3 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x0, 0x402000) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000240), &(0x7f0000000280)=0x4) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:32:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xa, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x2000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 614.596275][T23062] binder: 23052:23062 unknown command 0 [ 614.607597][T23062] binder: 23052:23062 ioctl c0306201 20000440 returned -22 07:32:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x12, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf0ffffffffffff, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x3f00, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 614.723754][T23164] binder: 23163:23164 unknown command 0 [ 614.734335][T23164] binder: 23163:23164 ioctl c0306201 20000440 returned -22 07:32:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x100000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x48, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:35 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, 0x0) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:36 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0xffffffffffffff2a, 0x49, 0x0, {0x20, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000140)) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x1000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:36 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x200000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:38 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x400000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x4c, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x2000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:38 executing program 0: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) setfsuid(r1) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$peek(0x1, r0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) 07:32:38 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x6, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:38 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, 0x0) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x60, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x8000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:38 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xa00000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:38 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x800000000, &(0x7f0000000180)="35b65c7831939eebaf02b347b0e5562ca96c6e51d253f04a5109374d5bff6748d42cf0c29f5e2d832f115ab310852f7f74a6650824dbe5") ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x12000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x68, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:38 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xc13000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:38 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) clone(0x4000, &(0x7f0000000000)="6b0f094713b09c04cfd29bb3433dd4511b", &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000140)="f04a67f07ae11ed622bc376d7be08a7ce73ec66c596d9c015d61c23ece99dacd148935389d2e898d1c69dcfae97568bfc396827d31e39239e9e352bd51eca169d4e52468ca316a5b880fcd3f953ea0eaf7c627a84382da9c28afe829a8c7a4f59c3e52806865ae1e05503f2b7b4999682d85a4441f8506ff8dc97367a400357b7b9b67c944157f352c7d6ce214da0e1b1aa64889623cd73c87de9baa0efd8b3291e4043343f0caf9d344cfef8ad1dd9ea31481055c42bc0f4eaf6ae046dc1715558156a9dab7e7b022d8a108b23c8297f2bee00ff0903de765f9e1b34f092641bd690ebb57ac98a0ae09a927764c6090924df15e30b091a23b9d708fdd6b66b7b5d79e7ac14b6705c45737e2f80d76d97a627f52d8d887d37afcb57f1f080c44dbc32360f43f9ae0760dfe7c55bc73d4322469605db4196e914b48e5afb46c8f2df7d9af8608203f1f206f88c00114043f4fc3c70f6e99a4ac876b0b0d3ecb27f81f2c6568441cbe5de77e2b6a65205b8a25e99f88bc3b58488d7dab7478af5cea64cfb6466ad4947538a2f85b828f45d836c1141cafc59354a53e467d564efd954dbf0da4af7ebcc9b65479f5e20179c2588f701eaba0c82884deebde34928410cba98f0b277cd57c68e3f21027e1a6a9b41fa79f126919e758af94607e5f105a8c49ebe1192cf24bebc8cd4ee28bcf597106d3a806ab222a1eccef83f2e2c2bd0d6b26158c28c235da891f9191b2169c0b0447e72f9d3958b4a289ec2f5bd2d9e1aa537fc89b2732a780e49079bb1dca0a4297075a47bebb5be26ad9333ed9248143dc21ae879280fd5a522dc2650894fcc97562ca45f4913a2267287506044ea63f3da92d44bc60e4f5e7eb97bbb266be8c86d30546791f20254dc4443335e4c05e86cd114958c225886620dc3772f36de20099d9a3be77c7f6f4e4fdeb632afd9f8b45860a4da322e4d3851d4146c3bdf5028f7e4ba66cb2e0fc419ad79eb814d8f8d5cdcaa51868b05935789cc00ab410c81512270a9ef0d088f245a25c42117d64bd1e479597543bc36e6f9a7ab6a216ab27b855b3d1e695d6cbda141cb35da54ac372007f67f90d56c1609185d63e13c869d29c7772a0bad0fca8a60898f3b5deffcee0bf12fabc54c66ec74e90baf09be3bcb00020145bd0eeb7ba7986d8c59a439ffbf6c8658358b739c4d02715e0748db250c32ff18c37bd93791be032768ac1cad00a4cc81d1b749f4f8066cef918163001bfb8166314eff8dc9676891f81c56de5bd871d9c7b09381865594e20bb3be680dba30a0b371b8d6c646acc1d6808ba18c2dee750b6f6f9012ab3edc5aefadf2bb7d50f2df21250443965f0235e47ac3da98eebdd4a6262f561c3a2b461b410251233951325d1e4d58725d96b5632e9a69c4241e82b0b828a7b9303259a1382b29b3bd59bb81abd6c30c776b0ba5ba6751f6a25608bb8cc54d77543cec3f5643a290346e5ec8a54e5a2517fcd1eefe5a718e05692caf7dd4f50bcb79a55f168e8c718c18e1dd3257f21dad9a5d2b410affbebe8e2aab2798614eb8dac6da1efc125149454064b99fb81de923cf500b675859db9101dc870aa1627e47a5eba5e0329beef52094acf712862112178e1b157346738fbf48eab16a7a1b92026db0c2ca119698876ae48113de69d2b4269c27901d8fd5d38fa8096006133417f334eafa9fd014e792cfcfd50d1f32b6edc3f9b8b9bcaf6188acd03abf8f276f6648e265cc9b438a28e9597d92121288173fe69e738bcfc34020957c9f507da052fd6a71e643936cd28f7e5b479328e6b211dcf56bd20a820d55c0330edbd793f39a64ce2d24a22a2258f6a0deb4e3ba390bf0a5291b4a01a642714ef566148e23016f04609b0df85109a3a91613a1b577439fe7f1c5385fd8c6d9f36c4f185cd8b0ac380e281bfad84c7963a7290d770e0a26e291e21eb1667dc1fd2bff15aa6c79d2ee82658890cc66e79420adcc27a2c9a1d16237b431878121d01e252ac053591b27848c209e9ab48249c80675364c5d703f4069cc240b073183853c611b8f5ba85a8f264351acb749b7633d8be034a0359fb721a1cc3187b7d641eca0b419fddfe53a1ffdfe5116763793418743b64494bad7a662f42daa7faf02842dd6468f3d90cf243f317c26e6ec1951270e3c047998505b4f02cc62a2299a23fe1884a4cd4a465eb12bb701a966920111bc1ec7650dacdb09585041af12eaf9fafefb4b6d23de8a5d971fe3aaf39c9c2b77bccd7b33287f1dbea079b16cd9586d42fd926d43954b70ca0baf89d66ac74ace073012a2ea6420c777ad89e0c7d4054cdd41acb726f040d766b4c7e70528d0f4a8c6eb50e3eb82381ea16bf35faa432b4e2156235d7b198173df734f8db88256115e48d9d612b6dbb63325d0f292cd5f45387fc18895ba30dd9acf4f7cb90bb126f6b4023620382fd8b768ac25bad3679614e2c17eac42467938aa4e0764043ecf3f712658c9df36d90270e0432553f504890eb641703ddde8aece4e18d53844727e1f4b20a4f7ced97586fcff5d792a3326ff19786542d1c29c47af38cceadbdc7e5d8706f5b039d8873c68e5c9708804f12d3198e0652241a9bf4134fd82122ee1d9d0af9e4d9db7b5603a540a3c8e75273f5176cbebe04e1ec508f0023f1f64ca97c9259fdd7e1fcbe298b2426b4e587c0e3fc79c9e43107e4e5895ab9e3e58cde6d5c260f1e729e7f3cd5d29a703f607cb5bebe1d3d341b25a8206f16fca6ede1947e895daf2584dd2df8ea6055b06cd965701f20d8f182fa6dcf9f019cb596c1b11b3975720aeaf87eb4e8253683af9d53667ceb10496c04b8959f1e2763137e6450932edd9c79b18c87332245787ea56f5b2896879fb6b5c48e6c85b905274b85f201da438d51a32438a79f0c7a01ad8ae7173f6a476233cfa2a8b4dadca78b6b64b2a3184698a72898be980f4d9ac6397a6f4e411504ecedfaa7d0d26cca9bc04e80be492ccb158c1c562d3c8a16c729904eedfb9b4aea1799b7b086882febf9fbcc5cea842e0386f3cfe1ac3c42214de27d6cb848fc92274a9c40e7a05cd79bb1ac0e4ee94cf913952909a9979b5f1c550100811dad4db905988a163c1614af3cb09a0844d031f23da64445d6cdc21ae93595fd6a1e2244da6c9640c9b196080bb32b9852ca2006ea0ff3ce70cf6234211f47ebdd576969d042f86fc2f265ac921fa06cfa5f2b3ab239d2d20a7875b43c022c451b93adaa670f58845b5c0c43d1869551ead113c4eeba417a0d8d23640f4da5e71d3a469af0c863b17be541d0edea993df5bdedf62a4fde2d3c2bd4a25628d60aabd03c879ed901850344ac2bc61763bbd23d13f11f50e6201bfdb5ffd8515d9dd419b0f61a70da74636c0b7934dfcadb93f4b9ba0d714a54b8f72083804ffa791448a8f713c17d9e73211a92bc3d810940bcc22184e1a4c037b330f12ab8ff326885410c626d4b2c97b5396a1639dbdcfd73b1f2faa8607168b00c2b1bfb6e9eea3120c1f361983a927f4a5474e60d77f92847ae6801217cc78a959381d5975da037b0aa60a4f2d85b4f3dbe5b313dba8a5d933f3b6bb238d03fa7246ab05cd4881f074baac83678bfec0df43e99b151caf8c1a594c86408f035c27c62f25e87d4e53ee264ef57f611cf3e3f9e84bfb0d216b9fa8315fee6601938a84dd9fae2aafa76829648774141bb8f2436840672835c5cc3bac11e7903a8b407545c9e03718701a25da50aeb486783a701b295ebef773de89db97c547510f7f290734a123dc6c35b62c14c27fb4463853523674011bb7141b5abd1ca39395b94020b7e970e2da9bdc854b4118ad2747e71e9012cfe7e115e6290a9d6425edec9b803347726e78b4baaab2fe9a154a907f878e5f3cceeb81490d40dd47db4cd2cd2e09f55748b50924aa8e9c2d89f254640902381aa994a45d46a4d8a74ba6c92c05bb25b68d71698d8c682ef4fe4eee4d405b8a1a4b91244f2ee0e0c468106f629d4961b6fec3d9c122a092eba873dce2f8e8ab151f5eb29f257bec7c673035f5ee5709d073c7f8a3c7b85c1d8c6c6cbc7ed45f442d63428bb681a82bab670cb2662ca21063006c3d312457ad610ec868ee9ae89d5854bef5d9e1f17796bcb92f5a79ab22635122eb0006bf83ab7e1e4dc2ab13fd02abdeeab40ef8852cfe6b9ad0b2d13104e420f1ab630d40fe66521ac65c651d4221ec80eaf75cf0e40d24cd0cf86d545af742cce3d040d424ed812a983dfc86be0a198bcf5ffe8e0c2d72a57f2f1fa3c75e5cbd50d7281f697468a6a54eae01137add473ef692075099050ff3fc38c06eca6adb22096e43fad2582cc9c38afce19ca10413837ea9f5b100adf43a3a2d3c57b05a68a29a08b91d67bdd364c9044b79ba59d34a6d1b84f1abea3c7ec2be802a04ccee530191703325f919ca0fafa9b7cbbf6efb4560080ea317b24c2ce144921def1f2e1da6ec7aaae65d7b49419c8d69b8c381b36af998d4f78ec71826e1468afdfb49430e6b7aa6917b5576cc9df309544afe7cc12725f2ebdd60d5b3a46ac533723823043e2f31d3eb47db0706d11fcd13930347dc4eeba7e4a6838d8d5c57b6d189abd3692e8d3fe66ba764d839711e64a927a1d39406986f3951d8f2f3c0359081cfa2c43470c4dbf3302b5adb79b76a6d8acbb512c4895e9ebf90dbbf475292701f3f2e9870139016bc10a184a093d5cf6d9431e77de8601135f97596475bb7021d93f49630982c53770908cda0bdab35fa65459bea95b7c8cc01c9449e54e86f67f70de965a4fc74896c5334774b71b6fa5d48496f3ba43f709d21033548178de033bee64be3633c66788278e14cdfffe275b75bed482fcf324815664e9c59566d6beed67bcde039dc2775a3d5a079d7c5ba4ea17094f88525fa948696d11ca70c092d83e271c03cb4f316e6f68bb52a63ce6b3ae1a7f08d584e17730e50f17b407446a4a7ca42cd33dbe24c522198d3013290125de7a9919e0ab5fb148125243cc31ff1e1d93373365474c1de74448916fca13fdf5177ad34351f7bdd252a77be7922173d8ae5c3ac01c2b8302249ef61034c43658d0c0d6b1707e441846416938271c31216166c97e3f39f1216bbb59029b1673bbfb73bf73e57657af194c34553e9ae328fd465d9ef7c969bdd5b7a76c88002e959a12534f826be1fa944e00af53f907628ff3f3c5239d21758db9627e5e4cf94301d9d69a2d032c349ff69f8ab931f09b0bcf8c37db1cfc021d6c661f25d9ac0a84ca2e86c417a70c3f38b6935fd649a8a5ef834cfa25045f5dc52070407c09b94bded1e099534d615a9d2c1504916213f1349dee4cb812bd1d2b4d64a0d2b9c26815af425126d4a4d6aebe17cbd36a3d93d206e2c0dcf5f5f7f91e553f912edbf4a0936dacf4a0550bc778d551be303ba9952b43b063f48e0c82dcf8ab81dbf12317951395e1a6f11bbf5b2da21d9834be8b36243408902b63d9bb87726885b814f68358ad7b3c4b2a88b68546e223c17a2e7674219d11ce56f1f9f0a66be37811e9406a59ec3e92e4d6ab99551002679606d35d67cd741e578a2744cecad78d63a2528b1f8813dde5af92a2c7c2557b09384a6726070f06e8fe9df4e377db4c18978fa8cb25024a8914ecd7fdbc34fbd1cd61f3ba0c8c5e27afde8b18f5c904ec9cf9565d2e7986d73bc95c5fa43b3fed1246590727671a6059c5878ac366e510e4581e45b1a1d85283010c51078e97c506d8269c8f80dc4152096201e3dcb9c5e531af2a294a07bf") 07:32:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6c, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:38 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xe00000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:39 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0xfffffffffffffff9, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000200)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000"], 0x78) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x20000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:39 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf00000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x74, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:39 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x181800, 0x0) ioctl$PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000080)={0x5, &(0x7f0000000040)=[{0x6, 0xfff, 0x1, 0x1000}, {0x3, 0xffff, 0x40, 0x9}, {0x401, 0x20, 0x200, 0x1ff}, {0xc0a, 0x9, 0x7ff, 0xfffffffffffff361}, {0xffff, 0x2, 0x1f, 0x20}]}) ptrace$cont(0x87, r0, 0x0, 0x100) 07:32:39 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, 0x0) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x3f000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x7a, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:39 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x1, 0x4c0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in6=@dev}}, &(0x7f0000000080)=0xe8) ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000240)={0x9, 0x4b9, r0, 0x0, r3, 0x0, 0xbab, 0xffffffffffffff99}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)="e0621cf37e02000000000000007eb97b5f0000000019c015f8e600000000") ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:39 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x6000000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x300, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:39 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x9effffff00000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:39 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_DOORLOCK(r1, 0x5380) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000040)={0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000080)={0x0, 0x0, 0x2e}) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000180)={r3, r4, 0x8b}) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socket$can_raw(0x1d, 0x3, 0x1) ptrace$cont(0x1f, r0, 0x0, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000000140)={r5, r6, 0x2d}) 07:32:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xfdfdffff, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x500, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:39 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xc00e000000000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:39 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:39 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = add_key(&(0x7f0000000140)='rxrpc_s\x00', &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$restrict_keyring(0x1d, r3, &(0x7f0000000240)='ceph\x00', &(0x7f00000003c0)='/dev/ptmx\x00') ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x278, 0x0, 0x8}, 0x20) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000002c0)={0x4, 0x7fff, 0x4, {0x8, @pix_mp={0xfffffffffffffffc, 0xfffffffffffffffd, 0x77367f5f, 0x4, 0x2, [{0x2, 0x4}, {0x7f, 0xfff}, {0x8000, 0xffffffffffffffaf}, {0x400, 0x8001}, {0x0, 0x175}, {0x8, 0x6}, {0x6, 0x200}, {0x3, 0x1}], 0x4937, 0x3ff, 0xc, 0x2}}}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x600, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xfffffdfd, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:39 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xf0ffffff00000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x700, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:40 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x9, 0x3) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x203, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r2, 0x10f, 0x84, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) r3 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x8000000000000005, 0x101002) ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000080)) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000040)={0x6, 0x8000}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) ioctl$KVM_ASSIGN_SET_INTX_MASK(r2, 0x4040aea4, &(0x7f0000000280)={0x5, 0x1744b3e, 0x0, 0x2, 0x1}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000140)={0x1, 0x5, 0x3f, 0x0, 0x11}) 07:32:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xffffff7f00000000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x100000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xa00, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:40 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="46e3b0ec4eecce24081eb55b465980bf930dfd55f59b9dbee59187a790e7c2e366db0d8754ddf63c15cd2bc885c0cb723af5cc27eaab8c58e57245951671fa09321ad3bbfe") r2 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x6, 0x113001) ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000140)=0x1) ptrace$cont(0x18, r0, 0x0, 0x0) getpriority(0x0, r0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0xfffffffffffff000, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:40 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:40 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) r4 = syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$BLKFRASET(r4, 0x1264, &(0x7f0000000140)=0x1f) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x1200, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x200000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:40 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xffffffff7ffffffc, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:40 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x800000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x2000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:41 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet6_tcp_int(r0, 0x6, 0x3, &(0x7f0000d11000), &(0x7f0000000100)=0x4) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="ff03003eaedb6f53d1f7cf46300000000000"]) select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x400001, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{}, {0x0}]}) ioctl$DRM_IOCTL_NEW_CTX(r4, 0x40086425, &(0x7f00000001c0)={r5, 0x2}) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) getsockopt$inet_tcp_int(r4, 0x6, 0x1f, &(0x7f0000000200), &(0x7f0000000240)=0x4) 07:32:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x1200000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:41 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:41 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) fcntl$addseals(r1, 0x409, 0xe) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f0000000140)) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x4800, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x2000000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:41 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:41 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x101000, 0x0) ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000140)=""/159) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:41 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x3f00000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:41 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x4c00, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:42 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0xffffffffffffffff, r0, 0x78a5, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f0000000000)=""/47, &(0x7f0000000040)=0x2f) ptrace$cont(0x23, r0, 0x0, 0x0) 07:32:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xfdfdffff00000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:42 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:42 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x80000, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:42 executing program 0: clone(0x4000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x1, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000040)={0x0, 0x7fffffff}, &(0x7f0000000080)=0x8) syz_mount_image$msdos(&(0x7f0000000500)='msdos\x00', &(0x7f0000000340)='./file0\x00', 0xe800, 0x1, &(0x7f0000000540)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x18, 0x0) r3 = syz_open_dev$amidi(&(0x7f0000000400)='/dev/amidi#\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r3, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000580)={0x1b8, r4, 0x10, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x38, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x100000001}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x331}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}]}, @TIPC_NLA_LINK={0x158, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xad34}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2c00000000000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x416c}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100000001}]}, @TIPC_NLA_LINK_PROP={0x54, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x665a3a51}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf13}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc308}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}]}, @TIPC_NLA_NODE={0x14, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_NODE_ADDR={0x8}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000440)={0x0, 0x16, 0x10, 0x4, 0x0, 0x4, 0x1, 0xe7}) ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, 0x0) r5 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) fchdir(r5) r6 = open(&(0x7f0000000200)='./bus\x00', 0x141042, 0x0) write$UHID_INPUT(r6, &(0x7f00000019c0)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f77dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0xfffffffffffffe36}, 0x1006) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$PPPIOCATTCHAN(r6, 0x40047438, &(0x7f0000000140)=0x3) sendfile(r6, r6, &(0x7f00000000c0), 0x8080fffffffe) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000140)={r2, 0xa2, "7ddda85acb628c1cf21b754a0cebb3f1a9ba2f0746272608fc6c59716df494b1205d4f73ca0ddc0f33293441871ce59067a5b3e58c564ec618f0911094bed0098e12774fc2a6f872e6703375819f2664e90b83f816c530f43644e0575f48439bfcbfdb30a49f52788c67a5157c6b5ef367525adc940c064c7e5b425d0edd1436c9a8414e1ded48147e1422d8781a88b1ed8c125dc302cb26582034a24c3eb02eb760"}, &(0x7f0000000200)=0xaa) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$setopts(0x4206, r0, 0x6, 0x41) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:42 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x630b, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:42 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:42 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6800, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 621.931304][T23485] binder: 23481:23485 ERROR: BC_REGISTER_LOOPER called without request [ 621.953463][T23485] binder: 23481:23485 unknown command 0 [ 621.959153][T23485] binder: 23481:23485 ioctl c0306201 20000440 returned -22 07:32:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x630c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:43 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 622.141874][T23498] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 16) [ 622.153209][T23509] binder: 23507:23509 unknown command 0 07:32:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6c00, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 622.192343][T23498] FAT-fs (loop0): Filesystem has been set read-only [ 622.208083][T23509] binder: 23507:23509 ioctl c0306201 20000440 returned -22 [ 622.241429][T23498] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000020) [ 622.262844][T23509] binder: 23507:23509 unknown command 0 [ 622.287428][T23509] binder: 23507:23509 ioctl c0306201 20000440 returned -22 07:32:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x7400, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:43 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:43 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/mls\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x556}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000380)={r2, 0x9, 0x1000, 0x6, 0x9, 0x3}, &(0x7f00000003c0)=0x14) ptrace$poke(0xffffffffffffffff, r0, &(0x7f0000000080), 0x3) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000200)={0x0, 0x80000, 0xffffffffffffff9c}) r5 = syz_open_dev$media(&(0x7f0000000240)='/dev/media#\x00', 0xac70, 0x800) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000280)={r4, 0x17987374fff53f78, r5}) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0xb9557ea7d6e9e493, 0x0) ioctl$ASHMEM_SET_NAME(r6, 0x41007701, &(0x7f0000000040)='\x00') r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000440)='SEG6\x00') sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000500)={&(0x7f0000000400), 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r7, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x80) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x1, 0x0, 0x8, 0xfffffffffffffffe, r0}) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r8, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x630d, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x7a00, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:43 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:43 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() r1 = syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0xfffffffffffffff7, 0x100) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000240)={0x3, 0x91, 0x3, 0x9}, 0x10) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000140)={0x3f, 0x0, 0x0, 0x7, 0x3, 0x5, 0xffffffffffffffc1, 0x1}) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:43 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40046302, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 622.966265][T23636] binder: 23629:23636 unknown command 0 [ 622.978755][T23636] binder: 23629:23636 ioctl c0306201 20000440 returned -22 07:32:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x1000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:44 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) write$FUSE_LK(r1, &(0x7f00000002c0)={0x28, 0x0, 0x0, {{0x3, 0xae8c, 0x2, r0}}}, 0x28) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0xc0, 0x0) r6 = fcntl$dupfd(r2, 0x406, r2) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1004}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r4, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7ecd}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_SOCKETS={0x14, 0x7, [{0x8, 0x1, r5}, {0x8, 0x1, r6}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x880}, 0x10) [ 623.072970][T23652] binder: BC_ACQUIRE_RESULT not supported [ 623.096915][T23652] binder: 23651:23652 ioctl c0306201 20000440 returned -22 07:32:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x2000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40046304, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:44 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:44 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x3000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 623.257164][T23667] binder: 23665:23667 unknown command 0 [ 623.268632][T23667] binder: 23665:23667 ioctl c0306201 20000440 returned -22 07:32:44 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) r2 = request_key(&(0x7f00000001c0)='cifs.idmap\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)='\x00', 0xffffffffffffffff) r3 = add_key(&(0x7f0000000280)='id_legacy\x00', &(0x7f00000002c0)={'syz', 0x0}, &(0x7f0000000300)="dd9df6db3714dbefb050cd45bbef4391955ec1e957b38ef5edd70189e15dca94b6dc052a732edce4b356", 0x2a, 0xfffffffffffffffc) keyctl$instantiate(0xc, r2, 0x0, 0x0, r3) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000040)={[], 0x1, 0xfffffffffffffc00, 0x0, 0x0, 0x118}) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r4, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x17000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="28980000", @ANYRES16=r6, @ANYBLOB="000125bd7000fedbdf25040000001400060004000200040002000400020004000200"], 0x28}, 0x1, 0x0, 0x0, 0x4000080}, 0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) getpeername$ax25(r5, &(0x7f0000000140)={{}, [@bcast, @default, @netrom, @netrom, @rose, @default, @remote, @default]}, &(0x7f00000000c0)=0x48) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:44 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}], 0x10) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:44 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x4000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:44 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:44 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) sched_getattr(r0, &(0x7f0000000000), 0x30, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:44 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x5000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 623.934272][T23699] binder: 23693:23699 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 623.966185][T23699] binder: 23693:23699 unknown command 0 07:32:44 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 623.998194][T23699] binder: 23693:23699 ioctl c0306201 20000440 returned -22 07:32:44 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x21) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0xff, @dev={0xac, 0x14, 0x14, 0x23}, 0x4e24, 0x4, 'sh\x00', 0x20, 0x9, 0x76}, 0x2c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000001140)) sysfs$2(0x2, 0xffffffff, &(0x7f0000000140)=""/4096) 07:32:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40086303, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:45 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 624.201866][T23716] binder: 23715:23716 BC_FREE_BUFFER u0000000000000000 no match [ 624.249795][T23716] binder: 23715:23716 unknown command 0 [ 624.290681][T23716] binder: 23715:23716 ioctl c0306201 20000440 returned -22 07:32:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x4008630a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x7000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:45 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:45 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) write(r4, &(0x7f00000002c0)="e53c0c8be86b1e31d420f7618a722276c86b01c8d216073d913e5d7158e3a95ead40ea21f393e492a0567fd23b1171f6cd670746669ffdcd8624f03fb9acd33bee8a15879e8b499b1b42029dc617d9fd71a4cef9999c85266f6307d57cba9d110d9a55749cf2a3f16e2d346b4d81ce5c730e6f0e594d8aff3febf1478153d22d5d1d5bf25db1ed8c241c4f93458b36caefde4a055e4b16d737fea3b07e8b4fab29723a7d38b358d1f1c2e78a8c203dc5da1d3d94cee53e087bf802", 0xbb) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000140)) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:45 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x8000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 625.078630][T23746] binder: BC_ATTEMPT_ACQUIRE not supported [ 625.108210][T23746] binder: 23742:23746 ioctl c0306201 20000440 returned -22 07:32:46 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40086310, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 625.281907][T23762] binder: 23760:23762 BC_DEAD_BINDER_DONE 0000000000000000 not found [ 625.336636][T23762] binder: 23760:23762 unknown command 0 [ 625.362168][T23762] binder: 23760:23762 ioctl c0306201 20000440 returned -22 07:32:48 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x200000000018, r0, 0xd, 0xfffffffffffffffe) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xa000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x400c630e, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:48 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, 0x0, 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:48 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(r1, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 627.203855][T23778] binder: 23774:23778 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 627.212028][T23778] binder: 23774:23778 unknown command 0 07:32:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x12000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 627.245109][T23778] binder: 23774:23778 ioctl c0306201 20000440 returned -22 07:32:48 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x957, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000680)='/selinux/status\x00', 0x0, 0x0) ioctl$KVM_GET_LAPIC(r1, 0x8400ae8e, &(0x7f00000001c0)={"efda2e805f0f3f25226448706c61c70b15de5f7d1edef0a2c093ef2115d3247392ba496687e98ea8a96b5cb49bdb64ac549926a81cd7d95b4bace82d35e1636fe98d4732c029e1aa6d05a0642951326f745ec5ddf6ef3d96be42b48136c97cae11c0c228dbc8d6fe59bb0a2cb9f3fa823733266c6269eaa68e823c067c52a53d2a14b0e73a888cef9130dbe910705c2d0be5bf0d5c88c7fc966590ff4c1704f515306e3d2a14c4ccefa7346fe4ac4783bb9bc3b62f63ddad7f55498b1b3d1633a5a31e27eb55577f291ffa74ceaa626865ed506a7fe16611fc17cd555c49822491db3539f202bca0f0975c010193d2c483321122176caedd80734ac9044397e947cd0f40a36affa69bac09cf4a6fbe28b34add00aa09f3539fb5e935b1d3c6a6e824f79405c5ece351df9fd62731724c3f6011623b9f4fa3a99e01ba84729c58b7f7a3f5e3cebfa93d8595907b8091b170d3fa20797dbdcee211128ab00404c5fce9791f50efab04c642fbe6c0757c55e2aea0c1f4e4a70ab420a611802e36f580be96f05760643bb7f9eed0d4f034aa90bfcf5861d0c65378cff0e4fa0db1309ac6ad041756624791e7ea2ec1f7a9689baa4cd2cc94dc55f87e6a4d3252088cf9d630e8e5e5aece55270fb1d9a5d934f6b4db1dd27c1cf4a4362a405dcdd963741c1e7272278c490133d2fb67e5e3e54742ad3251d2b3bd478ea33a730c3bd1d0c6874c11338d9a0c76f686276fb6b02ade473d78e0444446b2870ce1b54deca7d837652acabffdd7affeac009ba1dd682999b2f8ffa8326ce024dda81cd36c10ca9fb12bbb0703e88b5663d38b9a7a16ababe881b99cb8b9f1c8185077ac808b9f535a2fb9a2df332a817feb77101aa45b6798fd40926b98b66310b9e5e90e0f2c1427ab838d517611d441ede5db8a8fa666b2c830bcafe89f2623b1385f1e37d8f18f82437b3359183319362c7d258e60a4a4f454ed2089456921f83ea5ba295ed3279ba292351103ab23402cd53fbf1f439251d08b3d51912d8b047ee30349a69c16a55e6bae2480203bb0bafae44834297bfa392323ae91321e136bdaf815b57fd747159ea3647cfe87e7bb90f66c947db6afeee10cef550212c43da35c5348053293cf5f6d63412756b7431db2daf842b64791dcbc15a5055af682bf33b89e638cb4b59f99cac8e225707be0569e21ecb61dd998877732555ba66b74e24825ec4f5381603865c3c013880e9f5fcb689ffd64230c41951c5f3252b11df83e9cf06d5dea23e34a388c8b422c32286e218e4fc7fa2637ef77cb59b3893d9281329c498087d9f9357d2fa2a342e9d0f132f86b0c40115d446ba3e41e3af2790f0880f4939f59b363842c2a9774938869c91fc70c43ad4655b7152b52762255fe55109bf3b50c42373f61027c392874c218fffde76bb2e47d15651a4862ea95"}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") select(0x40, &(0x7f0000000000)={0xc0, 0x6, 0x1, 0x1, 0x4a, 0x0, 0x60, 0x1af}, &(0x7f0000000040)={0x8, 0x6f, 0xd4, 0x3, 0xa0000000000, 0x3, 0x4, 0xfffffffffffff001}, &(0x7f0000000080)={0x9, 0x9, 0x0, 0x10000, 0x5, 0x5, 0x768e, 0xffff}, &(0x7f0000000140)) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x400c630f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x20000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x48000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 627.454283][T23802] binder: 23796:23802 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 627.483464][T23802] binder: 23796:23802 unknown command 0 [ 627.506029][T23802] binder: 23796:23802 ioctl c0306201 20000440 returned -22 07:32:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:48 executing program 0: r0 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) vmsplice(r0, &(0x7f0000000040)=[{&(0x7f0000000140)="07dbb79d7299112f66d7afb0c304a38e82852390a792cff86ab5ddd3daddefe7a06c40d967077565d0b45e6873e6286e035532ac4cb11d256efdeaaa73a5fd6eb97ccb5d1b9fc08f63642f97c5a7ebeccfa1c8d5fa463703cecac72320e3f193c95fcef48f8522d84ee96c061d90c46e1535a7159842f30ed2b90acefe0fc346db9fe44e04533e2d1b1e031d3f92ebfd967f1a50c37570448d2825ae204587c6eb8e5b2e5496d577a17e35250af16ac795e60f8083a3b47df1cb4a9a9423572af802112e01b1fc6408d8cbaf65f4e25e63133bdc575f4cb4a78140629f0bfcb12f9b46c68879f64f9a2d96bf7e0afa74bab832bb77fdd4768a24eefd587c", 0xfe}], 0x1, 0x76597409f648cf3c) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x2000, 0x0) write$FUSE_LSEEK(r2, &(0x7f0000000280)={0x18, 0x0, 0x4, {0x8}}, 0x18) select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000240)="0adc1f123c1221bb40ad450c361b5ee83b3188b070") ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:32:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40106308, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 627.743606][T23825] binder: 23820:23825 BC_INCREFS_DONE u0000000000000000 no match [ 627.791718][T23825] binder: 23820:23825 unknown command 0 [ 627.838201][T23825] binder: 23820:23825 ioctl c0306201 20000440 returned -22 07:32:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:49 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x1ff, 0x400000) ioctl$SIOCAX25GETINFOOLD(r1, 0x89e9, &(0x7f0000000040)) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x4c000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:49 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40106309, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:49 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000200)='/dev/midi#\x00', 0x2a5693ab, 0x60081) ioctl$TUNSETSNDBUF(r1, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000240)={'gretap0\x00', &(0x7f00000002c0)=@ethtool_drvinfo={0x3, "8b05f58fbdcf405dbbeb172333ba14e490805cfad585aee4ab18595f9e4dbbdb", "9ff99130bfababd3760976d37d1ca162201b45af73d106efb920b3c845271df8", "1bbca1538dbb3565620a0a61c1ef656aa3d580ff295305dbcfd0302e31187dc6", "7f2bea46ef7c9998bb8afb7e4b15e2bdf6c6d6241c69ed4529d21897db7d2e96", "84a2a4584d363eee7de398c0357719cc31acc1d0ec2421c79c5742c6d1eac39e", "d06b72f0dababaea34319efd", 0xfffffffffffffff7, 0x4, 0x520, 0x3, 0x1aa}}) accept4$bt_l2cap(r3, &(0x7f00000003c0), &(0x7f0000000400)=0xe, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000140)={'caif0\x00', {0x2, 0x4e21, @rand_addr=0x4}}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x6e) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 628.260946][T23847] binder: 23842:23847 BC_ACQUIRE_DONE u0000000000000000 no match [ 628.289998][T23847] binder: 23842:23847 unknown command 0 07:32:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x60000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:49 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_EDID(r2, 0xc0285628, &(0x7f0000000080)={0x0, 0xffffffffffffff7f, 0x5, [], &(0x7f0000000040)=0x8}) ptrace$cont(0xf, r0, 0x42, 0xffffffffffffeffe) [ 628.320561][T23847] binder: 23842:23847 ioctl c0306201 20000440 returned -22 07:32:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x68000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:49 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = getuid() getresgid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={r0, r2, r3}, 0xc) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 628.601889][T23872] binder: 23868:23872 got reply transaction with no transaction stack [ 628.632213][T23872] binder: 23868:23872 transaction failed 29201/-71, size 24-8 line 2899 07:32:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:49 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6c000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406302, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 629.068786][T23896] binder: 23894:23896 unknown command 1077961474 [ 629.105747][T23896] binder: 23894:23896 ioctl c0306201 20000440 returned -22 07:32:50 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(r1, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r3, 0x6, 0x15, &(0x7f0000000140)=0xbd8, 0x4) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) accept$ax25(r1, &(0x7f0000000200)={{0x3, @null}, [@remote, @netrom, @rose, @default, @null, @remote, @rose]}, &(0x7f00000002c0)=0x48) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:50 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") signalfd4(r1, &(0x7f0000000000)={0x3}, 0x8, 0x800) ptrace$cont(0x1f, r0, 0x10000, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'gre0\x00', &(0x7f0000000140)=@ethtool_drvinfo={0x3, "dbfeeadd129529b320e7ff3b46c36fb5012330161c70ac9176df4540a93a3595", "57d0db584d7055c2fd777ba903eb6103db381a2b09ca9f4e9d71a6f793a8b66b", "8d7758cda92f96e93681cf1e2a632f994a959cadf43ac36b12f2c8565dfcc633", "5cd2ddb09a064853e3fa946edf26f8f0dddd8eac05640a4192254dd9f48900e7", "09156c15e1492b47c731cfff496b80ae500686e9cdc33f2cfaedaa849b0097fc", "8095cb76c269f991a2ffb0ff", 0x7fffffff, 0x7, 0x9, 0xffffffffffffffc9, 0x882e}}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000040)=0x4d34, 0x4) 07:32:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x74000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406308, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x7a000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 629.268416][T23910] binder: 23908:23910 unknown command 1077961480 [ 629.302195][T23910] binder: 23908:23910 ioctl c0306201 20000440 returned -22 07:32:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:50 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x208802, 0x0) ioctl$SIOCAX25CTLCON(r2, 0x89e8, &(0x7f0000000040)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, 0xf, 0x7c2b, 0x5, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000140)={{0x1, 0x7}, 0x1, 0x4, 0xa00000000, {0xffffffff, 0x2}, 0x8001, 0x40}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 629.507643][T23931] binder: 23929:23931 unknown command 1077961490 [ 629.525784][T23931] binder: 23929:23931 ioctl c0306201 20000440 returned -22 [ 629.552230][T23931] binder: 23929:23931 unknown command 1077961490 [ 629.588250][T23931] binder: 23929:23931 ioctl c0306201 20000440 returned -22 07:32:50 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(0xffffffffffffffff, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xfdfdffff, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:51 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x3, 0x80000000, 0x80000001}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x800, 0xa1) ioctl$SNDRV_TIMER_IOCTL_INFO(r2, 0x80e85411, &(0x7f0000000140)=""/67) write$FUSE_BMAP(r2, &(0x7f00000001c0)={0x18, 0x0, 0x4, {0x7}}, 0x18) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000000)=r0) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xfffffdfd, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:51 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000700)={0x0, r1}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000004c0)={{{@in=@dev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@dev}}, &(0x7f0000000440)=0xe8) lstat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f0000000400)='./file0\x00', r4, r5) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) ioctl$KVM_GET_MP_STATE(r6, 0x8004ae98, &(0x7f0000000240)) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) quotactl(0x6, &(0x7f0000000140)='./file0\x00', r7, &(0x7f0000000340)="f6905993f67e29639acd578b301d6373dab22ece892892f0cc165183015e769b214360576db70f633e0fde24f254ea5d961b41080d9d0e22c0196cd0797d410a16fa6749f03a41478a2fe56d7303c99b212d8f1ab6224829af5d6e9856b63664f01db946d97bd2d44915dfa8fb3b43a774ea025f009c258e3774897908cb51d9ab45ac3d4ad9e8f18a51ed7e7f0b3c775d3297e67be30b1a87275f56dce78bc21b6f24c44ebdef0de53f134fdf7b2600acb87d5f8ac6cc161434f1eef439") write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x100000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 630.197769][ T3757] binder: release 23952:23962 transaction 89 out, still active [ 630.207399][ T3757] binder: release 23952:23962 transaction 92 out, still active 07:32:51 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x7f, 0x27) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x301001, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) tkill(r0, 0x100021) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x7f) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x6) ioctl$TIOCSCTTY(r1, 0x540e, 0x1) setsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000140)=0x401, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0xfffffffffffffffd, &(0x7f0000000000)) ptrace$cont(0x1f, r0, 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000180)={0xeb, 0x5, 0x241, "3bc4c036d52be991e2aa6c2fc5c1c83c678574eaf5c5170a93ef604e6ec4a0701ef9dbbbe33ebc58752195c3311cbd42dbd7f3ba1bbbf9b8d973bb203dd7b38d811caad5ee3b2406d826258c34e127766ad23e69ed2782894328e3bd2bf04b01f6e9ca7517a2c53802fa477c984bd182c7d1d0fa34b51452f3959255101bb0f24c0fac5fab72930f7d9165d696a6cdca13f6852d2dc447142f05d3a455cc2ce5c402c57815252a18b432cc8a881c1092fc52396586ca2245a678ffa65619b93254d3f3973f38364a0ea1eab0886d0c896f6a51a2e11de86c5f8c1407fe58c20a5019369240ce1101003cdb"}) [ 630.375229][T23977] binder: 23972:23977 got reply transaction with no transaction stack 07:32:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x200000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:51 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(0xffffffffffffffff, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 630.423871][T23977] binder: 23972:23977 transaction failed 29201/-71, size 24-8 line 2899 07:32:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x300000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x400000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 630.659231][T23999] binder: 23998:23999 got transaction to invalid handle [ 630.693446][T23999] binder: 23998:23999 transaction failed 29201/-22, size 24-8 line 2994 07:32:51 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) recvfrom$rxrpc(r1, &(0x7f0000000140)=""/63, 0x3f, 0x12002, &(0x7f0000000200)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e22, 0x7, @loopback, 0x3}}, 0x24) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x500000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 631.131602][T24017] binder: 24011:24017 got transaction to invalid handle [ 631.141518][T24017] binder: 24011:24017 transaction failed 29201/-22, size 24-8 line 2994 07:32:52 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x101000, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000140)={0x9aeb, 0x1a2, 0x2}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000180)) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) getcwd(&(0x7f0000000000)=""/96, 0x60) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:52 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(0xffffffffffffffff, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x600000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 631.332914][T24032] binder: 24027:24032 got transaction to invalid handle 07:32:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x700000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 631.374799][T24032] binder: 24027:24032 transaction failed 29201/-22, size 24-8 line 2994 07:32:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 631.511328][T24050] binder: 24048:24050 got transaction to invalid handle [ 631.525715][T24050] binder: 24048:24050 transaction failed 29201/-22, size 24-8 line 2994 [ 631.600890][T24050] binder: 24048:24050 got transaction to invalid handle [ 631.633628][T24050] binder: 24048:24050 transaction failed 29201/-22, size 24-8 line 2994 07:32:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x800000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:52 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x3991, 0xffffffffffffffe1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:52 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000140)=[{&(0x7f00000002c0)=""/170, 0xaa}], 0x1, &(0x7f0000000540)=[{&(0x7f0000000380)=""/189, 0xbd}, {&(0x7f0000000200)}, {&(0x7f0000000240)=""/59, 0x3b}, {&(0x7f00000004c0)=""/68, 0x44}, {&(0x7f0000000940)=""/168, 0xa8}, {&(0x7f0000000440)=""/24, 0x18}, {&(0x7f0000000a00)=""/171, 0xab}], 0x7, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) write$binfmt_elf32(r2, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x100000001, 0x3, 0x8, 0x3, 0x3, 0x6, 0x3, 0x31, 0x38, 0x2fa, 0x1ff, 0x8, 0x20, 0x2, 0x6, 0x2, 0x7}, [{0x70000000, 0x6, 0x100, 0xfff, 0x2, 0x7c7, 0x7, 0xfffffffffffffffc}], "24fdc07147ed126bfad50a7f8c502a8e15625f22e9fe66f552c59a2fdcf86f376f4ddd82d0d3b5ad62daa93e25757c6c711200b5ce391a6406eb41ae6d0a3564dd858f2af9fc9c62b99ad8efb4520baf7694796dff4b197ab3742567cd40064c412f06a4d1dfae14ebb348615dd544b17d9660b902e4a260c2a753238f2da1d7cead42ded5ac47ecb30b752bcaf26e715c14ec204b44722e893a71a91fc0c4c04c491e9f70b6", [[], []]}, 0x2fe) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:52 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(0xffffffffffffffff, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xa00000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 631.978804][T24069] binder: 24065:24069 got transaction to invalid handle [ 632.008843][T24069] binder: 24065:24069 transaction failed 29201/-22, size 24-8 line 2994 07:32:52 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) accept$nfc_llcp(r0, &(0x7f0000000040), &(0x7f0000000140)=0x60) gettid() clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:32:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x1200000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:53 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 632.249166][T24090] binder: 24081:24090 got transaction to invalid handle [ 632.284449][T24090] binder: 24081:24090 transaction failed 29201/-22, size 24-8 line 2994 07:32:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x2000000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:53 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x4800000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 632.503402][T24103] binder: 24101:24103 got transaction to invalid handle [ 632.533133][T24103] binder: 24101:24103 transaction failed 29201/-22, size 24-8 line 2994 07:32:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:54 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x4c00000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:54 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(0xffffffffffffffff, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 633.230469][T24121] binder: 24118:24121 got transaction to invalid handle [ 633.301627][T24121] binder: 24118:24121 got transaction to invalid handle 07:32:56 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:56 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) write$selinux_validatetrans(r1, &(0x7f00000002c0)={'system_u:object_r:userio_device_t:s0', 0x20, 'system_u:object_r:syslogd_exec_t:s0', 0x20, 0x3, 0x20, '/usr/lib/telepathy/mission-control-5\x00'}, 0x83) write$P9_RVERSION(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="1520000065ffff0939651e79682ec324f9ca0c300300000000000000ac406c00000000000000000000000000"], 0x15) shmget(0x2, 0x3000, 0x108, &(0x7f0000ffa000/0x3000)=nil) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(r1, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r1, 0x400443c9, &(0x7f0000000240)={{0x4, 0x8, 0x7, 0x7, 0x401, 0x6}, 0x431}) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) getsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000200), 0x10) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) write$P9_RLOCK(r1, &(0x7f0000000380)={0x8, 0x35, 0x2}, 0x8) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:56 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6000000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:56 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(0xffffffffffffffff, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6800000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:56 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 635.202450][T24144] binder_transaction: 2 callbacks suppressed [ 635.202466][T24144] binder: 24140:24144 transaction failed 29201/-22, size 24-8 line 2994 07:32:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x6c00000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:56 executing program 0: clone(0x980000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x2, 0x4) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000080)={0x10000, 0x0, 0x10001, 0x1ff}) ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000240)={r2, 0x8000000}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") dup2(r3, r1) r4 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x8000) ioctl$EVIOCGBITSW(r4, 0x80404525, &(0x7f0000000140)=""/232) ptrace$cont(0x18, r0, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e23, 0x7f, @mcast2}}, 0x0, 0x80, 0x0, "f66428d0ae96de46f5bef70591fcde19cbee8018def93bb34078e78669b191fa9354bf8ef0fc2bbe12d02a94096c895396e52ccd97b6c941b8a24fbbf38f74fea6c918049ffea8978172780e4c9ff0ee"}, 0xd8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$SNDRV_TIMER_IOCTL_STOP(r4, 0x54a1) ptrace$cont(0x1f, r0, 0x0, 0x0) nanosleep(&(0x7f0000000280)={0x77359400}, &(0x7f00000002c0)) 07:32:56 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x7400000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 635.581822][T24167] binder: 24166:24167 transaction failed 29201/-22, size 24-8 line 2994 [ 635.676457][T24167] binder_transaction: 2 callbacks suppressed [ 635.676466][T24167] binder: 24166:24167 got transaction to invalid handle [ 635.707556][T24167] binder: 24166:24167 transaction failed 29201/-22, size 24-8 line 2994 07:32:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x7a00000000000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:56 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:56 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x7, 0x10) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:32:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:56 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:32:57 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000980)={0x2, 0x0, &(0x7f0000000500)=""/160, &(0x7f0000000780)=""/211, &(0x7f0000000880)=""/199, 0x4000}) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f00000004c0), 0x0) write$P9_RMKDIR(r2, &(0x7f00000002c0)={0xa53e5e06c145d20a, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x299) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000180)) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000300)={&(0x7f00000009c0)=ANY=[@ANYRES64=r4, @ANYRES16=r6, @ANYBLOB="000025bd7000fcdbdf2501000000000000000b0000000014001462726f6164636173742d6c696e6b0000fb920acae5b7b2c062086f138cc63a7ef3c37f863c53a36ad09315ea1cd275ac6aac0cd6777d34d55a592be2c478dfe38fac467ff143ac0c6d85c9b8d11e4c195469d654153beb0f9d1e642104c2802f9ec9edadae8edaa9f7e177354c4f2de919041a0f49e3558e5c84e049f1964d2646b3747c0cd56c93ee4b2d07b4a29a89826a6a1e7cdc90e85a297daafdeca9c358e0ac1dd32a310622b981fdecf1bb3a385a6558271bb2c3b05eaee3dd55a8ec7c8c295ee4f178cc78dc2bb26fba18d6c769f4c6d4773d42fb2ce25223a06f3428749f0589fd569e4b3191e8a38207e763dd00"], 0x3}, 0x1, 0x0, 0x0, 0x20040000}, 0x40000) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r5, 0x0) write(r5, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r2, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000640)={0x12c, r7, 0x404, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x50, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}]}]}, @TIPC_NLA_MEDIA={0x28, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}]}, @TIPC_NLA_LINK={0xa0, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffffff}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffff7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000000}]}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x8090}, 0x50) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) ioctl$VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000140)={0x7, 0xa, 0x3, "7ba4321fc8837716eaa9c290b09a98cbc1b89f27b4a2fa22f842c41fdc3c888d", 0x3831354f}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 636.094193][T24185] binder: 24184:24185 got transaction to invalid handle 07:32:57 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0xfdfdffff00000000, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 636.145759][T24185] binder: 24184:24185 transaction failed 29201/-22, size 24-8 line 2994 07:32:57 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4012) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x4, 0x7, &(0x7f00000007c0)=[{&(0x7f0000000240)="98709bc3338950e8a8ccc8d6df5b81939b25898e0eda4c6f2d63c80dcfdf5c478e1c32194d12ccdde8c5df92d074ac3c625af79f868fc60d5618e2199fe7b7ac26f80bdb736cce734361b8689a62a5c02e390e0a36567d892771b850d16e666a14507f19cab450671ad5111d0738a0fb5564d7bbb897c850e68d44b9e3dc30f54cd558272117ac28b881798604013a7784cc64c1e6734d7f9c74c9505f7aec3af8b4c8cae1e1e60fc93bb5fe60a36cb664cf5d39acdd7abe7418b8d15bbe2db0d75f0c5aa544882cdaef2586348617549c31c66d707729", 0xd7, 0x5}, {&(0x7f0000000340)="640598350a4dcde8a02ccfd463373cce07f3fe79245232e0868688b105af31352b4ab9baa79f029d7564a04996c4d0ab86e51a57989024c05c33bd0012341f8a645bb93f5295728df0e9eb558ae1a2418f25954338fa23ede78aa70e3129c8b5a639addf421c21fefefb0d398172c155c842a0707aa3ef1d8dea180aecaea089a0bb603e9f19c56b7d69a4124e26ae117802679ce5205c0ecabb78319107812f094f9234aacd79b09d594c", 0xab, 0x401}, {&(0x7f0000000400)="88989f089e16da497c0ddac4902b73af8a7792100857eb25c760368b4884f1c1f5816c319dd99e3d395bc778a80cb40d67deac25ebc75d6507b0047e46b99ac60389c49ff5533ceff0c3c1fbe01b905862bc5349c24c231c4b4d49795b9ee591c165f56290d0d196711220a57c8cdf720c9ff3e5732ed98bbfd3f6c6e9fbd02f936921677692f0bf", 0x88, 0x7f}, {&(0x7f00000004c0)="d9bc178ffe299459957b54bc0a5e98dd1acf1cdbce163acf007c63ffc9a3395bc5128ebc9963f95b3cf39a82f68b1c1ee892e1ea949d06cc658d952d61b23c34ae2d3f0535b7e1e1cb09221c3be1e9ccadf311daaacc6c201e060b58071f99b6323329ebb28058", 0x67, 0x7ff}, {&(0x7f0000000540)="305c40bdf4712ede46f65f101b07fa63fb046e7ce17792b2166f8084bf6481b9c1cd0f992fc8a47698ce9cf65cd471dbc035bd98b7afaf5a40946874fe708cc91f767575d254a21eea8d3474928ff2ed24a170c8aed5b576f4c5fb7264e7f41a482fa1c85fc1ec6daac735b45452ae5ca346db71590c8794d1b58d5be15c3cacb97c6ea3e847925c1a922376c05add8938aeaa9450811646919ebc690c7c7fd5d851e50df89a313d7d40df59543f69e5aa036f49aba37a720ccf8457fe43c88c8ea59915444a68a98d711ee43cb133bb218608", 0xd3, 0x893}, {&(0x7f0000000640)="b84bcc586f8973c336c91500556e7ed67a337f3e3be4fbc600564dc35f9530ee4a5894da1f1ab492c0b1818d172268194aeca5f52f5b3cca2df3a09f9cbea1b18c829e5319925894", 0x48, 0x80}, {&(0x7f00000006c0)="049a7e2c4a793d4217ca24aa479f5df9b99137ceff7811e940b7dc709db807321b5942d014cec197fbb1c64e8243631a178a8d2d3f87a3f751c251b95627e513726cac5938f8b484894ca33510b9a515482fc9d4e4b50f9645e25b4a5e9910eec31b59de6835014e4f436099d8dd10865e664dd8a4fdd04071da088c7fd8f964df3b282114323114e57e86f69c7d3fe601cedb0d93401b41158c93b14c11367150677f7319c7efd0093b9f535a19b56b449cdc88fc9a374a3a4c70b2815e34b020258970fe879c578f5e90551178dc6e584d4e5b17b31201d057ca275e5fd427a51da669dcb3178c1ced75279a19f33569d438d619f0d9d0f9582d35c9", 0xfd, 0x7}], 0x201482, &(0x7f0000000880)=ANY=[@ANYBLOB="6a6f75726e616c5f696f7072696f3d307830303030303030303030303030372c636f6d6d69743d30786666666666666666666666666666ff642c6461782c6a6f75726e616c5f696f7072696f3d3078303030303030303030303030303030342c00"]) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r2, 0xc08c5334, &(0x7f0000000980)={0x1, 0x200, 0x9, 'queue1\x00', 0xa28}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r2, 0xc008551c, &(0x7f0000000a40)=ANY=[@ANYBLOB="ff01a515b67eec4ca2d5e741200d2d6d000014000000010400000100008006000000a5f6ffff03000000ee17010f812c24cdc3c91b7492f47d4a861d4c1b4d91cbeb2d1b8edab385f8766f7ef622ce950c9f70ae66b846540351bda4c2578c74dc264f7e5da29cb433c3407e21fe8035a95f940cd6ca26f18a5a401da4ce0e9c966941b011d89fba199f5507e2fdd98ace84b9f292c6504d09ed738ccdf69cf826946660f198168b8a0cdf154d73aaeb3aba5574f6544e36fb7b12c05835339115dd66c71129cdfcd22d21543d0d6277fc08"]) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000140)=""/82) ioctl$SIOCGSTAMP(r2, 0x8906, &(0x7f0000000900)) ptrace$cont(0x1f, r0, 0x0, 0x0) sync_file_range(r1, 0x500000000000000, 0xffff, 0x3) getrlimit(0xe, &(0x7f0000000940)) 07:32:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:32:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x630b, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 636.372886][T24305] binder: 24285:24305 got transaction to invalid handle 07:32:57 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 636.422209][T24305] binder: 24285:24305 transaction failed 29201/-22, size 24-8 line 2994 [ 636.441332][T24316] binder: 24315:24316 ERROR: BC_REGISTER_LOOPER called without request [ 636.458920][T24316] binder: 24315:24316 unknown command 0 07:32:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 636.485731][T24316] binder: 24315:24316 ioctl c0306201 20000440 returned -22 07:32:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x630c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 636.584741][T24320] binder: 24318:24320 got transaction to invalid handle [ 636.654502][T24320] binder: 24318:24320 transaction failed 29201/-22, size 24-8 line 2994 07:32:57 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 636.721237][T24332] binder: 24331:24332 unknown command 0 07:32:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 636.781523][T24332] binder: 24331:24332 ioctl c0306201 20000440 returned -22 [ 636.898378][T24339] binder: 24337:24339 got transaction to invalid handle 07:32:57 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 636.942276][T24339] binder: 24337:24339 transaction failed 29201/-22, size 24-8 line 2994 07:32:58 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="0f0000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:32:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x630d, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:32:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 637.465418][ T12] binder: release 24357:24358 transaction 113 out, still active [ 637.475043][T24361] binder: 24356:24361 unknown command 0 [ 637.480609][T24361] binder: 24356:24361 ioctl c0306201 20000440 returned -22 07:33:00 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3, 0x0, 0x400, 0x0, 0x10000000000, 0x7, 0x800001000, 0x0, 0x80000001, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) io_setup(0xdc, &(0x7f0000000300)=0x0) io_getevents(r3, 0x6, 0x1, &(0x7f0000000340)=[{}], &(0x7f0000000380)={0x0, 0x1c9c380}) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000140)={0x0, 0x56, 0x8, 0x101, 0x7, 0x3, 0x6, 0xffffffff, 0x0}, &(0x7f0000000200)=0x20) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000240)=@sack_info={r4, 0x7, 0x8}, &(0x7f00000002c0)=0xc) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r5, 0x0) write(r5, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:00 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:00 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x4000, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e20, @multicast2}}, [0x3f, 0xffffffffffffffc0, 0xffff, 0xffffffff, 0x24fb83bb, 0x5, 0x1, 0x6a4, 0xfffffffffffffff9, 0x9, 0x3ff, 0x41e, 0x9, 0x6, 0x6]}, &(0x7f0000000380)=0x100) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000003c0)={r3, 0xfffffffffffffff8}, 0x8) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x400, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r4, 0xc1105518, &(0x7f0000000140)={{0x2, 0x7, 0x1, 0xffffffff, '\x00', 0x3}, 0x6, 0x234, 0x9, r0, 0x1, 0x7, 'syz0\x00', &(0x7f0000000040)=['!\x00'], 0x2, [], [0x2, 0xfffffffffffffffd, 0x1000, 0x3]}) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) getsockname$packet(r4, &(0x7f0000000440)={0x11, 0x0, 0x0}, &(0x7f0000000480)=0x14) sendmsg$nl_route_sched(r4, &(0x7f00000006c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f00000004c0)=@newtfilter={0x1b4, 0x2c, 0x400, 0x70bd2b, 0x25dfdbff, {0x0, r5, {0xffff, 0x8}, {0xf, 0xf}, {0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x7}, @filter_kind_options=@f_rsvp6={{0xc, 0x1, 'rsvp6\x00'}, {0x164, 0x2, [@TCA_RSVP_ACT={0x140, 0x6, @m_nat={0x13c, 0x3, {{0x8, 0x1, 'nat\x00'}, {0x2c, 0x2, @TCA_NAT_PARMS={0x28, 0x1, {{0x5f, 0x2, 0xa, 0x4, 0xe197}, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, 0xffffffff}}}, {0x100, 0x6, "e822bede17ef1e2c8998c6d52254378c0e5430a4f6a181d3453965787b9847f23bb20894ff72d099d78bd2fcea165521ef5a09c77d2a42a31a12cc5168d1cd71f772720a91ad0f39f8f56d2b398f1d487eafef39d0a8c5c6f600fbb85fbab8039c1e6c2fe73d3da9167b6358557c3ee62f0368347117d234a35bb0c148b30ba0414c9fdf8aa3d36d02004eca722d8f91ecbf3e99e412975da46420f91af1ccd6c540539675a7f1ef96bee87f1e474d11c5191da3b55c1a106be9447b294c1020f9e592641c76c543101172b88bebb2cec8c8e4525b3412f020e7fc3d96916c190648473b8a7cbd4b13bcc83a45f95e9d62fc3aa1f61238b25dea4e00"}}}}, @TCA_RSVP_PINFO={0x20, 0x4, {{0x8, 0xfffffffffffffffb, 0x6}, {0x7fff, 0x4800000000000, 0x719a}, 0x0, 0x5, 0x7fff}}]}}, @TCA_CHAIN={0x8, 0xb, 0x1}, @TCA_RATE={0x8, 0x5, {0x8, 0x5}}, @TCA_RATE={0x8, 0x5, {0x1f, 0x9}}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x24004050}, 0x4000000) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:00 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="c00000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40046302, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:00 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x82, 0x0) ioctl$RTC_PIE_OFF(r1, 0x7006) ptrace$setopts(0x4206, r0, 0x0, 0x0) fstat(0xffffffffffffff9c, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000340), &(0x7f0000000380)=0x0, &(0x7f00000003c0)) fstat(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_virtio(&(0x7f0000000200)='/dev/rtc0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='9p\x00', 0x0, &(0x7f0000000480)={'trans=virtio,', {[{@dfltgid={'dfltgid', 0x3d, r2}}], [{@euid_gt={'euid>', r3}}, {@dont_hash='dont_hash'}, {@euid_gt={'euid>', r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, ')proc{[^'}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@subj_type={'subj_type', 0x3d, '/dev/rtc0\x00'}}, {@obj_role={'obj_role', 0x3d, '/dev/rtc0\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, ',&nodev&security'}}, {@smackfshat={'smackfshat', 0x3d, 'bdevselinux/cpusetcpuset\'$eth0knodevppp1eth0#}\\ppp1\x83-)nodev'}}]}}) tkill(r0, 0x200000000002b) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") socketpair(0x4, 0xf, 0x9, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x100, 0x7f, 0x2, 0x7, 0x5116}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000180)={r7, 0x1000}, &(0x7f00000001c0)=0x8) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 639.383449][T24373] binder: BC_ACQUIRE_RESULT not supported [ 639.389208][T24373] binder: 24371:24373 ioctl c0306201 20000440 returned -22 [ 639.411282][ T12] binder: release 24367:24370 transaction 116 out, still active 07:33:00 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="c00e00001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 639.432172][ T12] binder: release 24367:24370 transaction 119 out, still active 07:33:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40046304, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 639.548441][ T12] binder: release 24389:24390 transaction 122 out, still active 07:33:00 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x2000, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000040)=0x401, 0x4) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118, r0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 639.669829][ T12] binder: release 24398:24399 transaction 125 out, still active [ 639.691170][T24400] binder: 24396:24400 unknown command 0 [ 639.733440][T24400] binder: 24396:24400 ioctl c0306201 20000440 returned -22 07:33:01 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0xc4103, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r1, 0xc040564b, &(0x7f0000000200)={0xbc0, 0x0, 0x701f, 0xfffffffffffffff9, 0x6, {0x2, 0x9}}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) write$binfmt_aout(r1, &(0x7f0000000240)={{0x10b, 0xf3, 0xfff, 0x159, 0x3d3, 0x1388, 0x2b9, 0x2}}, 0x20) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:01 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="e03f03001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:01 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:01 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x8000, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 640.400641][T24421] binder: 24419:24421 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 640.410216][ T12] binder: release 24418:24424 transaction 129 out, still active [ 640.422432][T24421] binder: 24419:24421 unknown command 0 07:33:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:01 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c8000201200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 640.450017][T24421] binder: 24419:24421 ioctl c0306201 20000440 returned -22 07:33:01 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x1f, r0, 0x3, 0x1) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x4c0201, 0x0) ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f0000000080)=0x101) setsockopt$RDS_FREE_MR(r2, 0x114, 0x3, &(0x7f0000000040)={{0x9}, 0x14}, 0x10) 07:33:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40086303, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 640.615313][ T12] binder: release 24434:24436 transaction 132 out, still active 07:33:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:01 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="00f0ff7f1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 640.790823][T24448] binder: 24445:24448 BC_FREE_BUFFER u0000000000000000 no match [ 640.860140][T24448] binder: 24445:24448 unknown command 0 [ 640.866407][ T12] binder: release 24451:24453 transaction 135 out, still active [ 640.896428][T24448] binder: 24445:24448 ioctl c0306201 20000440 returned -22 07:33:02 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000640)={0x0, 0x1000, "38e13b7aae163c19b6fda2ad3d18f8d8db455d3332d86b427c4624b40f3ab86011b5ed0fb3b0b3ccdac0930b951a21078a3632138ecdb5a728d4b859e6f4591bd96449d54437bd556b13b7bd51d81f61fe451c3efbe64e3558085676d3ba008d3a80e1ecb035dc25c55f7154a88ff75bcab01595e293e8e32141ba24288d4bc23ee29be0a2b75cf9ed0b2a7ceb68f7fc26d222ed65bd7e0f68108a3d4c6fc1778491df45d0684cc9c3b67bc5d80d32cfe6349e0d71f0eaa1118113fe49c83bc3b7b69de7cbd1ecfe77d7d751cdfe93dfeea13ecb54fe76b674877615061e3e460cb7e24cc8110923bd949b4f2be5f058bd976a53cf37429b374e4de2ed7aea1fcb62a56349ef9790b3a0fa929e25ade411c53939b76f2a6d0d5923e36b66dd0aafda003b9784b1a8abe330a94fd8d06e8ffa15dc6aa54e501384626c0fea4974ee70c0181d612216ea281076d847bd27ca8cd8e01d9b6f35bbc5ae65e5969e7aa25e02483f9156bee28fe3bbd3d9a0d3b5d154ae10d0ca1dc78c487f082a4d6e421587112b3da26731a4d39a42585711edae05cedb77f3d2e7bdb0540d72bc4537ed98bcec6e2b6d61c4d4fa59841ce5d590f7248ca8076588a3e2ffe6c745f4994d0f7d52ba88a9cccb3f82cd307636046edbaa46d91534d0131522759ef35fe02285fe5c72ac4c08576e8daf62f10c75f3d866ba3b2cd422f6444a9d0a53587eeedda8ceb731ede6cca44f4839f55ec1864b232ba7f73a3f90cef49c80bcb0d7ab884f0cecddca8145a4c2d22628f08f3b77ce2da594f123182ba4016ec528ed410dc55b65084bc15d63cbfdbe0f398a8fbd8fa423c6804213dffff5bab2f509050787f759b425335d72eb7edd6e79bfff923521abd3d3050744f2f58c39b288a2e1085ec39da4de5a98de9a2931d8a4742816dfe1e4ca3be9fdb98e9c74307637834a0699cd5ee59e7a022d2cd3ba8b532c93a33ba38476b73aa7b55a115666b67ca85a68ceccc5faf78b8edd230fa4aee3f1113a9eaaeb87ef670f18f2b418a04f7d61a3d20240fa8f008a6c9a1931030febbcda82155d9394bbfd70da759d5439a9cf0605f08b9ebb1d58d0d9398d1cfb4e98b858426efacbed1884fcac155f6e17f518a56f1116e29bf33060ab511676dc4e82a35251f75baae1116d35a771883fe036c95186bf68578af1c783bf5894ddfc9d003f990e3f5146e8dddb9b30f2067f3bb47a203da57e24a29ec3bb423ebef721c7c17f5641de525be71e54c03b29b9d2537eb635b093cbc5fac9ac9e7f4baeac14b12840c7a8c8e49e2048648d467801f7cef34c60d6014bc43ebd4e17a0e575ce882393035f98cba775198e9c6b25fafa861359720e81552dc728bb648c79248695590e7900b5dc4b65242cc00f2eb3a2cf4ebe2132c0672ae0621e6e2af55575b9bff14f9c7346b2d107cabffc59e848e4d9318dee3f1956af059578c551d66c8e936d9da2e49dc473879c9a4d092162250dad7c981e8eba011bf109b5f00a4c75822738583ae68f40cdd715d34ffbcfaca9c0850b0dd21de22980d8427b0d0aec47cb090661dd4a45719c0062942d8ae70c3d5d888a3b469f62e6541ead7775f30bef3142fee152766f43924babd4eb4807241913047b4b765acb8f68ce4dc47797e2dab10290ede80bb964dab0b6f8d50e8c0cc566d81d28af05f432693e823ae1d24b5591b341cd44c4d60efa9a9b01e6967f823d07456775abc3be17f8cd008d574c689abb08b66909c3c35016c865f0f1ec1429e7b4f0da4d42a0f0127edeb94c78b0cf3597a017e66974c3c2b35b583af37dc946013d25335e6337fd6cbe9b13d943495070bc65823ed22e20a332888bf82c7f08ad69226a8dab88a7cb4eadfd158bb01042d3a16a6e6b58c20c8c6f1128c3c5d400c144dcc2d2aed1102d3f3e7b837ce848bb366229a74981fd968a03e862d63b16d7616ceb991bec70f9e1d72b760c87e75cfed1fd493652e7870aed8a24725f8da48de620e0ce4e273c4063cffa2471b0f3e8e20b709f979f4b37ff3964a3c913ac409f966178b0f691e34edd52ad43b4b859a20c746d1db9a277875070f82f77fc108383cd2fc15c1a582874d1dd24259927b1d47c916b7784363eeb172d9484b455e954717064c8f1a5b799b5f8c707fd546893baa2e8e1722a19237afb937355ef2f864eea924bd7ee5c9a8c4870bc1acbc29f835d318480180e225a9976179977ca0eb7f7b5b5fc40018bae09cb6dd295e379bb5f2b761a0ccf30d5f2dbf1a5f1109464c1ce7ccc7ebfae9b0977a6088c04d91cbaf6b5ea5ecc2cbb9dd2974e51af287b7db60f900328a5cd009baf9e73fcbaf4bb7e127ea65d6f4904c788024d0886ed5383c769ae4345c40b02a05a7ba2b96fdc9dfad1fcc56edccd4253da73c025877daa83e71641059a41ed0e854941022a8f039702cf41d6688df4e3169fadc0b9ece211c592a9c94f514ba6e740a2ce2ea21b09633f713c784d299b8065b61aa2ca55e30e6610efeda81b7d906db9c305286839d77eb17dff8d15f0b702499afcf92422c344756fb42e3d61b81ac53e80e98594316d6eded7938ed832c58f80b67c2a3211d76477bc15a12d81a23a8e5ecec01aa5ee2d16b495bdbc481fd7836acedd093067857fff0a8a7b098b5b8558267429d407713c77e20ab5cc3bea67101a27b551fd3810750b0d8efdd08f82579b21e8971bfc5525d5ad04d10800a7439b86ccbf7cbce8205a479a2a6dbc74dfb06010377bd6060a990cc4e4373e756740eccb390f7849eac515fe8a3d9d676f087b400eeaffa3dcd558c570f134db1d17fffc79d9fbb8e3ef7550e2e79df7f70cd3691bb21ccd3caedeef33cd60839c7cc95749c70e6c61eafe1d83627026b93a69a11a0e9f7493b7bcc8be2f041a3cb61efa1d255b042a4341ce4a590ebe071ab2c7994b95e568e4a539713b9d936e4145a0ec5ae13fbcfcb927ffe49a0c1121f3af684fc37ca5519a55836af7acfec396b1c05d88e20e7c9dbb11b0b3922652b04f344a8aff7b937ee06a3911a96fea724b1730a1fd85e89e25808edb6dc4429ea7cd601f92a9ec23a605c8df46790c511d2899a7ab5ef1437f99b582bc066f12a1d88fac91dbfc4cec8c3a012035ad2c2d8ef729721082401450e8105b2f5df6d629063c33e6bc5c644f3a6519e525180b443790cca37785f6396cac29969b2a7da3d64945bcaa78789eeb6e8b4b7ad43c185ef8e1d93e4f396bd686d05f3a779b540f35eb39a33dd8914388f8a464be51b85b143ab681c64111ff312fa93f4e20ca5ffcc4921f27586ef71ac8aaea2b77594214e537b38a8d7a1409cc35894ba8df5e965a8ce6973a8db6fe3dd767050216783fb124c0ce2ac33d2efdd466fc6e3072da8770246d55bd5a4bb08b4a747394aaba3f2db8f436fa30779292f47ea4b9850f799113c0d1eb100f92e9ef74af7f31d7dca84a1aa54940563e143a26f70c56af5c411cad8b9f7139ec8ae47942095d0eab9c66775677e7bf5947aad60134ff33a0541b370c503a502175561247d46216b23ff44b5a34debdbdb4060daf27408cb5a1517b56ff3914efc41c67eaf95fbf6aa00445a3e55a5f4d3cac8b0cb7ef65037be5033371aa4bee114c05b0aacd5820b04fa1c8152eabf7011fa4cd3bb7fff0100f46373246db4f46a93cc7fac517dfb3077009400cef12d57d54472a7610519416a3be5ada97a649ffe19570eecbf7448b031b9dfdddb87740091f10b6edd268e0888d5ac8576ab3f3601a948c7605cbb2f2b7afcc1853ca3e110ebe2a8f2223d3f2667198c3e6d4d8956bfe9ac5cb754b3bc0b5851c21b4dd9fddff42ae7c2d43a09d0f41ed5401abebe7549438bdd8dfd7be3c52035f3e3a34ad8d935d8a3e1a46e29089912e44b9f6ee31d6fdb988f340b89b2ba8146413fee0a7f4f4bf9e629b5122142536c906243648ceeceba6e4d1150c82f61b5ed6be4079a6f19a66edf0d2dde77b95fa68d91903e0617586bbf9531c81057b4c07232fb6e6003fdc0db4f1027b48901c192be804cb83a36895057fa3df6f71eb7127e09d440bd4892c800ef4ae973a8daab96da62358ea90e34f0e95e0abf7e1c09a36a4a5d9059b8263945f25f6821c3692c17b24f0a4532e219a8d8cf701aa02142b7990500824f20b61afca95c23df6b66a51d310c7d5ad606c7a7b64f96f208175ca94f552b10c85c876b3c2f388b9dfb5553ef3d23dfc6e63da3e3ec2bbfe1a1c592f1ca9e24634951887028ea9b3aec95747d28a4233514013081c2423c25daf74404f8fcd49c42bc8aabe9103d8c37d127fd09d0ab908e49178523970f0fd308cf82a2d0753707086456e81ffd719c79e88528d01de4468b99d41c33fd1690e183781b590bdc84a8e6ca27bd25f4ff791cd9840332767e9cfbf38fc962ac85329908125f4e4ec05b9b8ce348e535b213f5daeacd8cfcf666954fbd3e618b7715c0b27d3cf9317c0b9e1cebc43e7704503fdc589543c4a79c30a1df7a1c103cd787a1501b3996554e168db3eabe6c90ff19170041094fc4b6d9fdc6b40923de1e16224a4dd786cba471122aef951b5f163958b39ddb42722c6546c3a3492d8ef6c43105cb3c589c82b32a9f2b51c18aea8cf34e85bd4fee46131dacdcdbac26df3e769f65d3499c2d9d6eef0fcb92e5b493a0cc4da080979b0e5cb726ea2b5c2c0c0fbfee0aa5717267fcd54e55cd752c4c4b6030cdf12acc38aa4adbb3485a65bfc1291a847c0d4f14bcc857d35bf9be416f10aa8d17563763681068ed03ff6ec868d37a3ce788afdf4f60203ba601122157b2709c6f9f887afd32d0a4c93d4c731f81599c8a1ad4de5e9f63cc031bb51bd81ad8ec9e73442be5c1bc36617272c043da297092e4cf50b9a3a10cda90799fc1e7d96b819093351d9c6afd2c66753fc65fa3090a3f0f905d96a15f9ffe304394cb5882d87019bf208036e94875a963c9a26bb41498648bcd68870c75354145ce7648bd4601654223453f5c947923ff8d759db6636aeaef7f418c38325144004ae3fa4bea0133e3ed05e107d2ef8f03f8cbdd160d1802d73d9542c4d580b01b49238fa4f0e325665418952ff793082e16e984a41742b33c5184d616afddded2e8654c4f988d3dc0d70f047dbe434dc33a5be536dfd3e0d34c784df524e5176bd2497f0abb30a034f2e67f200ebec0a4d43837b7936803df530d3052414325d19bef9f3de305b4a8ea829c7a6ce4af3d373126b561375a0e53a2f7a135ea8f5c44470cafef2fd0c2e083164d821d3981a21126182bed2c2028567190af306c502a93ec900f70c45f5d9bf82cc6b5bef2c0c1c48a0ee40e36aae4cebdfda8a585cc6ef6306ba0c9165b478497494ccce295e9afdf129427e3061df3abfd83823affde8edd7b2a34d8b6234aa0164067665a98cb81078e72560eccaafc66e918d7b786a72f98298d599ad0ee6053dc44f121045fe84173965ff57f6a56bad21ffb7c9c96d4826d65d0d93e50823d7f1c45724e4895ebc61aacafe6ca976372e6ee9f880c75de7ae24d9a7362795150f1172bb044247c3da89d0a414c4c953b0b0c05150628e25fa0ae1a3ec078bca6f2e6fab6640b4b222a61713265f8742b260e4dd1be3e0ba8aab21ecc900b90a4b2f82fce83f4388eff203300becc4ea43e914422bd95b7b4582953090b3addfba37bd1743066aad44f22eec1580b487bd1970da9be62fd431ff3f8572b30207068e95fe5df89153b0172c9fc445f37b2ec8eca6f45317fa5d93"}, &(0x7f0000000140)=0x1008) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000200)={r3, 0x10000}, &(0x7f0000000240)=0x8) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:02 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r2 = syz_open_dev$mouse(&(0x7f0000001e40)='/dev/input/mouse#\x00', 0x2, 0x2) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000001e80)={0x0, 0x1000, "483d1f7a3f7d59f6506da467e2276646eed2999f96ecf7a397fccd3fcb9f89852f476ad11404d9e25d7b133e47cde763bdb649cfd52c866f93ef94c8f93f601fb97d8f17cb655fd012fe42ee305c2993a83de494bac668a7733fbcabb8c07fe6b38faa19e28fc98c17ab7e615bf677201c91eef69e7eca9b8a68ba4ca04d698673e4ef4b0a9c4ef1aa9babfd8a2157410518c873bc8a93b1e7b311c307935fb3a5ed467a932f695424d2cff5e3c340eae47c8fe719129799c744e15639a7368a7429bdbec52b8d3bfbfcd9e3ee402ca96f8271b65782f3edfbc8166a83dca6c7a483fe9ccc255217c3072deafd6d66be137b7cd178ea236d149424da33ddadd4c989e9a544005f593ad3093a5ab85da865f58edf068cfe153a4f4b20e1c0d01801eb90789cd5004317a790421b495c687fad591a96ad5b60cd9edd847c3a389543c53b0e7ff8e3247150c0b28157570bcabd2d55efc3b04e9563fffb45b1607601a9800b401c25c89bafb4f073984d9cac45053a2697ab9a94fd3627710d215d4f26749c80864c368a7c00b9204686016bde6749368093d3704e1059924fcf11ec8c84a83bb9678abffc609ceff39ebd17e3aa2cf438bc5f2a8d4f1468cf6e580f87e6e37432f3b9409a15806c05899af1e59e0368b18b3236f2fc4891ee354fe9e7efcc8554c7164fdd17c873d57ce3bd2608c2f525668fded92825e17cc9b42d3dd31dfc620fe8aeb984ac861af501a185aea0c97d094b5aacd37ffb0c01ad72adab18c502a2ff5889ad1b2230a63862a59b0d6ee8c168f8b6b19ee7b7823eb243204ecad33e5b5c49f419a1dbe997d70edb09a3e65be0410258e14c14f3a049e9386cd248ba00bc39cbe222acf84e489a4816f738bfbdc469ee808ffc1d7ce31617193f00790815a83b7ef55871df1399f649c907f6e0251e45f9f88165407efbf633af9650a5d2b33c41b6bce2784ed0213e6ea361dac97ca8195c6ed9514cc1fd8dbcbec4d30aa9eeab0be0f08be9fd7e85623ecd7e22fae7b6ced68bfd7fe131a99fb6a235cde2f0876ae92f3b67b15bab561806aec960a01f5bd38922d104a09cf15f798b62adcf0ce92267ae30bc24ed3093fcd62c9010be54bca56a2b5e4473cb57b805483490c1c027b5712fe464039ab9ef9ec86ef331f7c9f74bbb61416732c0ff847026a1ae0c4e7596b92e159838ed4053ef812327f64fafb221c1b32009023f95b34a3cb39aaabc5995d8c93ef9d15df44f075aaca2f3c4fa3ad913e4ebf87cd76555ac0ac9ec649d2a3c31aec79a6047a6f22db7b82dedb5a44ea77641ac2b6730e6d1c750508d2ffeac50e5f75fe4e609d2ae82f31632e321cfdb615b946cfd897e6d1bb1a90a869751fc2324675858d041d160b92c3d40b15d9afe0baf7458fa22b307fc55d7f7dce62a672932891383de3b82d63afb1cc7eb5a9765bea2c6ab2afc8f13fa90a0067c3195d4adbea419b2c237dc577a763517a09920234d3c7141107dc3de579750ca61ac24568aeef7447c22b0f6779f591eb0e95862cf3e7bdf37670673acb571c423378c9950de5e984c832bd502a3d38c4c11fb47d5ef0d742ea941ec505138cf617d9d134e9a4287ca37c09b572f0741f08e409cd1b67dfc227cdc492b279fd5e681cdad60748e16f493c14c2a17e04a8afb8206f6bd909a0bce93a2c5c5c380584a5c9d8c6c6989c71edb44f0d7193619232db160a120d4b4d12eeb657b7e69e5d39a1b51306678fffc18cf26ee9daf6b3b239e6f6d010bbfc6b82a0c51d9a8a76305018f9a77401bac89619556f3d21adafe7ad85bc6c01ff13eb9b24aece82ac93bc6986c42544459feed4cdd610309ed539880c94d085dce17cce36374b39c03d8eda1703759f7de534fdcd67881730162c68c58d0e7cbe60be031de51b4ca07025e10989f1bff933b90957eba116015960624b38b2da535a59284335ff87a7ca5f81e017f1d338366e7567caf7c422cd5551996ced2498b5f760d87136b458b47303a9925712e1a46d394e789e03d1942cc31d09a30c500e137e3e346f6e3c3e8c25ae63eb4c2011e4355e68677a0624d9c3240b7a53c61c9989d86afe27512f58ba6afa97a8057c4f2e5a055924ed1cb16f2b6861282c9e97d6d502ace5e32d684e516602ec377f4a6e0b0a0811ee9103068c08048076cfd1791930243b8113ae360e22d75421208719dd319c84a855da7c422ebaf6ff5030973e32f5e272d54abf1510a1e6816fa550c94c00eb2a8b24d469c92eb60f3332a46b8bda3e99c34ebda10360b6aa22107fcf8caab4c2fc5a524bcc39cab128dcb309bfaeba634c255aa3d654e64818d1f09b94aff929aa0f33590438f9bf661be7ea746112866835f4411da4bf5f981d61567a6c3559ded166fb5795cd8348df28905acac17cab293aa8f69e6b3f0d6e4dab6709307de0bbeb1675a6d5e04ed6e948eb5e8f43d769b3675c782ddfcfd20c7a5c8a070b6aec74124acccf75ca0f01a85763b141b7f2b8a81cd7aa6441514954e9bb5c9e038cc4276b16cfd561ab96ca330f8cb7b869c9dd2494767e3b0edeeaaca1b67e5c39a8480b6e24670fe6eec1c3dff9be4a1afd82a9aeaac88c529f710939a994accc419f25dc9e5204106a7e63d6771b7a942e7bdddae97ea55c980398bd87de7160d47a1d056fda95bd351e9e1f57587f65e12671007f5a9ffd9a9929f03d8f9cd431ef845c31c7c4d70837d6de6026a8842636ce93a6eee463d95f629b9138b2d10b814f9a63200dab2b5671c70cb58fbfdaf0ed179ef13c5237143170cc2aed1d74636bc0f1c58835a173aafeb10add72ac030858df0c4eb44ea430bf715ca938f310547110e3d730ba8da110d2bb8e6e9616795dae63d3035d7a365b45557e8b0fc25b1937b877cf8f8dc447e78b2a292b3812b736e1b9a6fa0f31ad15b1917b9dd557885a9307b4e749d8d402e5d7169492efb37390a63e40e42ae8bd167fb93665e3c1db49606327a22dff1cd70cfb1da79212041d9c721b747675b5081e812026806e41a9401e75d827d43e9b7ca77ef75161369051af8a66ab22c7bd32eba80fd1780fdf8b373bdd8f0c6312da5bf942917aed917d15a05438b1f8eb5b8cfdff6574a2ea2198df65299125647760720ef2063485308d6ab801368a090fd20ba73aa7c8c7cdff5bf6b2fbd4185047c15ac842190a9788c1462394185b1a10cba03c02084528369ec3155335e982ad7a10c503c0a8f1488724e9d66aa18cf569edbc36e0f7430ba3b84507d7e08ea9240660c6584526c56af686f4b5d847154fa0eee89775c892efd55db0f0ed1b54e2ea5d85582a65142f33c3efef6dd24b38ef6fbf294dafb7d69857dc2a75093851534d9e262c9aa9b8016d7a8d1053d11288be51e775c9333c5e84033d7d71e86e44bb06dc8cb82ef92289ee529ad514ff8a6575c8367740715e3694e111c8306e51be8c408c322aa8450728a11fdf1beb2f2f2fdcf1b1e784042abfdd738f7a08cbca4ef34846c99c7822b16fa6d55bea8f1451d0ca42659c08d7588ef97ee0f88ca7aa0268c5688875e6f08b70ec822745b6fa19dde1afb0981483cac0ef30478a43e2f0eca90185f15eb68bf8ba8e2eb9ab3823de542caf08ebf68bfa6167e646f55b382d497a1fe5290122c50df31c9fd7528bd07ad84905e5380f935ae31857f9bde4e62a07472084df0d9a161e75376b6e693f5b1f91c054a69b6ddc6861a23d0e230c410d320cf39d3198f0090abc6c7546adec2a278c494505b7498f09253ff533911cb3326dfb99b4cef90fbdc5cd1599e431af78d1f68cc439b169b7ef3de9167e74c8249c36f3ab50cafe96522399c5b0ff59dcd63423ffbe0afcc38d31234d6963dd6c0a79efc7fc04af90893a1bf83356cc91c44c614cec5e54433bf04af23279dccc472baf05c1e526f0da04a7899d9ff13607824a1355ccd5d4b8c0949b86f381f3f95a1d7f164ddd3fbd0ee6dd12858866bf92841b03693c9d10bfefcd546bcee4a03f660f9bcc7d0f10fece13061c9560d2d10d19730ccf4dd4e1e06d23694c1e6caa0d9319a416835469f2031d1cc8ca6c73cab89047903f4a4b3c176a77e2348ba6bf48185336462de92e057607f4b57704cb8db042240f6b72b4ba7d734720be810f2d4ccc993fe80dd76b0c33fc98801efc86d013ebfa0b4b25400ef860e34cb1d5ea9674fa4927ae6726b6364b507c786178b4892c51d3e059b6605aa76b3a40c134538f2d8581ef18a906ac902be00da75d39d462f45b801698a0625fef1bb2aefc12015ddeb8b1b8717972eb2b02dc0cb0cdf24378bf564533bbc848464d303359e271b804f3e89d864d7e87962eb927810e9046a8f9fbf23f23dc11f09961022af05f43bba17290ba1fb9f7c7cc08ce5f8e8cc4f9a6caf136e86ea51b47d35c7e0605341504cefbce4ec329d432f064ce8249fba0d7475aeebc1e92ca29130fb3731e6649ea726f1a6b8726eb208232b9b970498d4b79114b4ef027d9ee7837908ba35eb3d6ce0e953545cc5d15f680a2783fe4e129a5f2bd95037b2d2d6f2c96acfe99135569a4649b2e8a3137e34d33b6fee69c8635d16377b368584419aa0a68bd83e8ce493707929a8233b48f56888de29842c57722a9b5c9df0e1789c27656499238c17119fada4fdb21d59876d8bd8bc94d0c91c836e631a7776206876d8bcc88a59c492bf62315952e7a613fe154ef354536273606fa1ada82100e811395be30cfd315e43595e07de64cfabdee8944a28fabec64d323ec863ee36b0e8044a58daefe5e449ed6e994bcad91e6b24aebd9ecd5995a82b1d0c7233e507f8b1c5f89a8afce247d743485525cad3e032cafab8709ca4fc3762a7bc72a8691de86268f6a7c198c1767e4610abaeb91aa9d4af123a5c72b220e715428f723999a469ec3495b2bb91fca6ddde790f817bcde3d2dd36e91710edc8d6315d7f73b6596fd450485b43b477b6c78df6d1f975a4c9cccff5b7303a47ae9bb30b4b3bca345171270509ce22eedb2626f2d1400929a3233ad73e6b118e33b2327e3bb831d5da7d4e0eb63c88e6d319223efc37f3bf6b81e5c85e60f8c50da70df7f4ba583607264b7245ec04ca38a36ba9fc76bcaf7f8a29c4fe9be9497e5df8998ebe6dfffe7136b41646dde460f17991af02bdc72882e3d05438200571f2fe1ecd0ebd92402e0ddd5632fa7f14966e5dc55e17e2b52f873a4a1fd585986351eb36ed82e52606b4cf9aa745f7d7de237cfe8e6105b4b2036357d4064861d0fb8de1769a7afc15ff5e2918579f5285597296be21be4423f9a90a61a752e6d2806faa0bb8adb44870845cdabec96037883981aa0e4e5e07a907da70f8a37a346574794a0130d9b50a3cd6a1848ea3746d137355634d33a084c26534a873268ef8fce49aaad9123558907284b5c377d6c5b0b30ff3a1c44446b16ccd73041c589d63d99dde7f98a90dca5cceda216d30e256ec5c43375f8c52a3e5708860682985e34523db2048a21640d69e488e47317b5221fc4a46bb924200d09ab441fed8679afa26db7a90b3dba862149b515fc3daa531cc240b8694827050b7a19c2cbcb76e46d79772c5c22db9998d79348c77c7209715d517304f007396e7da84c03acd5a2de692ac5d8fa2e848a0c174e2ac9bd4ab4c9a49389be359f4d24474abc4b83e798f70e6b6dfaef58b5238ea9b3bf84a428a3d83a76cb90d28581120701ca930a39e9271b654af6aa09ce776e98ae0132e93f3d6e0ecef67af89c26ba4e604df4c"}, &(0x7f0000002ec0)=0x1008) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000002f00)={r3, 0x100000000}, &(0x7f0000002f40)=0x8) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001d80)='/dev/autofs\x00', 0x480000, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000001dc0), &(0x7f0000001e00)=0x4) ptrace$cont(0x18, r0, 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000001b80)='/dev/audio\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffff9c, 0x84, 0x6d, &(0x7f0000001bc0)={0x0, 0xc5, "995786eb4162713df26aaedf0884c5af22b69d01bcd11eb85e18aaaa03afc5d7f84aefc55001b85681034c6d004226ab625f60f43b7433c7df8d1cc59275900cb41bd007e58aa910b22be52f0ae2ae89e7cd6beff298ffd4a53997e56a835aea76f6857fa375ad94c5aebaaa866be0c8fddcf60d15ad8a2ceb0b5d643dbce67aa48cf5d6697c4572ecab1724a26a548d18e022a6d3d09f15cbe16366707446a9ec5fa4faf6ff6eae00f42240786c5acffd452261e14fb10952a03df68185c35958413dc716"}, &(0x7f0000001cc0)=0xcd) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000001d00)={r6, 0x2}, &(0x7f0000001d40)=0x8) process_vm_readv(r0, &(0x7f00000015c0)=[{&(0x7f0000000000)=""/168, 0xa8}, {&(0x7f0000000140)=""/215, 0xd7}, {&(0x7f0000000240)=""/75, 0x4b}, {&(0x7f00000002c0)=""/194, 0xc2}, {&(0x7f00000003c0)=""/153, 0x99}, {&(0x7f0000000480)=""/5, 0x5}, {&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/40, 0x28}, {&(0x7f0000001500)=""/161, 0x1a}], 0x9, &(0x7f0000001b00)=[{&(0x7f0000001680)=""/166, 0xa6}, {&(0x7f0000001740)=""/49, 0x952ac5ca7ba0fca2}, {&(0x7f0000001780)=""/215, 0xd7}, {&(0x7f0000001880)=""/169, 0xa9}, {&(0x7f0000001940)=""/195, 0xc3}, {&(0x7f0000001a40)=""/172, 0xac}], 0x6, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:02 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="effdffff1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x4008630a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:02 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 641.361824][T24470] binder: BC_ATTEMPT_ACQUIRE not supported [ 641.372756][ T3757] binder: release 24461:24464 transaction 138 out, still active 07:33:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:02 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000000f00ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 641.406069][T24470] binder: 24467:24470 ioctl c0306201 20000440 returned -22 07:33:02 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0xce, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x24) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40086310, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 641.558111][T24484] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=15 sclass=netlink_tcpdiag_socket pig=24484 comm=syz-executor.1 [ 641.575122][ T12] binder: release 24480:24481 transaction 141 out, still active 07:33:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 641.647174][T24491] binder: 24490:24491 BC_DEAD_BINDER_DONE 0000000000000000 not found 07:33:02 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") rt_sigqueueinfo(r0, 0xb, &(0x7f0000000000)={0x37, 0x3, 0x5}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 641.708874][T24491] binder: 24490:24491 unknown command 0 [ 641.730707][T24491] binder: 24490:24491 ioctl c0306201 20000440 returned -22 [ 641.798270][T24491] binder: 24490:24491 BC_DEAD_BINDER_DONE 0000000000000000 not found [ 641.842927][T24491] binder: 24490:24491 unknown command 0 [ 641.871778][T24491] binder: 24490:24491 ioctl c0306201 20000440 returned -22 07:33:03 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r1, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xd224}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x88, r4, 0x0, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x2c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x128}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x40}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x48, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x10) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:03 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:03 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0200001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x400c630e, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:03 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14) sendmsg(r1, &(0x7f0000001980)={&(0x7f0000000140)=@ll={0x11, 0x11, r2, 0x1, 0x2, 0x6, @dev={[], 0xe}}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000080)='+2', 0x2}, {&(0x7f00000001c0)="5c5581da409866b3e5028616fdee872c5483d6f791851155df0414d489660317b974cc3b753acc7d5cebaebb2e415ff72168a63367e0cb68e268dfda774678398bef51590a1a227e9c917225163e19f81561d7d14dec272e37c57063895c3c53b56e50e9fe9499a7be04a44724b9b8063ea7e44847e417c189c90ef0ece04a1980062814f1fe589a9e6dcb3ef03311409924491720d173b212370c1cd61c74c71c674dd2b521e2b5ef33b7c76a1e1c6712edc4be5f301ec7b95e801b5d57a475677f26bafd2a35", 0xc7}, {&(0x7f00000002c0)="05c5352e49f7901a7b84f27f8b00f1ce285fb49c13edda62aca352072a63c5fef395680abb0dc6b05d9ee1f884f101b06d7df00940d809e37c47d9dbc3a72aa2c262b88575ec37e5b6e903c57cabd7c122cfb9132f5dca9d111d290cd73252294ad066cc66d4b26eb5cb13ddd4c6a338653e6e0aeac10bbdb905f74185fd350673656ffab6c9f12d8b7e16c2896856340437e844f7b2858e956449150dbe430ddda0b38acfd23b8ff21123cceec78e51b102d6c7a200a7ff1cc6f4e2b9c20d2412468bcf393febc47ad4d9aa3dd22a0e54821d9f289d93d20fe453181bb63c4fbab4898f299d202e87beef5f52865481a56e1b1989", 0xf5}, {&(0x7f00000003c0)="63ae483f444d5bad3560074cbe53fe29ebcba0010a81bc7fc13e2d6b65c7eec168cc88fa870960595cd44f1fdebc704ce0464c874c4ecc2d6169aaf5acb02e0bdb28482f67e1404357bae590cf3c6f1f6b3a69150a545fbc376bea4ae1e7f495493d781f1ca0fb244066513469dc46f7195397d9c2e185234e0eda08c5a22d33f60fec2b42a6b4887f61b4ea45f21ce566b271b20fe5873732a63776c1121f7207cb177c756e6add4b01266f704c365c8626e95a6aedc257e16606b6a1894607ca684bf0494bb23c0cdf4335bec3684d3283a7bf4b9b2aedff8a8c0409c52e3d1d85eefb29da639c346bc037973efe6aa45dd17a47537badb34311c5e3de0b711786528906118bf9c9c928d420c764e841ab925f01ce16699e214052663e5a273eddc9f99ca8ef88bdb2723eacffec38d9899efcac99406d7533f0c3e7fa23bd1f96682f3d3b8184f5cb88c65dbf9df2c93b5967f72140c05eb5118a0637bc96d968659ec58e4a64816d9a33427202701a3cbc03200e6f2384f4026521433ef29b6c5ac13c87df79b9b71996168b538ad2d707701c44562206706bf5c34ed6992d408d345a3a874a9aeb2cad63f9f8d55c0b9193274d308dac041456cd3bea4779af32c18dbd160d2848336c8a54f7fcd3de4520b6ec83177a7bea2df7ca80225229c52cbc80a29e526e8442cefaf2babc334778647f0e67d41cafb8ea1dcd93ceed72df398a60594d67cee1981f6efe823b52405095623cfb9f90cad4c7c780ae368e4c220ff328b029f17a915103d5fc178706ccc6b6430adb519bdc3fd1fb1c2da2bab2e9e9fb22fec31a610829aa7b0ff5bab591bd27f310e5118360b901a0127a9eb553ce75206501d0dd0561a7617a6a6f20820d0ba3aed9fffb30336b3da336430c8067cbf8d314e12192901f38e7f4a61009b541e364acc64744962eb21a076f525c87adddec003b31336e41d396559889b9f6bfb684350d95588f4112d42aae33227170f3fe397e321332049b1189f5a213e0641b0251f80fb787ed0bbf0988c66b7503792f652f2014afe6d4c4dcd41244b8d5458ae54655ed6cfa86d3b0bde7cf5c5969fb8c1f05207954b9b848ddccfbe241c0541d706adf273966ce2b9b8c02d16f1c3fd54f8e3c14f90456f6dae74cfcf2b23c2efa3fc08f215aeb13b1e02f63eaaecb13e9d9daaa7558eea7e90d2e969d3f33c4a6f96d794031ce98fccc408a86f01be505d9e748fbad33727b6ccbbc6d9761b8670e382c9f852a7406170f0acbbe15ed85ffe7680df4db9fe3dd4dedddffe997fbdb4550afb6a01731e2928daa0d6c2b0985e53760690c82ff90921de662ee760772edc948aa38351b26d31d772c50b8787f97c8a97dcfd84bbca246f665f5635ac17106cd71f5d2c57d828c9a1c34996783624259c5133026cc1c8e7c73e424287df6addd2662f9360f998f53c07137493f4dc3c9051866d70a175c095e7e51595aef68f304ec79d69ae2090a8af3c0a8c461dbfa17aceee188101a4cea066dcd190e5f6723c982b35a8aeb4e61377ffdf4327b4b55a2637831ef9738065e84fd06a76d7963cbcde0746e87e4040d155cc5676bfc7b830fe8922e7d862681e5b9cda068f7313b7f948b60f46c9788db4ab9120d28b70d3140ccce5315a70fb0c9c5d0e2853a979551ccc74810dcc203f90405f0ccbeac5bcdc3a0b980bbf27eae6a3ee7d873e4aa37525f083e4b64be540cd3952ac214a7559d34dfc1260550b3a8b302064cb413e5cb246e3eca79d785ed51913eb5659ce2ce33c470ffc9fbe1ac1a90f474cd83838253ca6b68741f565bec3880737cfa83ef065945d7f67ecca2cf8fd59e30c69afa7c874f0797fc846d8df303048de11ce97b47240ddbebd0604c4fe7b92134b54dfe13937b50368ee1c9f5332bff9e94f8135f30d9467dd4ea612c011f05604a478d480033927d891e80fb2732aba899dc56b04738227d803beca1d2caa61f9beb639e99c5fbd074f6e29a6c4d281567e18752a7a9c5821b0a49336813cbbe127030b802e1baf88aa370463b74e281a28063648844a068fd667d45219a56a9270d4e26a99ca1f85796b339940be66017030fcca09f04cccd8c38731a54371bbf64a8009dd6138b4f9a11c0f7e1ec97f132b9016d276275b3cb3d0148dfcc967f745cded1dc2ad280c6e47bfa00f6cc1415a0392d59de7b92442534e3b9a89821570d7d8695906efe636b790da5767b833d4072ec456af2bdf6735a64f9d7525f9f76156459a6426f32a2a615fbea4701d1db7a8778a079b4858ea61c952436ad2e876620a11090bd22ad2a321986dd6b61a397a67e85ecd8788773ff13ab82427ce5603a3bf9cb41e217e6b97fb988a7ab05b088a033c8e9835549bd35d0db70f2cdd6b3de28c2774d8695880b7643ef010768bf6065b8ff3111eaa90642c3f5100847699559fd2e65d179c0a4a93f3b568bd44d2a825ac6f8feaa6bd08b7beb77f77b63287a4e86df99612b288677e78db8bea7ad87dc51207d97fb8e763e64b87bc9de302b5b79b8bb09bff43a99591f2edc9ac35ad93dbfadbceedeaa2e1e741ede859218328866da4ff6f860fe355536cea38ce54317b16571c6c2b85b47a7ac7f3c661cf0df0f88b20fc995ba209263e6142d5487ef8ac3971ae27e6dca559b46e2fb98f6d5a0be0f199990a725b388cc3e1620dd328cb283c962e021d7e7e9f29e3e7a0a5a656b8a788cf5c76cbdc40a6d1526c92b8d31fea0dab46ed5a6be992bd9d6c1aab3788975bdd365d38452fdaffa5cfdadd87a87b48e6bc18b7d4a089c52deeed77f2d381c55aedca04bc04f808c12d9391b06a44467c4452a9ff4249949fbf651a8926bf893e6f35c72c99e2529ab9659d0130274f6e698e71845ba9f62a5117fc166b90bdd0f19bec71d030d7e9828c1f7fddca4169e61a7a746d7793bbcb26ff0f942c8d53fc2312d41be7d8a5ee5bfc0d9f5a42e131f62de55d4a5b71735de28725c52b259aa8e00a91aa79edbcfbb1d10d192dc60142f7c7034c33fffd54ed305bd9711ae93836a8fc9a0c1772b3bfad4a1c8c231b1ff32310e62cf841e409d05c0283fde645e185ad63809313801cec0d08350df5567e2d32864145896fccd3347fa8a22b540b0204512cc528b463959951f99f481945aeb729ebf8b19205b03aca13a6bd6232f14f187223fb7675ef32d4cc7d8f15985acfb8b7a5754bb5002bf23feef6bf0304f7dc5cd11e579a6f150a1c86e56e529487d7d4eec23e3df659b0deb3ad69aef81051b051aa44391ac10bf4ea0052ac60f8699677cc78d9371be814d56d9b7327c9302fb9582aa6e9b651253502a3928a9a5e7f8d8e5c55921041d2aa5fbac1b9cfd812c9369555cc06debc9f0bd6209ca874ad2fa55877627cfc6cc76ba345d590af81e183d95fc8ff49c423fcc07a148145bb8f3ff91154acb9a29c067073601d59a48139cd0a60fcc82e19b250c0b98973c54f911478980d099190a00e7cac9e855b99c4720bf654e2979f8ec0adcf70341abc3272b0448732faf4119351c272a89bf9dbda6d2dfcc0e825b43be0c21b22f022c991cd2e86cba428f44ae1d901a10b14482e2ed4fa29ad76cc511afca7b569c8ebc98f22f660e752e42db3727f878d94b9afb5d67192a78adc554e4f81e58f9f4f12471c9c8666e2a4050eb168f13ab40b5e29337b52545928078ac5716dcfdf1e62b3cd993f8f846ad9d03c7cece938e31b5d85b96fb03c38d14f2d63c5f273e132bbb15cc4afbe3af84800dd706e3fabb4c8453cbe6642e1d627b35d246b4d0872e8e3e58c9db0470fa4860c69eba9eb2c06b0aeef9ae4823455c0aa68cb27df2c44203617edb8b2925b6253f361723b52e575a13acfa2e3a7c58fe8c27558fea1b267dfd5fd80c7b5799a597c4b8d6fe2200a611356060404c662b89f90ddddd5bac92070cede6ba5b19e259bc613b2d67dda36cbc9997f6278246f52e694840501534492dbc8cad7632f5dc47a927d5f5f1874e0002f6c29dc6a9c6b803f36bf5ff090854954fd0f468d57f4097b05b4f179e16903e5f83c6fde6a10a6a00fc05e4535ab415b183b1c7291ce3eee26b8d1c8c7b5c674f2cd7e580441cbbb672111a74688235da5d7c95f8f1427acc81a4d7ccd51aeb000d769407a63f82aa884ebe42d5183c3de650de0e37cedc377af6c9f451ac1a063e99a3ed48bf779f640be27027199eaaf53ee2598cd2201bd24e85afef2b6f99ee33f03e7012306daa2c562720df22b46297d663f6ab409324e7ab1b1a409fa5131da0ae0050b7b868136ccb413af6c867774e3bc6d10ca9ad846a7814e9a712f3c6f4b01faeb57282b7e8ad3d85c7997ec0f06a9caecbb16800b5645ec225a997896d3536870ad053d93d64b6fe421c2bdfc4f1328555c19a3ed4cc188bb0d80edd161b05826d30cd2e388458581f820ea15717f7534eece2ea5487ed3120dac3327b4380b871ab7a5dbd839bf08aa92a63fedef91e6855b2d078349ee12ffb2e4174b450ea366cf0f26e9f3244442b51f98c241a5280388d1c8673681aabbdb692a8f4eb35c0c362b7d05dec4af2c7a3416072bcdc4ea8553c67796c2bdd2cbee8151fb9b41033468e6451faea0e1e1e6e40c844530debba2f80210d850e4016ddcca9a9ab7bc7c1b32503e5f644109f5c7e674dbbee6a78d31d5ac5f083190ec481f4c8784ffe6eef88ccf6f075d038a9eb33e637d16ba1da12fb5a37b40116d7bf7d92f23eb5cc8f7eb2c436cfa100312e05f9ef5e08f253804f9a175f8369920a4eea4063331d46d1dcd805726b3427c070d766bd9a97aad1a540f2ef16a991e84c46619b8e3df81e9eb5a9bece51f527588a2ae046a06ce40c849de74d46f10dc496fd11d44ab2d98189343100f09717f4f4e79b91bc0891842f70a3c7f24ee02e2e84527c3d726fe0287dcb2e6e7ebcc4d7da182b507f444bb954991f9e89c2a58f7793c0b970b1cffba1053aa854e10661338092d71e5b396be5ea1c94b275e707c7fe953a7872553a4ac2f491f4ec047885e2f6be8ba777affffc83a94349c626c55b52765a444574649a7858f01e0ec7e894224df39f77f7668a640428e75c4516a47c97f70133db7deb1699ed3ab628d285629d77aa98f263dbe3bea1e02f55b1a8c61c5f1fc28991dfc6fab7ced020f7ea10b787bfe6c68018653128d7df1f8dd83f5280580e2b088c6ed79afb84fb1112048ff25c7d61db525657be2b5edf95fa3320ded19b0ac6ba132d0be33f4aebbeab121f7ef20c390d3fdd07b21c76611768bff48ce9dc4ff3b2694966d8827c70356692f95c1248588f61e9c13d7d498592880e03df3c44fec4829c67bbc3f7cc469032a44fb12b9d337c1d0931f1979f718546be8d7db0103b1621d68f3987ff8bb1c0ecda6fe507798739e8d839384845ad8ee894c1a2c6a0c40ab606a3746eb08fddd3b070519059616d10d8c2d71bdbb1b14599610684a8d244f02caf52025eab17180fb8e9be01f46697e461a49a4715c37b8f8e37737a3f3c082eeb441c209a39b9e4b20caaed8b7cab96496ff559004054b6d73b51500f1d5cbe16f0f97a1a647bb345df0aa34697178e7739c7de940da521b3307c538786c4244e3e9ded87a12d6bb36a4a23a53759cd80ad1edbf2e4fb57f87ea441669d788a8233fcaf139199cddccc669d435196ac391e0bae2e8530ae06d117a98588414c675e8f26ff6d1b877d239145b68f61feb8d5cc17f86ab32e84e22b8eca9311fd198d295b7a16caeefe21", 0x1000}, {&(0x7f00000013c0)}, {&(0x7f0000001400)="138c033d", 0x4}, {&(0x7f0000001440)="14583b1475f743fec0b2516399c4f2daa2e85ac1652986af457d3635282040adcf52758c38ae4374710b436af3f90cebb07e4b22185a482bf7f4aee83cd61d6c535a7bdd4ff6e16a0f6a449a58d2bd3a2a8f8bbb1dbe89032ef34697927bdf7e2e484d8503deaa8a727fdd91424da0b74c1c61a05578f679a1d4ba6c90711c97573031f6a390804d4060fc9c64563ea698848e133bf567b619d6f604ba4ca663b6", 0xa1}], 0x7, &(0x7f0000001580)=[{0xe0, 0x115, 0xfffffffeffffffff, "c2d710e4d66a3e7d97185b734f306c9fc4d5683b3e373fd591bd4b239ba08b03918959276e68b0e721e16291b004d008264e3736be5099cface97781df36775cbf68912209967daf885f31f6e9500700a73df1d4e14cefcfd28184c16acff77eb45db1cb755fb9817c0938e4eba8c8d216e6e71f43029142733d497cc55ac5905ffbf0a90856b7746609abb5ef3ab79a69608f87383a31d7657ef4399afdc2f8dc3861f46489dfb9a447b28a48e7bb51fbcc552c7f27748fa6a361f626704f8fef7fd8a6e771ee824d4a"}, {0x80, 0x196, 0x0, "2329f4d71818a88a2b5040ee33ea0a2865afe4fb44b227d1ce35d0f8095377fd95a15df2169ff3068a16c3a880bcc1860b52e8bac4be16b767a1fe2960f3f3c6fc938811d68eb4ac1fe5a4df0b81d54fcd4ccb842ab7a846acb6c206adaef52cd5355f7f501852323c"}, {0xd8, 0x105, 0x4df, "32cf543e0cd389a70e0832bc5ce1097aead4dc74a48f1832e39c08f18d32eff000a68485745a50fea105e8da995ee459c34f4f3a782cd5d3638ffb48096075300df31442267e749b68b58ef333072f0604a5998bd892112f8a36ebf1823137bb9fd651184dd7eba8889f6cf6ab4c4f3ac25d3a568ebb5506d6ba0cddd88917661e1fe1650c11542ae6608d90b58fb24fdf42b86575b964bac66117d7dc14ef3615dd86cb1e3e29cc7437cff47f54166f62fb5dc08b15c8dc7b2c88e7f585927e7235d3"}, {0x70, 0x1, 0x0, "ce0483029e7ed9e96c68d14df5a247aa4c0350169a839c02238f2e4967e980f54edf3045d541a216ab46ab2b64399dbfb6e9394fc1de3550ff232cbb18dfb6258df4a76422e33ec724a6208e30ab11761aafaa44b0e2c658087459541428d3"}, {0xd8, 0x0, 0x8000, "e64b6b4963b461e99e8771377d6fa3107972cae897ed8dcd5ba6643014f14bf014bfe91c573606ace38a60badf01fe5db770b3ed012e39533302e3c237a52a04a9a4db96f5170dd9432276d2bde7484af7565a9ee3dcf77d1ad20e14680c9e4c6a3945a4c96aea49a348ecaef495922be00c107711b12ff116e7bf83c80985197f827ec73cd1c15dc8b3ec0b3c3c6c22cfeade1bf5e20e62b4ac0a2f1d4ee8984425e8bef2a498e756240b1018420d955da8660d4ad2d69c443e49858dc467d27429"}, {0x60, 0x0, 0x2, "28b99fab4da49e42042ca349ccace1d07d9fbc5c510ce77fd7f56e8c2ff2d0c515d604c3b82e3264be5fbd960053894f32b815265540de7eccd01a26aa54368b5bd7efd51b22659b849c96f11e7937"}], 0x3e0}, 0x4000) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 642.448042][T24524] binder: 24520:24524 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 642.476674][T24524] binder: 24520:24524 unknown command 0 07:33:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:03 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0400001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 642.500998][T24524] binder: 24520:24524 ioctl c0306201 20000440 returned -22 07:33:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x400c630f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:03 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = inotify_init1(0x80000) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x40000, 0x0) tee(r1, r2, 0xfffffffffffffff9, 0x3) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r4 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_INFO(r4, 0x3, &(0x7f0000000140)=""/243) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 642.693317][T24541] binder: 24538:24541 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 642.704753][ T12] binder_thread_release: 2 callbacks suppressed [ 642.704763][ T12] binder: release 24531:24542 transaction 150 out, still active 07:33:03 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0a00001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 642.772218][T24541] binder: 24538:24541 unknown command 0 [ 642.798838][T24541] binder: 24538:24541 ioctl c0306201 20000440 returned -22 [ 643.048467][ T12] binder: release 24556:24557 transaction 153 out, still active 07:33:04 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x42001, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000200)={0x9, 0x6, 0x40, 0x9, 0x4, 0x8000, 0x0, 0x6, 0xffff, 0x3, 0xffffffff, 0x7b}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000240)={@loopback, 0x9, 0x3, 0xff, 0x4, 0x0, 0x8}, 0x20) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:04 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x0, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:04 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0e00001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40106308, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:04 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x82, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000080)={0x7, 0x3000}) write$cgroup_pid(r2, &(0x7f0000000040)=r0, 0x12) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:04 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0f00001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 643.654584][T24576] binder: 24570:24576 BC_INCREFS_DONE u0000000000000000 no match [ 643.663418][ T3757] binder: release 24573:24575 transaction 156 out, still active [ 643.681858][T24576] binder: 24570:24576 unknown command 0 07:33:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 643.709290][T24576] binder: 24570:24576 ioctl c0306201 20000440 returned -22 07:33:04 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x2000, 0x0) accept(r1, &(0x7f0000000180)=@hci={0x1f, 0x0}, &(0x7f0000000200)=0x80) prctl$PR_SET_FPEMU(0xa, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000240)={'vcan0\x00', r3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40106309, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:04 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c6000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 643.883636][ T3757] binder: release 24589:24591 transaction 159 out, still active 07:33:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 643.926063][T24601] binder: 24594:24601 BC_ACQUIRE_DONE u0000000000000000 no match [ 643.937319][T24601] binder: 24594:24601 unknown command 0 [ 643.952232][T24601] binder: 24594:24601 ioctl c0306201 20000440 returned -22 [ 643.986735][ T3757] binder: release 24604:24606 transaction 162 out, still active 07:33:05 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f0000000200)={{0x1000, 0x100}, {0x7, 0x1}, 0x8, 0x6, 0x7}) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f00000002c0)={0x6, 0x0, [{}, {}, {}, {}, {}, {}]}) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000140)) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40400a00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:05 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4cf000001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:05 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0xfffffffffffffd27, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:05 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x0, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:05 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() syz_open_dev$dri(&(0x7f0000000280)='/dev/dri/card#\x00', 0xfff, 0x140) select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x9) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000140)=@sack_info={0x0, 0x4, 0x8}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000001c0)={r2, 0xc0}, &(0x7f0000000200)=0x8) tkill(r0, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x100000000, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r1, 0xc0285629, &(0x7f0000000300)={0x0, 0xfff, 0x80000001, [], &(0x7f00000002c0)=0x100000001}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$VIDIOC_TRY_ENCODER_CMD(r1, 0xc028564e, &(0x7f0000000240)={0x1, 0x1, [0x101, 0x7, 0x0, 0x5, 0x25, 0x74e1, 0x9, 0x6]}) ptrace$cont(0x1f, r0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x40, 0xffffffffffffff92, 0x8, 0x0, 0x0, 0x2, 0x4000, 0x1, 0x9, 0x7, 0x401, 0x401, 0x1, 0x1f, 0xe2, 0x0, 0x13a4ca04, 0x4, 0x6, 0x1, 0x80000000, 0x1, 0x7, 0x5, 0x36a, 0x8, 0x4, 0x81, 0x3, 0x2, 0xb1d, 0x6, 0x9450000000000000, 0x2, 0x100, 0x7fffffff, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x4}, 0x400, 0x6a, 0x6, 0x5, 0xffffffffffffff13, 0x493, 0x7fffffff}, r0, 0xa, 0xffffffffffffff9c, 0x9) [ 644.388330][T24624] binder: 24616:24624 unknown command 1077938688 [ 644.411086][ T12] binder: release 24615:24628 transaction 165 out, still active 07:33:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:05 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000a001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 644.441058][T24624] binder: 24616:24624 ioctl c0306201 20000440 returned -22 07:33:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40402000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 644.553390][ T12] binder: release 24635:24639 transaction 168 out, still active [ 644.592380][ T12] binder: release 24635:24639 transaction 171 out, still active 07:33:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:05 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0xfffffffffffff3ed, 0x2) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7, 0x400) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r2, 0xc1105518, &(0x7f0000000140)={{0x5, 0x2, 0x4, 0x6, 'syz0\x00', 0x9}, 0x6, 0x10000107, 0x6d84, r0, 0x3, 0x800, 'syz1\x00', &(0x7f0000000040)=['vboxnet1selfself\x00', '\x00', '-\x00'], 0x14, [], [0x3, 0x1, 0x8, 0x1]}) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) [ 644.709558][T24648] binder: 24645:24648 unknown command 1077944320 [ 644.745340][ T12] binder: release 24647:24649 transaction 174 out, still active [ 644.771769][ T12] binder: release 24647:24649 transaction 177 out, still active [ 644.796715][T24648] binder: 24645:24648 ioctl c0306201 20000440 returned -22 07:33:06 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x200000000002b) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 07:33:06 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c130c001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40402300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:06 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x0, 0x3f, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = semget(0x2, 0x3, 0x40) semctl$IPC_INFO(r3, 0x3, 0x3, &(0x7f0000000140)=""/46) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) write$FUSE_IOCTL(r1, &(0x7f00000000c0)={0x20, 0x0, 0x5, {0x0, 0x0, 0x3ff, 0x7ff}}, 0x20) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000380)={0x4, &(0x7f0000000340)=[{0x7f, 0x1, 0xe0000000000, 0x6}, {0x1, 0x2, 0x4, 0x3}, {0x6, 0x1ff, 0x10000, 0x9}, {0x428e5887, 0x80000001, 0x10000, 0x5}]}) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) r5 = syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x200, 0x1, 0x8, 0x9, 0x0, 0x7ff, 0x2, 0x4, 0xdb5, 0x3, 0x0, 0x200, 0xe03c, 0x6c5a, 0x1000, 0x40369972, 0xffffffff, 0x400, 0x96, 0x1, 0x43, 0xed, 0x8, 0x0, 0x7, 0x6e6, 0x17fe934, 0x2, 0x7, 0xfffffffffffeffff, 0x9, 0x2, 0x7, 0x7fff, 0x52, 0x1, 0x0, 0xfffffffffffffffa, 0x0, @perf_bp={&(0x7f0000000240), 0x8}, 0x1080, 0x4e7, 0xd74, 0x0, 0x7, 0x7, 0x100}, r0, 0x4, 0xffffffffffffff9c, 0x1) ioctl$TCSETA(r5, 0x5406, &(0x7f0000000200)={0x65d, 0x7, 0x8000, 0x5, 0x9, 0x0, 0xdd, 0x8000, 0x8, 0x43c}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:06 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x8001, &(0x7f0000000080)="0adc1f123c0528fd3e31885d8a9b6d12b254539f7770") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0xffffffffffffffff, 0x0) [ 645.440572][T24673] binder: 24667:24673 unknown command 1077945088 [ 645.460766][T24673] binder: 24667:24673 ioctl c0306201 20000440 returned -22 07:33:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:06 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000e001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40402500, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:06 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x401, 0x2041) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:06 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4cc00e001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 645.696223][T24695] binder: 24691:24695 unknown command 1077945600 [ 645.735974][T24695] binder: 24691:24695 ioctl c0306201 20000440 returned -22 07:33:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40402a00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:06 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000f001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 645.935173][T24715] binder: 24711:24715 unknown command 1077946880 07:33:06 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 645.999265][T24715] binder: 24711:24715 ioctl c0306201 20000440 returned -22 07:33:07 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000200)={{0xf1e4, 0x7fff}, {0xa74, 0x898d}, 0x8001, 0x0, 0x1}) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x100000000085c831, 0xffffffffffffffff, 0x0) 07:33:07 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x32, 0x400) write$capi20_data(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="100001008283000005000000000000009000f9c5098a243d3035342c53caf737ae3c50844c774813d4abb6ca1750fa2369ea786017654bf9ce901864b0966e9fb1ea3bb9b28be9dcb1bfd3439f24ae04770046f31c923d0c4cc4a7ba3110e4b3ca500862c4b6c9cae8cff4dfd74de8519bb8268cbacab648941cb27c1a2937acc8bd337019275b14a06d4274884646eb692386ec6c26a6f65ec62535d8e1ea8b4e3f"], 0xa2) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f0000000200)={0x0, 0xfb, 0x111, 0x1, 0x200, "6dcf997d1a7629e1ee388412913904a1", "4ad6f6e9e0ac86b611ab317009ff74642d6919bf7199d57fbd8aed454f135e502981c14c49ff85723b901845442ec3551903d1e971eb63b1d166668918003cfa254a9ed6c365478d6185b2d161aed218581a5c6a67ef877a61af596938c91ed21d0cfbc216c8463b7d47d12766bb4050db2b3fdda1328037113056f7a9a4319d91fde400db8821c8b4ae3068693483a677efd18a9a485bdc2a1ee3a9607e7765e4cb14ce886feddba11fbf8f81c5f8b2157702225e89cd223691fc21c5f618acd07aac727a4f137fbfbb47864e30108085fb45eac3bdc9e0209cadfe6984bfa820c4c6e92ac2c51fe916d904bc4ab9c3bb94ebefe1cbc34ae8ca3a88"}, 0x111, 0x1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40402b00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:07 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0c13001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:07 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 646.643169][T24740] binder: 24733:24740 unknown command 1077947136 [ 646.671791][T24740] binder: 24733:24740 ioctl c0306201 20000440 returned -22 07:33:07 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0060001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40402d00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:07 executing program 0: clone(0x12102002002, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) gettid() ptrace$cont(0x1f, r0, 0x0, 0x0) r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x200100, 0x0) ioctl$VIDIOC_G_STD(0xffffffffffffffff, 0x80085617, &(0x7f0000000040)=0x0) ioctl$VIDIOC_S_STD(r2, 0x40085618, &(0x7f0000000080)=r3) syz_init_net_socket$llc(0x1a, 0x1, 0x0) 07:33:07 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0ec0001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 646.835910][T24756] binder: 24752:24756 unknown command 1077947648 [ 646.871496][T24756] binder: 24752:24756 ioctl c0306201 20000440 returned -22 07:33:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40402e00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 647.085966][T24768] binder: 24767:24768 unknown command 1077947904 [ 647.109310][T24768] binder: 24767:24768 ioctl c0306201 20000440 returned -22 [ 647.130291][T24768] binder: 24767:24768 unknown command 1077947904 [ 647.171685][T24768] binder: 24767:24768 ioctl c0306201 20000440 returned -22 07:33:08 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x1f, 0x0, 0xfffffffffffffffc, 0x0, 0x7f, 0x0, 0x8, 0x0, 0x0, 0x20, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x8000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) r5 = syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) r6 = syz_genetlink_get_family_id$team(&(0x7f0000000200)='team\x00') getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@empty, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@dev}}, &(0x7f0000000240)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000003c0)={'vcan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000400)={'sit0\x00', 0x0}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000540)={0x0, @initdev, @broadcast}, &(0x7f0000000580)=0xc) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000640)={{{@in=@empty, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@local}}, &(0x7f0000000740)=0xe8) getpeername$packet(r1, &(0x7f0000000780)={0x11, 0x0, 0x0}, &(0x7f00000007c0)=0x14) getsockname$packet(r1, &(0x7f0000000800)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000840)=0x14) getsockopt$inet6_mreq(r1, 0x29, 0x15, &(0x7f0000000880)={@loopback, 0x0}, &(0x7f00000008c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000009c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000dc0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000d80)={&(0x7f0000000e00)=ANY=[@ANYBLOB="74030000", @ANYRES16=r6, @ANYBLOB="00b55aec2a053249e60626bd70000000000000", @ANYRES32=r7, @ANYBLOB="680102003c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000080003000300000008000400030000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r8, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040001000000080007000000000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400030000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="ac00020038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004000400000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004003e3e000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004000100000008000100", @ANYRES32=r11, @ANYBLOB="340102003800010024000100616374697665706f727400000000000000000000000000000000000000000000080003000300000008000400", @ANYRES32=r12, @ANYBLOB="38000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000800030003000000080004000900000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000080003000b000000080004003f00000008000600", @ANYRES32=r13, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r14, @ANYBLOB="0800070000000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004000700000008000600", @ANYRES32=r15], 0x374}, 0x1, 0x0, 0x0, 0x4040040}, 0x40) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:08 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00f0001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:08 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) socket$vsock_dgram(0x28, 0x2, 0x0) 07:33:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40403000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:08 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 647.323394][T24779] binder: 24778:24779 unknown command 1077948416 07:33:08 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001300ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 647.370612][T24779] binder: 24778:24779 ioctl c0306201 20000440 returned -22 07:33:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40405800, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:08 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x4018, r0, 0x0, 0x2) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:08 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001400ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 647.605413][T24807] binder: 24804:24807 unknown command 1077958656 [ 647.662228][T24807] binder: 24804:24807 ioctl c0306201 20000440 returned -22 [ 647.742193][ T3757] binder_thread_release: 9 callbacks suppressed [ 647.742203][ T3757] binder: release 24815:24816 transaction 207 out, still active [ 647.796587][ T3757] binder: release 24815:24816 transaction 210 out, still active 07:33:09 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x8000, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000140)={{0x4, 0xdc4}, 'port1\x00', 0x0, 0x81856, 0x200, 0x1, 0x4, 0x7fffffff, 0x5, 0x0, 0x4, 0x1}) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:09 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001500ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:09 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:09 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VHOST_RESET_OWNER(r3, 0xaf02, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) ioctl$SG_GET_NUM_WAITING(r1, 0x227d, &(0x7f0000000140)) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 648.241850][T24830] binder: 24826:24830 got reply transaction with no transaction stack 07:33:09 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001700ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 648.288254][ T12] binder: release 24828:24837 transaction 214 out, still active [ 648.291233][T24830] binder: 24826:24830 transaction failed 29201/-71, size 0-8 line 2899 [ 648.322510][ T3757] binder: undelivered TRANSACTION_ERROR: 29201 07:33:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406302, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 648.368889][T24842] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=23 sclass=netlink_tcpdiag_socket pig=24842 comm=syz-executor.1 07:33:09 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x2000000000000000, 0x0) tkill(r0, 0xf) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x2, 0x80800) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f0000000140)={{0x2, 0x1, 0x6c5b, 0x2, '\x00', 0xfffffffffffffff8}, 0x0, [0x61b3ec87, 0xcdc, 0x6be, 0x591a, 0x0, 0x4, 0x7, 0x7f, 0x4e, 0x3, 0x7, 0x7, 0x3, 0x6, 0x80, 0x662, 0x10001, 0x0, 0xe6e0, 0x9, 0x5, 0x100000000, 0x1, 0xfe, 0xffffffff, 0xfffffffffffffffd, 0x9c1, 0x0, 0x6, 0x9, 0x4, 0x101, 0x20, 0x9, 0xfff, 0x8, 0x80000001, 0x7ff, 0xbfd, 0x20, 0x0, 0x1f, 0x47, 0xfa61, 0x7fffffff, 0x3c9, 0x80000001, 0x2, 0x9, 0x1, 0x43ff14b7, 0x6, 0xc9ab6eb, 0x45, 0x1, 0x81, 0x7fffffff, 0x1, 0xfffffffffffffe01, 0xc84f, 0x2, 0x80000000, 0x1, 0xffffffff, 0x4, 0x0, 0x0, 0xcb35, 0x0, 0x9, 0x7, 0xffffffffffff0000, 0x6, 0x8, 0x8, 0x0, 0x47, 0x7, 0x8000, 0x3, 0x5, 0x7fff, 0xfff, 0x4, 0x5, 0x8, 0x800000000, 0xfffffffffffffffb, 0x80000000, 0xf4d4, 0x9, 0x11, 0x401, 0x9, 0x6, 0x8, 0x1f, 0x4, 0x53, 0xfffffffffffffffa, 0x9, 0x10001, 0xff, 0x1, 0x4, 0x9, 0x160d8014, 0xd95, 0x1, 0x3, 0xf434, 0x5, 0x10001, 0x81, 0x6, 0x401, 0x1, 0x3f, 0x6, 0x9, 0x2, 0x9, 0x7ff, 0x3, 0xfffffffffffffb99, 0x4c, 0x9, 0xb5], {0x0, 0x989680}}) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 648.481806][ T12] binder: release 24849:24851 transaction 217 out, still active [ 648.491156][T24848] binder: 24847:24848 unknown command 1077961474 [ 648.508124][ T12] binder: release 24849:24851 transaction 220 out, still active [ 648.510097][T24848] binder: 24847:24848 ioctl c0306201 20000440 returned -22 07:33:09 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mixer\x00', 0x40000, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000080)={r1}) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r3, 0xc1105518, &(0x7f00000003c0)={{0x9, 0x4, 0x3ff, 0x8, '\x00', 0x6d}, 0x4, 0x20000008, 0x4, r0, 0x5, 0x2, 'syz0\x00', &(0x7f0000000340)=['-\\md5sum\'*.\x00', ']bdev&)trusted\'$securityeth1\x00', '/dev/video0\x00', '/dev/video0\x00', '&cpusetvmnet1%\x00'], 0x50, [], [0x1, 0x1ff, 0x80000001, 0x6]}) sendmsg$TIPC_CMD_GET_NETID(r4, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r5, 0x800, 0x70bd28, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) r6 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40000) ioctl$VT_DISALLOCATE(r6, 0x5608) ptrace$setsig(0x4203, r0, 0x1, &(0x7f0000000140)={0x10, 0x0, 0x7}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000540)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r6, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r7, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1b}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1000}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004801}, 0x1) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:09 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0007ffff00ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406303, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 648.681934][ T12] binder: release 24860:24863 transaction 223 out, still active [ 648.698320][ T12] binder: release 24860:24863 transaction 226 out, still active [ 648.715996][T24866] binder: 24861:24866 unknown command 1077961475 07:33:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 648.722625][T24867] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=255 sclass=netlink_tcpdiag_socket pig=24867 comm=syz-executor.1 [ 648.737879][T24866] binder: 24861:24866 ioctl c0306201 20000440 returned -22 07:33:09 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") prctl$PR_GET_TSC(0x19, &(0x7f0000000240)) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x214000, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @multicast1}}, 0x1, 0x4, 0x1000, 0x3, 0x40}, &(0x7f0000000040)=0x98) getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000080)={r3, 0xb50, 0x6, 0x9}, &(0x7f0000000200)=0x10) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 648.812909][ T12] binder: release 24870:24871 transaction 229 out, still active 07:33:09 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406304, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:10 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0002001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:10 executing program 0: clone(0x40900000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) ioctl(0xffffffffffffffff, 0xe2, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) ioctl$VIDIOC_QUERYSTD(0xffffffffffffffff, 0x8008563f, &(0x7f0000000040)=0x0) ioctl$VIDIOC_S_STD(r1, 0x40085618, &(0x7f0000000080)=r2) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000180)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$BLKRESETZONE(r1, 0x40101283, &(0x7f0000000140)={0x3, 0x9}) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:10 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/policy\x00', 0x0, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000002c0)={{{@in, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6}}, &(0x7f0000000140)=0xe8) r6 = getgid() write$FUSE_DIRENTPLUS(r2, &(0x7f0000000680)=ANY=[@ANYBLOB="f0000000ffffffff0100000000000000030000000000000000000000000000004200000000000000000000d101000000040000000001000000000000000000000000000000000000040000000000000009000000000000000004000000000000ae0000000000000009000000b9d29776010000000700000004000000", @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="00000000ff070000000000000000000000000000040000000000000042000000402c216367726f7570766d6e657431776c616e3047504c766d6e657431766d6e6574316367726f75702f257365637572697479766d6e6574317070703073797374656d00000000000000000058f1b9871fdce471258e4f9b1a59bcf497f82f93d9ff0380b8f322bfa34fd124beec039f9a06e3dba2f3274e3cba7d50820de904fe3fc4081eb42bee5306f0374834adfcf4b4d582110961820c329f9f2815bcb4fbbf787f052ff81f40bf71f9bdb1ac2467079f4dfdfc6bb8988952c0237bf02e34bf8972a8a721288c931c7d80d8add00b69179202a2dcbcc5e8dcfd817e"], 0xf0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:10 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x0, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 649.483158][T24896] binder: 24888:24896 unknown command 1077961476 [ 649.503192][ T3757] binder: release 24892:24898 transaction 232 out, still active 07:33:10 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0004001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 649.532304][T24896] binder: 24888:24896 ioctl c0306201 20000440 returned -22 [ 649.544391][T24893] IPVS: ftp: loaded support on port[0] = 21 [ 649.551854][T24896] binder: 24888:24896 unknown command 1077961476 [ 649.560632][T24896] binder: 24888:24896 ioctl c0306201 20000440 returned -22 07:33:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406305, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 649.703697][ T3757] binder: release 24908:24911 transaction 235 out, still active [ 649.739211][T24914] binder: 24912:24914 unknown command 1077961477 07:33:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:10 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000a001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 649.761515][T24914] binder: 24912:24914 ioctl c0306201 20000440 returned -22 07:33:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406306, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:10 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0xfffffffffffffffd, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000000)={{0xbe, @local, 0x4e22, 0x0, 'wlc\x00', 0x10, 0x8, 0x3a}, {@rand_addr=0x5, 0x4e21, 0x2, 0xc6b, 0x80, 0x51d}}, 0x44) tkill(r0, 0x32) 07:33:10 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000e001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 650.038473][T24925] binder: 24923:24925 unknown command 1077961478 [ 650.104205][T24925] binder: 24923:24925 ioctl c0306201 20000440 returned -22 [ 650.150762][T24933] IPVS: set_ctl: invalid protocol: 190 172.20.20.170:20002 07:33:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:11 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x0, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:11 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x116}) r2 = syz_open_dev$mouse(&(0x7f00000015c0)='/dev/input/mouse#\x00', 0x8, 0x111000) getpeername$netrom(r2, &(0x7f0000001600)={{0x3, @null}, [@bcast, @null, @default, @rose, @netrom, @rose, @null, @null]}, &(0x7f0000001680)=0x48) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x10001, 0x400002) recvfrom$ax25(r3, &(0x7f0000000140)=""/220, 0xdc, 0x40002101, &(0x7f0000000040)={{0x3, @null, 0x5}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) tgkill(r0, r0, 0x39) 07:33:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:11 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000f001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:11 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x48000, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) getrusage(0xffffffffffffffff, &(0x7f00000002c0)) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x100000001, 0x301000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 650.924057][T25064] binder: 25055:25064 unknown command 1077961479 [ 650.939888][T25064] binder: 25055:25064 ioctl c0306201 20000440 returned -22 07:33:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:11 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0060001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:11 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x400000, 0x0) ioctl$sock_bt_cmtp_CMTPCONNADD(r2, 0x400443c8, &(0x7f0000000040)={r1, 0x400}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 07:33:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406308, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:12 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00f0001200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 651.197291][T25087] binder: 25080:25087 unknown command 1077961480 [ 651.291381][T25087] binder: 25080:25087 ioctl c0306201 20000440 returned -22 [ 651.432297][T25087] binder: 25080:25087 unknown command 1077961480 [ 651.501899][T25087] binder: 25080:25087 ioctl c0306201 20000440 returned -22 07:33:12 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x0, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:12 executing program 0: r0 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x410000) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000140)) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_G_FREQUENCY(r3, 0xc02c5638, &(0x7f0000000040)={0x2e04, 0x3, 0x1}) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) select(0x40, &(0x7f0000000180)={0x9, 0x5f, 0x5, 0xffffffff, 0xfffffffffffffff9, 0x0, 0x100000001, 0x20}, &(0x7f00000001c0)={0x4, 0x4, 0xff, 0x8, 0x200, 0x9, 0x81, 0x40}, &(0x7f0000000200)={0x9, 0x1, 0x5, 0x4, 0x814, 0x40, 0x50d, 0x1}, &(0x7f0000000280)={r4, r5/1000+30000}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0xd21, 0xfffffffffffff3c8) 07:33:12 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00000a1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x4040630a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 652.120987][T25112] binder: 25107:25112 unknown command 1077961482 [ 652.154108][T25112] binder: 25107:25112 ioctl c0306201 20000440 returned -22 07:33:14 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0xc00, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = shmget$private(0x0, 0x4000, 0x78000086, &(0x7f0000ffb000/0x4000)=nil) shmctl$SHM_STAT(r3, 0xd, &(0x7f0000000140)=""/4096) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:14 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00130c1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:14 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) bind$rose(r1, &(0x7f0000000140)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @null}, 0x1c) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:14 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00000e1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 654.055679][T25136] binder: 25129:25136 unknown command 1077961490 [ 654.082930][T25051] binder_thread_release: 9 callbacks suppressed [ 654.082940][T25051] binder: release 25126:25135 transaction 265 out, still active 07:33:15 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) flistxattr(r1, &(0x7f0000000140)=""/252, 0xfc) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 654.120032][T25136] binder: 25129:25136 ioctl c0306201 20000440 returned -22 07:33:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406348, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:15 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00c00e1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 654.242343][T25051] binder: release 25147:25153 transaction 268 out, still active 07:33:15 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) io_setup(0x1, &(0x7f0000000000)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 654.297298][T25158] binder: 25156:25158 unknown command 1077961544 [ 654.315368][T25158] binder: 25156:25158 ioctl c0306201 20000440 returned -22 07:33:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 654.392784][T25051] binder: release 25163:25165 transaction 271 out, still active 07:33:15 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00000f1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x4040634c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 654.491812][T25051] binder: release 25170:25171 transaction 274 out, still active [ 654.507569][T25051] binder: release 25170:25171 transaction 277 out, still active [ 654.595423][T25182] binder: 25180:25182 unknown command 1077961548 [ 654.609801][T25182] binder: 25180:25182 ioctl c0306201 20000440 returned -22 07:33:15 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:15 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000c131200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:15 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x40, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3) r3 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x200, 0x80000) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000040)=0x2, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406360, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@initdev}}, &(0x7f0000000400)=0xe8) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000004c0)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @dev={0xfe, 0x80, [], 0x28}, @remote, 0xbf12, 0x1e, 0x800, 0x100, 0xfff, 0x10000, r2}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000440)={0x2, 0xf39d}) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x4, 0x9, 0x6, 0xb, 0x6, 0x2, 0x800, 0x8, 0x9, 0xfffffffffffffffe, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x72240820}, 0xc, &(0x7f0000000240)={&(0x7f0000000640)={0x214, r5, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0xfc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1000}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @rand_addr=0x4}}, {0x14, 0x2, @in={0x2, 0x4e22, @multicast1}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x69e5, @empty, 0xff}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x100000000, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @local}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xd3, @mcast2, 0x5}}}}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x800}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}]}, @TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x48, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @remote}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_NODE={0x2c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x732}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5a}]}, @TIPC_NLA_SOCK={0x2c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x214}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000880)={0x1d, "bb32f611903d0428a4fe76b3d15f0df61d3b14abc1b0bd1bd6eb7fcd1d8987a00e2d910224103fb992bde4849b58841c9abc719bcc17a13f348f8ae493be1f01f5a39b9290e0f1fda644b86e91d5b97cb82c75c5e502e99daa82d27658720d090654c04fd0c01745eccd00480c59c5113892182f18ad4c2d51aa9ce4c6812691"}) 07:33:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 654.978066][T25197] binder: 25196:25197 unknown command 1077961568 [ 654.989367][T25051] binder: release 25193:25199 transaction 280 out, still active [ 655.013664][T25197] binder: 25196:25197 ioctl c0306201 20000440 returned -22 07:33:15 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000601200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406368, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:16 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1800008912, &(0x7f0000000000)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0}, &(0x7f0000000140)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@multicast2}}, &(0x7f0000000280)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@mcast2, @in=@broadcast, 0x4e20, 0x80, 0x4e22, 0x100000001, 0x0, 0x20, 0x80, 0xc, r3, r4}, {0x7, 0x5, 0x3, 0x4, 0x3, 0x7, 0x90000000000000}, {0x10001, 0x7fe, 0x7fffffff, 0xffffffffffffff80}, 0x8, 0x6e6bb3, 0x2, 0x1, 0x3, 0x3}, {{@in6=@mcast2, 0x4d6}, 0x2, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x9, 0x8000, 0x1, 0x6}}, 0xe8) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 655.132115][T25051] binder: release 25206:25209 transaction 283 out, still active 07:33:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:16 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000ec01200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 655.214325][T25215] binder: 25212:25215 unknown command 1077961576 [ 655.289151][T25215] binder: 25212:25215 ioctl c0306201 20000440 returned -22 [ 655.321044][T25051] binder: release 25219:25221 transaction 286 out, still active 07:33:16 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x4040636c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:16 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x6, 0x10000) ptrace$setopts(0x4200, r0, 0x4, 0x0) 07:33:16 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000f01200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 655.682566][T25051] binder: release 25234:25241 transaction 289 out, still active [ 655.689436][T25239] binder: 25237:25239 unknown command 1077961580 [ 655.756174][T25239] binder: 25237:25239 ioctl c0306201 20000440 returned -22 07:33:17 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x80880, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:17 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000000f00ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:17 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x1c, r0, 0x0, 0xfffffffffffffffe) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) write$P9_RGETLOCK(r2, &(0x7f0000000140)={0x20, 0x37, 0x1, {0x0, 0x7ff, 0x2, r1, 0x2, '*O'}}, 0x20) fgetxattr(r2, &(0x7f0000000000)=@known='trusted.overlay.impure\x00', &(0x7f0000000040)=""/124, 0x7c) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406374, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:17 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 657.052009][T25270] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=15 sclass=netlink_tcpdiag_socket pig=25270 comm=syz-executor.1 [ 657.065202][T25266] binder: 25264:25266 unknown command 1077961588 [ 657.072924][ T12] binder: release 25265:25268 transaction 292 out, still active [ 657.087906][T25266] binder: 25264:25266 ioctl c0306201 20000440 returned -22 07:33:18 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000021200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 657.125698][T25266] binder: 25264:25266 unknown command 1077961588 07:33:18 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) tkill(r0, 0x28) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) fstat(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000040)='./file0\x00', 0x3, 0x1, &(0x7f0000000080)=[{&(0x7f0000000140)="f1da7fd01aa035cbc4ee90f1f2983823774a8fc545d6d0394c0bab52263abc99016ded59d952d1ab99d7c7553c2b44bfebda1b511e9e3c10b956fbc6381f7c3bd5c8bef8a0", 0x45, 0x6}], 0x10812, &(0x7f00000003c0)={[{@nodiscard='nodiscard'}, {@resgid={'resgid', 0x3d, r2}}, {@background_gc_off='background_gc=off'}, {@disable_roll_forward='disable_roll_forward'}, {@noquota='noquota'}], [{@func={'func', 0x3d, 'MMAP_CHECK'}}, {@uid_lt={'uid<', r3}}, {@fsmagic={'fsmagic', 0x3d, 0xfffffffffffffff8}}, {@euid_eq={'euid', 0x3d, r4}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@fsname={'fsname', 0x3d, 'eth0system['}}]}) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 657.180808][T25266] binder: 25264:25266 ioctl c0306201 20000440 returned -22 07:33:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x4040637a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:18 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000041200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 657.394547][T25289] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 657.413212][T25289] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 657.499617][T25300] binder: 25299:25300 unknown command 1077961594 [ 657.510986][T25289] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 657.534624][T25300] binder: 25299:25300 ioctl c0306201 20000440 returned -22 [ 657.552504][T25289] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock 07:33:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406400, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:19 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00000a1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:19 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) prctl$PR_GET_SECCOMP(0x15) 07:33:19 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x0, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:19 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) ioctl$VIDIOC_CROPCAP(r3, 0xc02c563a, &(0x7f0000000200)={0x3, {0x20, 0x800, 0x6, 0x80}, {0x1f6, 0xf0c, 0x1ff}, {0xffff, 0x1}}) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000000140)={'gretap0\x00', {0x2, 0x4e23, @loopback}}) 07:33:19 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00000e1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 658.220591][T25325] binder: 25317:25325 unknown command 1077961728 [ 658.256578][T25325] binder: 25317:25325 ioctl c0306201 20000440 returned -22 07:33:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406900, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:19 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 07:33:19 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c00000f1200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:19 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000601200ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 658.564104][T25353] binder: 25343:25353 unknown command 1077963008 [ 658.595786][T25353] binder: 25343:25353 ioctl c0306201 20000440 returned -22 07:33:19 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x8002, 0x0) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000040)) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000080)={r1, 0x0, 0xfffffffffffff000, 0x1000}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:19 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001300ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 658.691129][T25353] binder: 25343:25353 unknown command 1077963008 [ 658.728039][T25353] binder: 25343:25353 ioctl c0306201 20000440 returned -22 07:33:19 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:20 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) sendmsg$NET_DM_CMD_START(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x5002000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0x202, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x8881) ioctl$VIDIOC_S_FBUF(r1, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406b00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:20 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001400ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:20 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x5, 0x10000) write$P9_RGETLOCK(r2, &(0x7f0000000040)={0x35, 0x37, 0x4, {0x1, 0x100000000, 0x3, r0, 0x17, '*selfmime_type@vboxnet1'}}, 0x35) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:20 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 659.441558][T25392] binder: 25388:25392 unknown command 1077963520 [ 659.465534][T25392] binder: 25388:25392 ioctl c0306201 20000440 returned -22 [ 659.492408][ T12] binder_thread_release: 10 callbacks suppressed [ 659.492417][ T12] binder: release 25389:25397 transaction 325 out, still active 07:33:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:20 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001500ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:20 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) syz_execute_func(&(0x7f0000000000)="c48147d0cdc481fc50c364f20fb03500000000c4a12966ffc4a111ec2cdf26400f1a1065660f1606c421f5f24ff0c461855f3f64460f01db") r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x14, 0x129200) ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f0000000140)=0x7) tkill(r0, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$get_keyring_id(0x0, r4, 0x6) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000a300a1cd7c4b03eced5a834ea3d7a33df4c9d161ae1112447e1bc336b17671004afc55c81cd22bf838df014772cdf979149ec67c7c8f26b708ff7a6ddbc06ddf9b1da1d45a87a1b405eba1b5959f372669574b9096923dd12329b215772007d3e8e7810fbdc6bef45de8389eefc1813554e7ae993ae9ad2e07381201000000a304fe9d506cc25c326534a5e7730db2852fdf266dd0837e940988b76244f2fd53e12fd82136798e698171efae1c690a8cb5fd755b696538c386062033543b86f390db74be3d4d2ee4348d2da24b07f1c5890e923725c789905ee1ce36c7dfc8c6a857464f5b5a2268c9b15a8cb8a94627440f0fd77e52d3b6acd86d916adcf4df8593a7c5ed676882ca9a0badbabd646bb9d75c371e64cad99ccd0061f39981356324c1324ce94a97b3dad735d38aecef287cb543a47e657fff095117767dfe7e7630c8d1dd7adcd4c5adb0e1a3453056e8d9d442d27723352aaa3fe5ce9c4e3f6a44a949b74f71e4599a1d979c5140feaffd79ef46a48452fd37afc99d102a9bd5f35992e04a42db1b230000000000000000"]) ptrace$cont(0x18, r0, 0x0, 0x1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x7, &(0x7f0000000680)="73d3911bb427d72390165490ef55304085766d717604faf03d3ecc3c49831fba4c4f61ad46cd1aaf1dfbce3f5010089d47dff5961d040000f1116507fb5a223fdb8d48a3540653a71be2c38120e09124e3fccdc49d6779a20b8eaaad9b2d62137b94408a0921cd869c1a636a5901c4b6d3a0741b6fa5a5275cc2f4e7c34b191e8a4bb3d2c21f10abd617acbd535a40791dd9395c2640a2f4d191366a5115163d8a8bf8ca07b39a27abb9862c294f3b5d4105292436965dfd5c2e8cec936c40b7ca18b163a23ceef23aab5d80") ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406c00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 659.636004][T25051] binder: release 25407:25414 transaction 328 out, still active 07:33:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 659.704547][T25418] binder: 25412:25418 unknown command 1077963776 07:33:20 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001700ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 659.745017][T25418] binder: 25412:25418 ioctl c0306201 20000440 returned -22 [ 659.828586][T25051] binder: release 25422:25424 transaction 331 out, still active [ 659.852966][T25426] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=23 sclass=netlink_tcpdiag_socket pig=25426 comm=syz-executor.1 07:33:21 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() r1 = openat(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x400000, 0x10) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x1, 0x4) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:21 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x220400, 0x0) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000140)={0x0, 0x7, 0xffff, 0x4bba, 0x8361, 0x9, 0xf6fa, 0x7fff, {0x0, @in6={{0xa, 0x4e21, 0x0, @empty}}, 0x4, 0x3f, 0x5, 0x80000000, 0x100000000}}, &(0x7f0000000080)=0xb0) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000200)={r2, @in6={{0xa, 0x4e21, 0x7, @remote, 0x2}}}, 0x84) select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008812, &(0x7f0000000100)="0adc1f123c12bce688b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/validatetrans\x00', 0x1, 0x0) 07:33:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406f00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:21 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000000f00ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:21 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 660.363443][T25443] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=15 sclass=netlink_tcpdiag_socket pig=25443 comm=syz-executor.1 [ 660.393227][ T12] binder: release 25434:25439 transaction 334 out, still active [ 660.407590][T25444] binder: 25435:25444 unknown command 1077964544 07:33:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:21 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) fcntl$getown(r1, 0x9) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 660.446647][T25444] binder: 25435:25444 ioctl c0306201 20000440 returned -22 07:33:21 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001300ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 660.514298][ T12] binder: release 25450:25453 transaction 337 out, still active 07:33:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40407000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:21 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0xfff, 0x80) r2 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000080)='./file0\x00', 0x0, 0x10}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000640)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000020}, 0xc, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="500400001200000000bd7000fddbdf2504000000f0e37a0014004e00ff01000000000000000000000000000108003700", @ANYRES32=r0, @ANYBLOB="525a4aca00f4c2bce575d3ca139b2a175d751492c2e439859f682682307c27215ea803b336aa4d9fc9138e66e0665c4387c52a726536d7061f8d3f756202a3660d9340f6337b3421d69b43d85dfdc9a91f4d468b50283057eb795ba7d1cfdc987eafa70f611973c16f85b8a69a70ea8d4b14a71f2be0992f27b11eb7d1687e8aebf5f83eab7c7619721facdfa1c124f5ac78683652707ce917d8bc3b9198b2fc65705120ce5598e877bc6aba77c9c5787c95c2b57aad566b235b13ad0faf7adbdaacae1f1c8c3274bb19da970dcc10ad472eb656c25581088bf9e6c037ba156d3d39e2c77bd1b4788bf339dfc8001300a85b7f43c8afed852d2f56ded630f072b8637db49d62b78ec4f3a2b68b083104b90eafa5a297fc3ee75e4b9b284bf40acd4f2a321628fef761918eaebb441bf8c0f06439061e2a403e31131bad0847cb12359f663f492bd87b4236375dc0d4bc60346e26395ca9db1b7521398b2a6a18728bafd0eefa9f2344260f917b7ecc5f410a1bb5b0c398a3a19ff9c1f17e1626f3feba004285efe34fc90ce1182c0596f717a8ee7a4571a48dd95fc2526d9982c618ea4eec3277d9df99cc0d70ed8e9e687ed5000400210004001a0014004c0000000000000000000000ffffe0000001080227000800660000000000b02cdd1f9c6db80eb7bbd3c065c7c7137a411519c99256af11a25f76d58af4fcf3264ef40034c66e560aac3ed880587c0d18b92bd2d594e8c331ce94ebb099695a2bb7c6f9ba24c804164d96e4c20e332dcd2030e5e6f0408efc349264deec469becea4a367d33c60c362b207db93133ff81c1647406513007e31ec4b00a81980edf4d161bfecb48d9463bc91e9572cf71fc1c0c061f69cb125ef8c98536b332731c02e6ecfd768fc03f5c4c4edc323bf006ec43ee91f1d465b0eb83c585fc22bfbc1ec8caf68987a92e26e3affd23212470762e0efcaba3817cb2ddfeba8031bdb7f07584e13b9cb5ec50d6c446579cce1cb78fa07c8f900a2c725ebc8ec4bc1c089feab6dbfd200ecc951180b627f6a39818037bc432682a2b8822dbc189f18ff5a43e04ce2e2f92eb90a3ce9400f25fa248627cc519602d47637a3e3c44d3cf990f0e77b03e02820c77a4d349e7ea6cd7482e14d4b749315a8c1e8d76f67c0eb61216461e652c25051d4169fb394ea1d9fb71d67c983f5d2536c8e1d9a119bea25c649ccc2f2e12cf7e59abcb24074b0e7d8f59f6958b57c1de86d708771a474d44507de7bf673f94976b5298b3662ebf673fadc61d003009af10a03c00670010abf2aeb7bdec0f1c981824acf243f0083fd6d5330ed2af9ca46573fac903f1b93a32ff3ce059d4ab477dcd19566dbb5eff8a49612934000000000c00780008004f000900000014001100fe80000000000000000000000000002608005200", @ANYRES32=r0, @ANYBLOB='\b\x001\x00', @ANYRES32=r2, @ANYBLOB="14004e00d7227354ff270687d99056e6d0a877ae"], 0x450}, 0x1, 0x0, 0x0, 0x1114589932d1d72e}, 0x800) tkill(r0, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x4, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 660.649835][T25051] binder: release 25461:25466 transaction 340 out, still active [ 660.670698][T25051] binder: release 25461:25466 transaction 343 out, still active [ 660.679894][T25465] binder: 25463:25465 unknown command 1077964800 [ 660.722035][T25465] binder: 25463:25465 ioctl c0306201 20000440 returned -22 [ 660.755032][T25465] binder: 25463:25465 unknown command 1077964800 [ 660.781870][T25465] binder: 25463:25465 ioctl c0306201 20000440 returned -22 07:33:22 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000140)=[@in6={0xa, 0x4e21, 0x8000, @dev={0xfe, 0x80, [], 0x29}, 0x400}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x38) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:22 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001400ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:22 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x6c, 0x400) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000040)={[], 0xfffffffffffffffc, 0x8, 0x100, 0x3cf8, 0xfff, r0}) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40407300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:22 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:22 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001500ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 661.251701][ T12] binder: release 25479:25491 transaction 346 out, still active [ 661.266074][T25484] binder: 25481:25484 unknown command 1077965568 [ 661.279066][T25484] binder: 25481:25484 ioctl c0306201 20000440 returned -22 07:33:22 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000040)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 661.397673][T25051] binder: release 25500:25503 transaction 349 out, still active 07:33:22 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001700ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40407500, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:22 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0xffffffd4, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x400000, 0x0) ioctl$VIDIOC_OVERLAY(r2, 0x4004560e, &(0x7f0000000040)=0x64) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 661.530483][T25510] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=23 sclass=netlink_tcpdiag_socket pig=25510 comm=syz-executor.1 [ 661.602654][T25514] binder: 25513:25514 unknown command 1077966080 [ 661.635032][T25514] binder: 25513:25514 ioctl c0306201 20000440 returned -22 07:33:23 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000240)={0xbb0000, 0x1, 0xd8, [], &(0x7f0000000200)={0x980910, 0x4, [], @string=&(0x7f0000000140)=0x2}}) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:23 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001202ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40407800, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:23 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0x1000d, r0, 0xffff, &(0x7f0000000140)="40065b27f4b095f0dc52ab18721ec358ad33b5a53c6235efb6e8a3297b") ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:23 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 662.414869][T25532] binder: 25529:25532 unknown command 1077966848 [ 662.416713][T25528] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=530 sclass=netlink_tcpdiag_socket pig=25528 comm=syz-executor.1 [ 662.432504][T25051] binder: release 25531:25535 transaction 352 out, still active [ 662.457567][T25532] binder: 25529:25532 ioctl c0306201 20000440 returned -22 07:33:23 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001204ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:23 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x9f3, 0x20000) ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000040)={0x7, 0x3f}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x80000, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 662.642036][T25554] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1042 sclass=netlink_tcpdiag_socket pig=25554 comm=syz-executor.1 07:33:23 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000000120affd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 662.718038][T25562] binder: 25561:25562 got transaction with invalid offset (0, min 0 max 0) or object. [ 662.769169][T25562] binder: 25561:25562 transaction failed 29201/-22, size 0-8 line 3241 [ 662.809646][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 662.834064][T25568] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=2578 sclass=netlink_tcpdiag_socket pig=25568 comm=syz-executor.1 07:33:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0xa00, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x4000, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:23 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0xffffffffffffff74, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:23 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:23 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000000120effd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:23 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000340)='/dev/dsp#\x00', 0x6, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000540)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0x110, 0x1d, 0x304, 0x70bd2d, 0x25dfdbfe, {0x10}, [@generic="40e86c170159081bec475310e5b64ab07003d3d6cb13c4cb66fc1b61ac093e2d8726f5dbe28c8f3e191c6a75783d5ac388e01a6a1c534f79a7dd972f38322341eaa55fbb345094669f8ba6fff4ed31c052b77b64c28534e7394518b2c9fdcd3d75359231c6eb2adab6879c57a1e3b3e62117166c8fabbfd3d26a2a2307620df0dfc64cb0293b083dd7fddd456e542af769acf0a9a1d9c11920193ccfb3d663b5f32c60694e856e2abaa77cb7059e5e3473aa2a9e0e557ae80fac6103038e52dee0eef976c76286a40675b61420a15b2044b8f1445df7987d6135a8", @typed={0x4, 0x29}, @generic="f552a8", @typed={0x8, 0x60, @ipv4=@remote}, @typed={0x10, 0x12, @str='/dev/audio#\x00'}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004040) tkill(r0, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r3 = syz_open_dev$radio(&(0x7f00000002c0)='/dev/radio#\x00', 0x1, 0x2) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000300)={0x9, 0x3, 0x101, 0xfffffffffffff001, 0x4c75}, 0x14) ptrace$cont(0x18, r0, 0x0, 0x0) r4 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x1, 0x4000) sendmmsg$nfc_llcp(r4, &(0x7f0000000280)=[{&(0x7f0000000040)={0x27, 0x1, 0x2, 0x7, 0xbab6, 0x0, "8dc8f1563a2f7f7eb9626e6a9cd1176b09bce0bd62a5901d7d2b88880b241643405877680cac5bc1390fad7a937b97a26e8647bde72fd04618870792dd728b", 0x2b}, 0x60, &(0x7f0000000240)=[{&(0x7f0000000140)="cae8f270b5a34afd3488dd7459b29e857f7258a82103979ca6c47b97f5af8405fd98f4a65b10be6852ba40e7ea79f12711e124cbcf2a25249d03331b3159231a35cce2c524611ba7a7f19e055feabe2e1cdba312718caee146209ab4779abcba4c0a6631061e966adaac65c5e0f11a89f1f4f305bc3c59a249c853a01b17c2c2686fa89dd12c15bb67d86ad46c6d231fa7f25103947a246eddfb7602e5a9d3bb3b2ee0678716507f2675677729daa2024002eef16ca01e2d95910596de8192b7dac57fbbc332f2995668", 0xca}], 0x1, 0x0, 0x0, 0x20004004}], 0x1, 0x4000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000580)) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 663.110130][T25580] binder: 25578:25580 got reply transaction with no transaction stack [ 663.124249][T25589] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=3602 sclass=netlink_tcpdiag_socket pig=25589 comm=syz-executor.1 [ 663.175297][T25580] binder: 25578:25580 transaction failed 29201/-71, size 0-8 line 2899 07:33:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 663.216926][T25580] binder: 25578:25580 got reply transaction with no transaction stack [ 663.217118][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 663.236578][T25580] binder: 25578:25580 transaction failed 29201/-71, size 0-8 line 2899 07:33:24 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c000000120fffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 663.294413][ T12] binder: undelivered TRANSACTION_ERROR: 29201 07:33:24 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000200)={{{@in=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@initdev}}, &(0x7f0000000300)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000340)={{{@in=@local, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@empty}}, &(0x7f0000000440)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000480)={{{@in=@remote, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}}}, &(0x7f0000000580)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@empty, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@multicast2}}, &(0x7f00000006c0)=0xe8) mount$9p_tcp(&(0x7f0000000140)='127.0.0.1\x00', &(0x7f0000000180)='./file0/file0\x00', &(0x7f00000001c0)='9p\x00', 0x108000, &(0x7f0000000700)={'trans=tcp,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@aname={'aname', 0x3d, ')'}}, {@access_uid={'access', 0x3d, r1}}, {@dfltuid={'dfltuid', 0x3d, r2}}, {@privport='privport'}, {@posixacl='posixacl'}, {@access_uid={'access', 0x3d, r3}}], [{@uid_gt={'uid>', r4}}]}}) ptrace$setopts(0x4206, r0, 0x0, 0x4000) r5 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x101001, 0x42) getsockopt$kcm_KCM_RECV_DISABLE(r5, 0x119, 0x1, &(0x7f0000000040), 0x4) tkill(r0, 0x200000000002b) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r5, 0x84, 0x21, &(0x7f0000000080), 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) fsetxattr$trusted_overlay_upper(r6, &(0x7f00000007c0)='trusted.overlay.upper\x00', &(0x7f0000000800)={0x0, 0xfb, 0x1015, 0x7, 0x6, "83246dff063316ee8f24f90acd8b08fd", "c43d122f3d4649730544981d3510ed2672b192c44c1983b900d9b4350b0b4fb1399bf77d0523e41977d2eaa3370f10e11cd812e76b72a89b7495be644d0526322ee179e7bc080ba5ad64ae9fd8cc14ce068eba7dbf5051ab5c06f848cf46406651145bd79244915e075e999feb967ca23c16b5075143028c73c3f78bea0db9dda2dae300a8baf883d677b5c05e2a94be27d7f567e47624a779d176bb6be6ebb25763b100e467e6002421642f2102aa3027f6b611bd14490107a83d31b160707df3b7fd85384e6c0c265bc675111975cedee8befa592a35b9b44e5383a643db197c01a8434b2421da67f55326728fb31198c6ad976bc61d73adc2ae2624bb277569caf79eb1772437f777d50861bf2c033f2ca6aa0c413b9b1b72d420ef7d3310b473c114a4494a4ec789f8d56606cda1e80afd39105396a5c38b831eee798e82eca4a436d779cea591cf77aa37dbe983b8a4320d1ee01729c4a6ad5da281eb3073667544a5f110c92690e8885dd2b60bfaad58c00831b73e205cbb68c7609c525b1b653b689aa8b2948d608baf4965cf43c5cb85103306b0283722faae375440ec16582d9c255eb26266dd341cb7cce3b9de7d4db4aa3f0c67a0cb110564828c9599e25a89a388180b62d2f933129e89dbc0787e38a2721ac4197c7ad53d0e86d81bf27f97644c654cbcd31857422eae1fbc113ebf22253adc8926770a5506808da145ebe39088575db47ca5ebb1043d9a2de926f181cecc2709d4fb51cf34c63bca5b16384a3e845140e5a450de5b26647dd7d6891dad3c139b1da79a7f28ccecf9d1bde0cdec38b28e8ffa8c729efc82f2d7ba24679ec8b05f5b7fa763adaec0cad3705367531c6d5dc4e26e8fa75de1062bc25d29ab11a2dac6f493ac84efa6f12a5ee3ec4b2e110afff378d742b92a6d02d1ad10351d4753f2ad90d57b94b1bdad888e1bd8b414d6d7fac6c2055bcfa693187eeed0bbb95aafac7b5c1e1df815b510924609476b0040b6a78106bea24ba0349e8c2ffcdc02edbd07ecf04063bfc021383025489279dadba569fb365ece83d7f6bb0bc536c2783ffe42f58612d0bcf5a6a622495b41b8477ab4862d7743b202ff2c9290ff9be52d065b2ff8f498b221745d8df428ee7fe514c79d13aefac4b5406e04f3d2a4c48be82bf7d7270dc122fbabf8143266c18f374d91c1929a913d83fe419afa61b4b4b5b3e707c77a918832489e95408568bc3ed466ecda6775e0b28f036f8f427db35fa1a05cd0a31bcf0ba877729a9bb02dfa614e6cfaa32b3bb279920eba9528ee6d065a2f5dcfa4da4a7cb6c7edbffd29887a583438e4cacb68a5459d5ac1347a7bb1f279c245ea39098eb7f64ca2e20c7e316718cb51d5be41498529a32669081744d461d9088608cf473fc4893c8e9d066dbc34052f45d1543fe14d80b4738913faaae74cb7fc20fd546e6d2c13f794f7ca26af658f1d71a0e6b28aea2752bdacfc411bc75a9e3ba588459df2d2941940a4e40bb86d16eac3e778520ea5695422234e762ea1795c198cd350afa6bc1bce17da1693394b804421e6d59d58decce53ece1e62d88574cd0c559e4e77069f65baf08134b0a0820a0115c69f1481ba8c739aa2b6367dae2af11354b074e7ce91bbc804d9a77aa5edb8e48b0eb7424aad232d3b65cc600c099eb1459c4a8fb4600b03dd223489c841e8446627483ea58d352919ff0c551e33bcc2b3fa1ea4a20a230fd47fed074863b5a05ad1139676b902210d0af6b0b9ab8c789633a319e1df5afdffcfdcd93419046487187be91f7282026ef1b3b8d3ed2df3f62458ae3a4b18557a8ee0cf7a0ecd0f27c8dbbf72f015e81fc41b9fafb7a92e1e8a2bddfa3fb3bbe366678f3cc8d58421a0e08f9c0630e448cb798e4f1be9300acce9810ebe1e59ac45b2786f172452091228e5bb5ec39eede6502ff227676b411656a058816b6c466114da85a15f9c543934a40dfb95b2e519e6d215df98f63eb51efa96812a86499c7bebbe1d2ee4e6f97400cff98992ef119aca7550e6cd16f2d0477a983ee4c0d5f60ae40a4a38aca651fe45684812ca57b3bdbc11df7e85eb8f057d7af421038174ec07ad362b51f577d10444aa7fdf789abd12f0da283af5824091d7076e1cb1353162333e9b322c5b9286e83a895ace73b623b1cfcc514616a5729acbb73b53bc7f207932ca4eb858d329eb3e9118bf7919d909c6c45ccaaae83da4582eb47099d9e1f93cd3d244f333f53e131595eced705e83079a0e5e2f7d960ac365ea78104ae28ffc37b0be3f7294086805a66441d275c385927e1d09bcdd868472037c04c1d0d8daf2556969144c55c28733a00050800ee7fd8f27ce4ee4b1e0a06b522fd096fc58ea05e31f721cb9cfa1b4ea16d7044bf07e948db68fcee7d4a026295d1b0f9736bb6b6fd09c2db8665c46985b6bd7f060e98723adf164ff59c9467af835c7be27a61d996d4a91f01596d83aff2316f8c18bdcc6dc4663bf0caf5987f240abcbd56536f237ccedb50542d4e912423a01e584387cbb10f391eb17ac8f583cf70cf535f49a84bc33a8c3e5b647a8dab2dd3be5c46c5cfbdd4dfa131105c6c17c8ea920966f6021a240c56539aa2153856d71d306755ed5134f3b12e471c5218963e88eb28a484ef0190c31569d30e4370f82f35c096c7abeac5ee2948633bbe143d3ad5a5adc7cadf26ea3361e1cb4797a06f87d81466353ff11a6ed9a303d185692099e6fb66b541596286be4e17fec7f2c62b6ee652e303a137ce6676385ef299dfa91bc7371ee9185c18776584f42770278d1c10f281e9824adbe5b72e00d378db523bcc8bbedf9b23ee32d4d0e1560b4655b3b9303cbbc765e335425bd4045dda88450c6ac3fec52fcc0f45268909198eb57063ab2642b99c518caf3f64c853a912b897b01783ba4b56f5f4d144ed78a7b21849f023627cac6662b33b087e9098dda3c3e604087ccda8cacc3d9b157b7e41518aff2f8a9aee2166fdb8486c308a3ff6208e4bd4dd996e15728e9d258303ad4c82fbae8bbd04784121c515e69d9d1abb5dc9665fc3e76a20d9f0dc4a7082f7705421a2005212314d0f8fdadb64dd83d70b53ca16714a692da0b8ec020f0a067cdec4c75177a80a17c2ec30ee8b7dd20f660f9379940b9e02839d94875bb1c179b7950f77204893e8b3828281d6958e13ad65c7ee020574ebeacf3eef4351cdcf10aac6ccd9a1d9113fee30b6e4ab9497baeb0bc9b5d2b49492c2a0931c472353ae09594148c79261d0f61ffc74c045a28a3676acb88e05d7336cbe7ac6ec2b5d87bdf00d104eb30679515d2757da8148ece31f24cbea201654e4aa84874e553b782a2204d3625627eec6fa486bdedd74de59da7fdec82cc28b116866b484020bb72fb76a864852539941ff5c88e24d459846262aba1868e2deccf2e994f9e3e07b0b9e360104f7c68ce1c9c6ec79f9fd826e45ae66b5acd36237d6b1f89534e9b45c88cdd7af91857fc94f1a9aea22aaf1cdc668149d11ed16166d391db13e78d701ea6957cd44014e31a1d1c231576f417264366163ba75a40b1a32e15e6d9289e2a5c8f860df27efbc54981fdd48c925d5fc203f606017292ea6337d000a7aea9deebd0174492acce1c53a62c552ea8abce271ad613ef7e6d52d902401ec56a51c1008e79463bd05443037561917e7d9368d9b310e8187d76ab7587dbd9e3a8919aed69abf2f726238f8f86f1f8351a64c28e7249f719b4e77c003d7215f412ff4ac941c3054dbf1ffe9bc0fd73ca9cbceb361b5dd3e5734de2f68043afa9735bbb8a2c7207b1c2dd74b8372729db7d68f041b03b9cfb404280745352ddb74fcb1f8e09c882c9a9baa94174c389b65680021566735b514040cfed21e3836b5a6a049836c9cee43b22bfcfad6287c8c324d61be40c1ee1e021a8c1254c9b1ab80e372c64892b0b9f58ee67f00752578e653f91703619e8fe0cbce5392265a279dfd2763d8497823036a0d31a15f1f708a8e0782b8af86ccb8617910ec243f0a8f9a3412ba3149f28a7956f425a22599cc7cfa220e6c705e7c3433739913e83892a003573d1a1fb16618119c040245491594e354b94f43b24512cc153f8273316aff9d71beb70152916e6444d41cd3d987a6a1651212079838b06ab0a83b24b457bbdbd3b068e3b7b8820577428583e77a54e0748cf736d000c86bd2c1c7be15e1f893d78d59d1be8afe7073240292a9cec721c7b8c94ab7bbf401589b4e4442952f6ab7aec9994e56036987c46b7ddf0bdccb039bd58fbd00a51591e4ba08e797d08372b348987b0fcbe1689c4eb73419d681d98bf56612e1cc30df14456ed9d57f11d0c694e70e492fe6594dc4d14be554554c00ea269e3960932af2efc7f67274e76f400ca0c4fe6a334b424383708cf3c0958664a6ee0d94ac48529344af8c6235e292ed94501ac0dc4350d1ed0e1e8ec032c7ad3138d00c4b9eac1e8d3fe70441f4d8f27a10a40a4d2eda927d0dfe5d613ad2fdbee827cefe8846c07388e5a7bf98f985df0cdc78e7b0d9c0130dfae5571cd231e0bb126fea7324d0c01d01293b7b23bc79a90909c0cae2552954621aefc8770ef520264b0257a47353b2ae7b6b3e081d954ca795b0112fc7f8001148811084dd10ce2c757b7dc2cef2b38ab47f923416e1bd845c2888048271ef76abeb872c830c9c930711168667c3a3e602c72e61a88ff1cd85d37d17afaad6da06c589067bb8fb1b48020491847a77ec3ee7c1e8ef2dd8ca266b69436f6c0a33e42328213e1aa2ef7a8c9804f3ff14640fba0928371eac6ce413bcbd780c2b0375894944216d752bd9246e79aaf97b0b35f2987c3fc03492ed4decfdbb8f17bdee86fa945fbf32722d1b395319acfc9822702b6c1ce049617ec3243a6c6a4ff5efc9bdf569e45b411ffc70d4b208b5ae0e3c9426e1e356d3340bee857a29e5a1f47de4ba777ebebbc51ef05d55869453ff8c9e7f7851968e8a9fe674785cdb595fd08d500fa5ddfd1246685c548c5fbbed1c31897894c95021fcbe0346a67d087b390c997ae6f275e02efa5fb2a863d80a8378e0fe31879b138a35292911927b17da8fe7bc604bf5dede6ecb5bf23ff644be7442afca0f0e84cfd6600f537654b7428397789c3e8ddfb840235c5703dab756e670b9b92a7ec0e318e6cc3808faf5d945fe9e4a0068adc337f21c51e1aa25564fee3b3fb6a5123262234af6eedf5081f382a2de0995260830dcb5a2018c955dd6f74524bd9cb5786d7ce69a29f058b7f690130aedee1dc715b77f1be6a22bc26cab99c9ff1c1d634d52c1c017347e410431582ac3631ec2a7fd12ba00f9f3e956d7349822b908f3e982ca5374e1c52a6f8c3e6089558d12d6a6f7f1428308e8ca132f1c8256d4d310286f62773512f9fe736a33b7393aa5219ed363a79633e66cc90313effc36bb114f89170a7eb7c2fa77d61e57d2ad6b2eb87cebc00de655d29d7d0917d1b5f00e36b35c138887654351537de68479f2829562c2ee2ac44976aa8926208aa657ccd2953bcdafb64e73797d565c318fd76980aa701e0bc2144aee8e9017964c1adae7acf32be87fae6ccb97365afeb726d3e69db2d32dc7226ae2b08b9820009f5b9038bfe5e5bfcd7f1511f80438194d8d616c0afe29aa61e02dbebf77d1f1ca749dc39a1f6c2b65169e190ef5d8408bdcf84c3ccb4d2716bd44018ccdb0a10bb0637c2a77ff80fe8db696671a4fd43247032fc6fba751f0968c7c87d20828b14d431137f7225cc6ee33f77a5"}, 0x1015, 0x3) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x421, r0, 0x7, 0x0) [ 663.425189][T25613] binder: 25608:25613 got transaction to invalid handle [ 663.442363][T25614] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=3858 sclass=netlink_tcpdiag_socket pig=25614 comm=syz-executor.1 [ 663.458509][T25613] binder: 25608:25613 transaction failed 29201/-22, size 0-8 line 2994 [ 663.511411][ T12] binder: undelivered TRANSACTION_ERROR: 29201 07:33:24 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x1, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:24 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:24 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001260ffd5acae259567a2830007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:24 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x400000) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000040)=0x200) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 664.122556][T25637] binder: 25629:25637 got transaction to invalid handle [ 664.129890][T25637] binder: 25629:25637 transaction failed 29201/-22, size 0-8 line 2994 [ 664.135588][T25632] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24594 sclass=netlink_tcpdiag_socket pig=25632 comm=syz-executor.1 [ 664.151177][ T12] binder: undelivered TRANSACTION_ERROR: 29201 07:33:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:25 executing program 0: r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) fsetxattr$trusted_overlay_nlink(r1, &(0x7f00000001c0)='trusted.overlay.nlink\x00', &(0x7f0000000180)={'L-', 0x28b7}, 0x28, 0x2) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) getpgid(r0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) fcntl$setown(r1, 0x8, r0) r2 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x802, 0x0) ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f0000000040)={0x6, 0xfff, 0x3, 0x4, 0x100000001}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:25 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830207c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 664.261640][T25651] binder: 25650:25651 got transaction to invalid handle [ 664.300772][T25651] binder: 25650:25651 transaction failed 29201/-22, size 0-8 line 2994 07:33:25 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830407c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 664.368481][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 664.372322][T25651] binder: 25650:25651 got transaction to invalid handle [ 664.407185][T25651] binder: 25650:25651 transaction failed 29201/-22, size 0-8 line 2994 [ 664.429158][ T12] binder: undelivered TRANSACTION_ERROR: 29201 07:33:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:25 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xe, r0, 0x4, &(0x7f0000000040)="59309856affd57c5a8ad8a8f4c9d539cc90efa54434b27aef01ddcfa4181aa2af17ef3b0c2bdf2a9960120b21f3b8d1d874547ad280ef4880a9875a65efcf3") r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0xb4f7b2c57f3379a8, 0x0) ioctl$NBD_SET_TIMEOUT(r2, 0xab09, 0x2) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:25 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830a07c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:25 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:25 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() socket$inet_tcp(0x2, 0x1, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x8000, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000200)=""/88, &(0x7f00000002c0)=0x58) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xd22b8bf6) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:26 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830e07c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 665.081836][ T12] binder_thread_release: 10 callbacks suppressed [ 665.081844][ T12] binder: release 25672:25673 transaction 392 out, still active [ 665.082492][T25679] binder: 25674:25679 got transaction to invalid handle [ 665.091698][ T12] binder: release 25672:25673 transaction 395 out, still active 07:33:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 665.139106][T25679] binder: 25674:25679 transaction failed 29201/-22, size 0-8 line 2994 07:33:26 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)='\x00', 0x0}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)=r0, 0x4) r1 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x2b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x400000008800001a, r1, 0x0, 0x6) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 665.214386][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 665.242463][T25051] binder: release 25692:25693 transaction 399 out, still active 07:33:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:26 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830f07c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 665.359173][T25708] binder: 25707:25708 got transaction to invalid handle 07:33:26 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2836007c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:26 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2d) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x1000, 0x101) ioctl$SNDRV_TIMER_IOCTL_START(r2, 0x54a0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 665.410290][T25708] binder: 25707:25708 transaction failed 29201/-22, size 0-8 line 2994 [ 665.426175][ T12] binder: release 25704:25711 transaction 403 out, still active [ 665.440031][ T12] binder: release 25704:25711 transaction 406 out, still active 07:33:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 665.493171][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 665.573160][T25726] binder: 25724:25726 got transaction to invalid handle [ 665.598122][T25051] binder: release 25725:25727 transaction 410 out, still active [ 665.634341][T25051] binder: release 25725:25727 transaction 413 out, still active [ 665.659962][T25726] binder: 25724:25726 transaction failed 29201/-22, size 0-8 line 2994 [ 665.687318][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:26 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x0, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:27 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$void(r3, 0x5450) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) fdatasync(r2) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) pwritev(r5, &(0x7f0000002740)=[{&(0x7f0000000200)="3c2775e45f89bd697526685ad90917c15d8ee54592cc605b1fe32945356ba419d4cd1561785d72a9a5acf7ca6a1107e3ef338e688609c5fae727c40e5beb218502de80390e4b0a599b69030f933480c0aa579048c9641d99010931ce542f0661057e05071c8b202d9a36abdc50f273", 0x6f}, {&(0x7f0000000640)="3654fbb55c7a1008d20db116139efa17e2d04a68467de3969b466e9cb21e6bc529e97163b4dd4f4a2d8d3ee07a50c86daf0bfd6a7bed87eca5857e68503eb60c8b082a2f33d3f78b223bb6b4e1aff88907597de4c78c52cf1b2ceb12251e2567bef9cb96c6821822f4b8631b1eaefb3d6396657dcc18d289cc8e8c391b689dc947e300de8e2fe83d2306e43569fbc6d127b61cd89635a4fa908337ad3077405eae3609d1422329236c6dbd462d068551ecf820304a46f08aac186dd97ce3e0713474a6669d3eaf74dafc970ede081853ef8e726bfbc834adec363bad9ec25ad81077f453b0f208638527a2ba38898a552deb0d596c5f8413af128eda45b3767152c7e7344fdb27bd5c0575a20ced0f0584cb55109a9aa174e1ebb8dea6e3152dd16d8bd343993b065dce7e23ee449d7afd76d6f2b770e1ccf4c0afd964d3c4d199a971cb26e5b0ee45bf886adddf38af3c93abe2132497a7f792d2c6002dd81110bf52b43f621ba5046dc522db3c2a2b51addee295b99d68b72f34107382b212b9cbf6ea6122c70bcbec8772a30e5a692d627a15b3c491d54858c927eb27bc72883b1adf619136fd4b4871b8f6c0eb20a06a4fc9fea558369d5a18b4e4697f34395bfa2fe23318096a2872ae21df6832cacec9fce41b0edde9067818830b1743d4e6a428119d88894a9c28361cdbeacfbc6f01b2bd261870bd5e30b97b9518709bc0b76db48b43ad59e47e32f31a818bd3ca255adef4881e88c6177c86fb219d6e0bd41b0b81c165833dd7da63a8c29567e0b8962cde023e15f102fee3999b2dc2c6daf38cb879129b48efb53b6a52c9d8b53492f8c01c5bcb96b1fc68320a6f043849075d232c6ab4a9a8e564fb45bae25b27993222f9b7ec730a784046025314c31092bfe404caf6f60faf603bf0611db73672d7e80e6d904954d8b1591ae6725792aee8aa50b410fe0caad6e3b1c3cc0620e26bb3615229365b97d71b28aa196c00164b17c84cee01763762dfa7e3cb9ed9c648b5bde598f7618d16bea9af16cbad582ccd5931e4ce3be21349dc3ef9f0bf3b5db598190c814a59ad5d399905c64043d6e64985dd7ba55ebf01e60468bbf002b3a515efc6c6befb16d48cb5007931c3998d69621b1fd4f5859e4f102ce076d0e33f2fae9cbfea769cbd80d20d5c34698835418866b8ab3b886deec919d01f475310cc292529223569b1dca491c0ea846e207e79604039bde977388e3a5949e4a1ff980e566c874ec9792917276e2e6a326e2856856b97f9bcdec1ffc9ebb5c703a0b1f88ba5d07482240c890a8e825c5888d6542c19b431b7ea0957791e3aa5d37f524746e3c40dd8aef4c2821eba5f45875966c0ef5936d301467957f74f96cfe87f807b2311e9b914f160afc2893ae910c088d21f6a049b7128d61291e0601cbea2a18aadf5270acfbc657a14cf20cd94b2e4627e3a4019997ed903558f3fe82e1ce7e0f62f8ac73f35205f62ebd335ccae80173874dfda7f075684ca7616dea76b5369933858019ce123f6d109876e6cc9794bc5f60751878c3d410e0ef18fa1a5ffe7977127d1a0dd8989d03dd4d396be250ea35b164fea3daf6fb61bc879f63e063f77bcbfb90b15a6990f74546563651b4b2e46eaf68b0e91f7e0045b4835ad3e48886a7a92580c84c5a4df42807db34c417b5b0bded4eee53f3f217b1d74e3a1ebdd151c64c2590d90c22597c9ffea06f1eec929081d69d61da9b8ed823e3e46daca679a7dd5555b3c688a0e7ad3b375768bd27225a9760f18e5346122f87d51d227f71b5eb6579b2da540c80a6d72b3a09758cc0abc93886b9af73bd42ee6dc1bbd15115b42449746046bdb57b07a0be9562d92696e2201bf38293388f2b2467778c58b9e832e1d223122a2e337d95021a5764ca2dddbdb13b50c673d0685d6fb951ea4648b2192038251e4d8d926837a8cf53128b8a446457ad2f179e88684eccc9e72eadba03d29a179b456e3595a26146d425e081b418710e05894951102db36a4e3a8775e1bed2b498d908abd13f6f3c4f2e881212554e5ec32524ca6d87563b0c4bdba797fa629c38f9b9bee44e1249bff939d509466d9a6c797610e4173783c93a2323491444c14ea5bab95c3b171c424783fd41e47f22f8daf2ccc3f1b46ff55973233809d9a428ce9f84ca96a8659af05670dd1b9674b13485cb5b89765a4307afe7f15a726fa3cc22e94a6cb74f4e912a2bc9c8f959a3ac4d730f62ffa40e6a65bcfd1c348721244497b8565e17d61fdc65a41af02923f6186d963fe17cc801c5e4255f0e3d6dafbefebe85535d5383ee26524e792c23a13f5c10679a916bd705ed804a9314d08be28699ebc60ab79f1f13224079fb7585cc236c3ee5e6c6ede3f2b121391984ec45e0f5cc7d13df66b35b49f2afc1dd92e368aa5aa681a9592c60aabf592babfc91171b47cd17a00affb6ae936c2f23d86daa12dbb9ee3540aa944eaa4db2d0c2afc7d5a6fba63331fb1c32b7149a75d1f08e9dd4c1ceb567c84c39ac32635af0a63780dba7652dd2a861872bfbf155f01cd9a388680a2be715f749e93dfff14133363a6a6608ead4ee4d59dbf5f137c7b00756e71330e71be67fef80419a4150e774da681026d65901d6ae7b6f8a9950ac19a4dac5dfcdb18546287e7efcb9cacd33a7afa56e3d63dafe6aeefe81eab08e2cc06a56b47307a827aab29526d19ea8d01aa5ca73b802b935f973dd365d6fb706ee01682ec49fd200f54562a429b903512586864ab0e4cb91b3fc81ff8d5554a340af1e676a1828cc7b7227ce1f6b354b90532a09a434d370d5026c88333a84f955e801a4365dc4f39938ab0764820e034c84229e0415d26eacbfa8533c2a13bfe5990149d0baa7dcdb057bad637e7dd1be0d1100ed4d79ea9187faf5987fcb03cee706b3b1098a405be9b834fb1faef117c5c2180365bc2f4db773aa696762174d71ee3f331df82751ae9d3496e2711c427df355786b1938645eb34a75441dab768ed81570598c39d0882f985938e576a05d4050c024226251cef320213f9618cd1e09f875ed5bcc58ed5e924e1d99d88977a9a545ad3371f0940c48d31f11b8430a59d8ee2dcfb6423e0b0e6a91f76f5d4c193e3e9105762be57e869a3216a99106f34e5c76d8e0e0c239efaf3c540338a40c61eb484e7b1af4ae4b6f4eb745b33af495d0ba1263cb78273d1415b11ed52be2b9335570e7441324208d20b57a32227af97bf818838fd5c92d4f820b198c52bce0b08405f1df7ad7494056d7283c649eca6a19be24a9fab396f22996e64b8bfeb6bea0b028e3b818ec0d58b9c1dcc1b40768adf9fac99b6a547d192f37ce491821713e2a3aee6649031697711ee1143cb8bd30b752d4a6b20e4b1b7bae771df405e828bb0355dc8985886602890f18576c37d61b6c4b9fbef4615475d0733326f4cd542aa5a85ede966a0e14e0cfaca890b13c2d1302423e4d99ba93ec2063213031eff47e31b1b8a45f16bb9c4a231be6ffc3e72df49ae228515775be59467520b2277543dfef4414903d59146d9f587f79937fe92da02b7fea182ed1fb7daeaca899e01be7a8ae84accb2caf104d4ab7591556663ca6b75dd99081eaf0b86d2bee3789dc8011d5568294354bb89aba1708d9507163f738e6a47592777b566e32ff4d9a83370672e6d17722ecce5d303504739459518ebf7d7e1b6bf6460f6fc82d3b1ca6ba71eea67e90c914d0cf82f8dc190b05406a13ac8184792f2c02151a06372b48dadfac4a8e062f3a858dd1a50f626906fd1e11749537671a5ec1305ad1f4056923bf4a185bc37bb34261626a02c58b7c5435937588eb1a675ec2f2210bda648171b58cb381b7661a7b0878a189be19d506614a01dd449d5be98a73dc0b122648ece7bb0367e77032dc533efb0e0df3de213e8192223a05e28c1734ae1cad05608d39e8fe9efbc061dc45568cda68403259e2a70916943a89eb398b89485e8b725bbb2d418fe04a12f1e406b9a2b7287a9eb9f17492d6a76dffc4fca56f47446b760242a8356bbb45a26fec4efd11a155fb5e33970c92860808a116639a756ad86c85bf4cae23859e28c0f8dbb045ce9c8c83af3e3879aa45678db0338cd20ada7017b353f358bca593bacc8f23b45bc5338e769e7414ec7ac684348045cf9b4ccf05fa1ecd5ef943ec12d8a908dbfedef48e13b7318b0b39fc5a82d3983cf079e29d48aa0cfa09fb7b8b8bbf51b32d493823c3c7cf0d55dd286f0e60da34c17fb18fe6c277dfdd9c7440f6bbb2268e61d8abdc1c57ddc7e365f3480c4f38b39c2cffc4eb90472ad58f34a7f5da39c007a2cb8782b932e7f0d50d75886cdee681e40297061fc23084ad07107b4d3f8c700d3dd38ea8f5ae93596714b8e127fb0869e2de91a1fbeb14fd48347648df30720b91823cb0544db6c3411c84d8dd3d98fea9d2e0623941a65553686f88e0eba78f13d398ed200e765685ecd7134a125ebe61ea21d26dc562e021a4b90cdd537ed1b90e57c995d027fc01fdcbccce4782cbb67558159701aac7f6c94903ea18ecdb8e83683a29554f434bdaf5d41572a950e3248247fa9fdc098f436efc933230d3f649ca3e7619260d90a581e67cfbf828d47e51ddfe47eb6b0a140dd3434bbe9dc2f48bf9eefa2c6da49bc8afc79fa22112c437dfc3910a54d85d4ad1caa507c1b0654dd6aabe79a88155a3c04ecb31cd3f7f193a1f4d62f94dbf0f3686b3ece32e14644aad2e2a1f20e32b9d63786967b8314b7619287ae6985212c6d4f62c36eb7500dbb7de773c31f651235e4fbdabf480213880c619fc29ddf6fd190f878ba5a2f9749cc33cdfe0dca0be04634752bc6563892742f06a6d4f9f9e4bb4b108afe67d0879dbb527ecd704005138c981145133c384eb7287e840eaed7e2432e10f4d81eaabaf1a5bee6a53be7ec285729adb219bbfc77e104c279b4ba2b20f3cf0116d0bf2400759b9c2c031076db258874a4d22eb2bbce0da1fd94642423f869f72e266ca790e7f9f9a69dd6e801ac487e1b1daf322d63f364da4949e96843034d9f5b2eb0d9d64e7bbe587c24497a51a5a7237d0a63a052440b766ed98036591074e169ffc75d1f7ae8933f806656cd9f09c441849a26b05eca5522bc5511533d499193e0c9e7e2e94a14b7a61131bfbd70557f69d6dabe427d09ae365f2792377496410719b2771a24ac5d3aaf38a12bbc2cbb5217033f06c29e03a747075363b0e6927ba9c677f2620b799541e93e7419868e39ed90d6c531fd330c3345b13410198013bbec3a47d19c81b0722dcb3efafcb2c41f46dc44de344aa1641995623b841aa261e03fd233ad55df160611721e3cad15520390e72df9d94764f7b56ef13d3030327beee95ec978dd50df60be79889787540f548e89e53f64b6ba947f01beb304266121a3c21ba1747e77764c721e042b7071ca846a888ca03188dfee488f85106a3dabab6373462e5b0e7d3e2e53c5e8b577fe60571cc8fb694285155fa7b3e44a74706de8c6ce1cde663d97bb46cba386166cb79767bf08232c38149adb0167035ff0197e81f66252321f83cb158a1737ae8e670e8d189c09e21ae76f67ff9df3091272bf98d58a3ec28b671a12791a29134c991ed05adb58b0a18e82d40475acb0af3cd766e22fe7f38eb4479925e2b37d8a19b7a32d79292c88fbd644c8e6921d53a64fbe7b7e1790e0eb9acdf849a908b439cb1869a1f0a1047842a6da6967d0d00027320c65e0753cc9ab2a8ce759b1fffd9835abbc0b60d3", 0x1000}, {&(0x7f0000000140)="42882d12f6faca71d167bbe0674699bcbb2ae52b239a577c47c1684e798c1c314305a1", 0xfffffffffffffd63}, {&(0x7f00000002c0)="887bff68c6b9fd83c1764140df77dfa83fc7976a27c405ab659afb56d0af70a5fe2e05caa8b2c1a1330fd9e0483dd94bb632b03760e2b4dcf2e9f6a479d4912b10148b098374d2df3718e5640855a3fc8fec5a7698ab43936535145174572976fb4e0d7ef2d68123abb1eb99c4a468dcc7e1552a9b9200d5f9adf242010cfd96aed6766c0d186d12e4023dda506af22d45869c41577a2a024a89a13f952b97aec615dddcb2ca5745289196dfe9d12415455366c2866af390d22d49a21020fa174445adab8a2e161dffd1dfc8f93e9602fe5b3f40ab91aa4de22b3e47d493f8d09a19e51dead79fce3590e762ce0956d42e141336815142", 0xf7}, {&(0x7f00000003c0)="5f1c0a25fd5748ad5c5dc779c197c9ca46960831f33bf161c3635f7c28efc1f1a773bccd613d71b7a4e84987837e34fc214f66243dfa8a3d92bc843c31c260e613004169e19c6658a72faed62e26fbf71567164459fcb39cb5bc9262621a6ebd2850a2b301066fd51bb68415ea71e72b1dc9c973b88193c44976c178ece0ca5f95350e341151a395fe3491d829bb1cc45178596ec494fe6ede9a99452c08ede56a4139418371ae3ce8ef7476fef618d4a1d8ee", 0xb3}, {&(0x7f00000004c0)="3bdeb1e6becdb2c7ac272e8ae9fb44e3ae1adea48511d20da24b4773b55dba18e79f20065b2cbd98f203478c78a97a6e69e08a27343a45f2e7080ef1c55eadb074c7930f4a73d27512fd76798022b0a693a9932ac6613cdc70c3fd0924bf5fc870b14e4cffccf2043ea333ae67d9321b6dfec7a3d89c45d3194dd80125bccbf9721d74b0491dc061a176844e615c1e076b5ba54e9ceb83ca7f1b11f92b65043919ae190f7e", 0xfffffffffffffd10}, {&(0x7f0000002800)="573efcb773243be177b2057b768fe52491b0fe07c8815b40ce073f427a8ac14f0be281ed793a18b6af998ef22883191ff0a43fdd73e77fc88354cd5e1645b41ba51369cb4deb9ad4a88977", 0x4b}, {&(0x7f00000016c0)="246420d34a7296dd3d135e09b2809bb809632b2c26162f179a8ef3485da4bd40f05e7898c0f32e51d80bc50344793685e7ccbb958e497fb3f468ef5e0c2d1fc93ea29b30de98f76bd6c0f40622e1a15f3d8f7c8848a41c5c0d73c551a445daa2b8fb06a9dd604ba437f5f9f96b1995baf10e0aba660d291fd7a30e1e5dd97b15e9f2d51e6c2cecfddb3076ad3f733583e928ff5795ad941d8c6513583b5e87e8ebf5f289d85257b7314d1c7e92269fde8e4e7ddf381b1f28bc4ce6750ce1893fbf2c159dd404e8665f2c433b1564f79e7fa6153924bad529becdf873ef88c9fe09f54b2d31e812b634a2f44255122f5a45790604a581475584e6202b837b35446baf13ba7a7f0fa6e74d715d4609c4718693224823ec2697e3ade879bf37968529f18e49f6f08ae7992d523dbf1f1ca921bbbd0dcece2740a27ca1c437d552604003900c0de7b84348f2d6cef8a5734cd12c87057118d97bdc85fcdcf696589f5555641d6036c7af024851773863128d6965223534c65c8f87e60fd89ef02b68c8945a512d1c6ae438bf432e24b80639aedbf51caae4d6666c451101d473ad7b76d0300d495a0c41ce012da66785d15a5efef369035974075dc4f7afa95987dcbbfe127be85ddb7ef12dfe35c20bad7c43fed0484c3cde1b81cd2a0adeee003d7199f4ee3a4976a02330eb6c2338a68a60ab6ccf7b924530bea0fe9991f1feb225c59417fdd0e64b8e9d953a3a01a3988fc3ee0f71eda34b885f0076d9bd99a99518432050eb6d81d8b1b428bb3ac257d435d310366f2aa29e49c6e130e8a235c9115ffdeb41b6a70826d06e224e1b077be516fad75ad25218f07c4e2f071197b1f1ffd17708f5178e3b8faf5d914e610280828b34904e623ef691af1bf6a303ebe1fde3286217359b4de95452d57612348329e89badcf5e4c271d4f5c448244db490bd4b5a250ad27604c33e375d2ea0bf25978b166b719b59453d1ec41288a5565a8d0c94ffdacfc57be62c83e1379ebc5b87888127cb222ff4b5c0e3e21976e191c3c753839b94bf77a697e1472ea6571f08a9bcf670306378826cbaa21918052344522d34a767eda1f91bf30d08c01a3a4cd331df9a3987513a11bc44063c4a561c3145a530278cb9a16dbd05c1850aa5167da25152b4fd124a3b18539cb4d1f6305f849265f45928b1cf45f42e8afd015057e32973a8e295153ea589287b78fa09079e701baa0894ec257f479972bd33a22be9da0d8c477b44ee7f317785391c9797bbe78e890903450ce389fc4bea9efccb150a2bab13d11212aa435b615c59037d053f1175123f516f5cf905371624e7cec8f1d2d32233d42ca3b1527406f10b9af7916ba61070c8b35ffce91ef779adc9726de85920c2f5c53f4a6dc0d4517e695f3f6b471652e6f151477d0726435c7214b9fa5ff5cf94fdd2c8fe8bb967e3ae5a711350433def0ac9d057f9074bb379e96dba73a758ac8ea460d8c8b141e8d2a0f9bebd097aad5adc840846194edadfff275d5d0a2d67905dc0eceb145988bb051c5395c3a3d48dc570f9976b9efdf983d7ae400442b1c0df21167ad44e813d6647e25d824638b558ef0224aa69e117e1d32891aa0002780f09d0eaf6ef38a0e2b1f788a78a07089a94aebae26a100e9a661163157726438706d69d51ea6db0e68f8abe081ab346f45acb19c2cbf6891a3a60908cd71251e066741457034c684e1a6ac68c1d39ad3189c17a8c3fa444afedc54b0f3b62782d803ba73ed5ac33fae5b7ad27c608132ca06db5f372eb393645243db8fb58ab49759521a7e38eb6971f8c6064b90dcc5af179adb150f30a19cc0c6c95705ca32d4275ae4384485869b43d8fff8d85307febff852448ca69fa6c1beeb1bf3b913cf5fae9d7dd062e639acc1cd4a0c548d77c6733fa2cf345a1754cc70e56109f2fee990ecabfe11b2e2b3f8be1fd5eb4dde7f130b52111c30cf08169bebc57e4f96f1b4c7ab69b36cd11faa54b5b7dbf8dc09eeb900d6ceb024576f49af1c51f5c274970b112c9a4a0f05a7a9bc7366c37b581d39eb23240da5a387d431d5968c02cc64403dbc384f935d46935790c919979e92158093f26424ba6b241d10ba8dea91f0a9723c7603c3e66ce5e5438460219dc16463b90c14e2690db7e49e8b2668801ca0f06efe07847ca366d1a6aa5a44eacbb569fb257a879f2bea438d5a17dad75709ebcfbeaab75622cdd5e33aca016616d27f14dbac6520d6e42f542c47aedacd3d692a219a965b3324198b08ce8a9fd212d344f2ae85dfac1ec69ae9801c60820abeddb4dc6b4d59ff4fd60da6f87d7904a7e29ca88d8aee6d49e7c0315a6a0a2729df3b2bccbbd8ae45c17347901a5349b55868a5e1a6f04d2b2ebcb707aaba33528c871f765db4aa87f7f9a9055ceb51faf0c4d8c4f305ebd5d98159d5e3066122fef9898ccb7cab37bd2a247c25160adf4f3b55821c78e7937f10b9b7a64e01080aa21e849d44e4c48d9a64d8d63f164b73251c64d917c357497cf5cd8b72e00a3ec7750c8d498f63180ed0d3191d485f5900a1ad8e8570d8f6c4b1c286303bea2f8006203307edbedd6173b4f17f1a043019bc860c071583fd6513cdbbda032d43538a07e0f35345b187f64d893a046c1dbe86ecd936c2d9a43fa028ddb9514bbeae63a74ce5f7aea25f9997b73c9719ee7e519d3116b1051908e2cd5262b1492d6938eb6689e6459ceebef152bc4fb3d07ee2ec8aa6f4a2ffd442a73eb7d01a173ea252a2733b5a7fbb347e7be95d0387e69e7442ce9a0b91e9f7929548964f0ba2a68cbcb225c1c0265fd8e8ee58723e2fc991a3666771b60dc01531ecc17392bb0c752d712d9f6e78edc3a55f4fd8d6bbc676f4e7f30016825cd970e15043e5bd35220b83d437be0df84eebc45e042f4c6c1994617b64f9a5109d375a5b0598a993fff421dc01a1105b4f559bb0cfdc94a5c18b5825fd796b4c05a49bf1577a33dca3f3f2ec59085d87b08f203dbc3a5735f41598d7f1d0d8ef7769292b726a2443038f3f086884ff848bf392224d70383502d237298509b93970efc12766d89936a7bffeec953fe40948e425e2c625d9cf59c14ab83b71e39d99be902579d56a143d1fafbf80aacd5fe17a518b150cc6c481fec13ad54400d8950185a73ab86351ebcd421d701837e2750b9af079ecb430307a29fb0c82f280c9e20f1737ae69fb846a51ab28e4fd9ddb687aa21adc389db3657a9c5b5c267f977ed9b2db5ff531242b9e6eeafac088b9c4c1dc4007be812827f758adb817e2db544ce65cfeb9d837953f99388e1d2135b44239aa40ee2baf77dcb55c115bc7019d56a4bb71fb1943056f1db297dd442344bbe6657c9797b6bab74935d6fe2b12226f2a7c84b064c33da4fbf0ffa1ab0894b18984730bd2d1880018fe2c35c10bbb2f7c52cd7759690abff507e67c6d2bf00ac55880952042aed582eafb53b1c522e8522519b0e1b04d14906ac2683126d3c3fc43385c56ee74e28864c04af63d9bcc9d49c46f6d1167f66fdc34dd988fd1999e96b9090083027f473779fb0534d8bde31de3259f96ba616f98fb41e3d38531c3e7b69056862b5ff3abfd27a5dc923995ba597e8a4027a1d41c1790a4fa81dbdc39c1fe6973f2c5a9ffd4f1531e015b10e8e3ae4b3ddb4cb818d318efcacaadbf258bc74b7b9dfdb14f464f33532276b5cc654d645821a47c23d4ff1e6c61ec2f7a7638720d2af9703435f4b6b40595fecc22b1b9a3398fef0842ce4c16d781735ac8f0c9f824b808f595103fe363efb7222d060ac7f26501b90e888416a66cfe59e77338e5c12fbd6e72338212c6e261408c5d3813349b2e8b48820340e560a58d7d4fa4f64824066142b1df9a50ff3667687b5fe62d7c4b0c6344d5e9d0bd190d82f9724048907b78966d4e8750f9007630efb0c082ef14871b8243ea5aba8309f7b27e61e1739ce17b98daa264abab9952cbce7635eadf9e795d081f2e1e4fa1801d0089016176191cef25a57f2916949c13ea37b51035c237b6675eb8f1d4fd9c14dfc667d7593a0a54e1d2dae2e46e8e874cb6cd4925954de32a9ccec59092040301cad3bd00d84954979c4514c88e70a75c9dac98e46af4bdad7b75e1d6058aa4dae19a913ca71f25aaa163bedd7114a1285e38bdf19713b746f3259d9af71059b681a4a7c21314d68a226d4a27705500b63e55dfe2554cb756c6cdac47ddd82313f3cb7ed10489749526b010dc293de113e19a43140502edba734cd983a9723a4ce8e7467b7842244f91184d0fe685db637dff3e9762f504993e911651800b50325f9504da0fdacd4866d2ace09db9d862cb7672dd5e49acbfae6661eee4f5a8b94258be4f9fe96f9ba3ebcb671311ed2f677f713eaaf6b57ff63e1ec0cf9d9d96edb6fc48aebd3deb3f1c9c0fb7223cab9927d76f557bee2867049dc99bffe50e7715c1f523bcf2c0bdd5637fe9118f43286ba8d91768ee4f1878224d898cda1b4f625698b95c47dbafd686c9bab4d6e2b62d53aa10c00fef744e23e369395f1dc65be90d37e6460a6969da69004474b2d72620cb97123342ec0e9cc59da9c70ee037c513174a026b5b5ccb78698f91c74d82ba8713d3d68a6da7246ba51a06d9379aa339aa1641d01d6303fbb1af7c023f4ee8ff8a00c63bf6fd17a7f65abdc125adbdad0a9577165f20f257dddd446467fbc3902292dd0d2ec6773a5ded5dcfabf07dd31f1028470fad9cc8575f558fe7bea3cbb2e4bf586b6105d9ea0d842d77f7fae9d518453dd0ef3e95f0bf4e5d18dccb846331012745fa9fa5066aa19d8c0cc4b8ebee56908c13b0361c66cd5b4462f55f6e81c512eedb2504ff071118448ae1c1f6078e93ce428eb6ea9d7711d1609819d06fc3a693a0aa8466ce939d498d878eb465a2e1c957339172f18615ea0f817f5a1b11e2d82efa6d6d03453e859526f815eba9cf8800d62a35450565ba791c3007d4f77de13d32d1030e6a7261dfbf62a6397d77ee2b84957f46426511f58c3b4c615c35f5bafefb0c0a66fea7e710fc14608be8a8412488fcf710fb16048f13f9c1ec3ee40c67d02f01f1372fe6ccc819962803bd3fa3a1773f003f6aef0582d50dca9c94e930453a91ab3e762d391b0dd7335071b971ec5ec670012db68e5cdfd9b283cee641bfa140f2aef21db7da5e307a67faf2db3c5edecd6c14ffea230297ad04f6ee02942cc51f0fb403b19449dd1d69feb9433816ed367897b6c98cb8ac8784d2ed025e54873364c8cea846d60d5b03c230af62a6a2792cc521fddc0aa28d09e56721ce9057fffd2bac04a53c4cdbceb83cade37efc466eaa2d6e3e61033ac247ab4e60b70f6155c81012d58c4eafa6536706ec85daf020a0b589d022b528f2c5110feecfdf6408c0fb03c421936bc59ed023fe3f81bd3d24c7b2a70e47a377f74406c231c405f133db17a65dfc2c479aaf85d160c0c83ebae96de09bf02195abe2ab48bb7d1838da0d28af9917dde80097e5e2f4b794eb8c5f2cc31cd4122a4e886068461b8795afeb6399f257f011a3c13e1e9ce5a459a9b6aed96d3c3ea92e722c3929bcad785d91d209332bdfbdb192b659f3815407ce58ce6378083688cb03922d459a1aae7091a09ea5fde957741182f21da3e54c4193520b78d835a0fe61d5b6cc4740063989dae8cb60331a1c959d3d345db24460200c7327015fc9aadd41adea8f148bf98bef6545ef970904d66238fd2e2132b56029e24450f54347feec6dbb197739ae27433d35c497f249f8a3", 0x1000}, {&(0x7f00000026c0)="f54f18427a5ddf337644f4983e910185c043d24bc0c893b8162c78ce6e3c08372ac06b4f0c1e7a55790e85cc8189dfca332a1d794b1419196710c02f782b8ffee32a2d66487510f54cd3a3fe93f2ed5ab63bd29d5c", 0x55}], 0x7, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:27 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x0, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:27 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830010c200800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:27 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x101442, 0x40) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) r1 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x200000000002b) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0xffffffffffffffff, 0x2, 0x200, 0x3, 0x3}}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:33:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:27 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c202800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 666.513756][T25750] binder: 25747:25750 got transaction to invalid handle [ 666.522946][ T12] binder: release 25741:25743 transaction 416 out, still active 07:33:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:27 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x200000000002b) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x18, r0, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffe000/0x2000)=nil) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0xe6}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @multicast2}}, 0x9, 0x4, 0x0, 0x100, 0x8}, &(0x7f0000000200)=0x98) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000240)={r3, 0x7ff}, 0x8) connect$pptp(r2, &(0x7f0000000040)={0x18, 0x2, {0x0, @loopback}}, 0x1e) signalfd(r1, &(0x7f0000000080)={0x5}, 0x8) ioctl$ASHMEM_SET_NAME(r1, 0x41007701, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/sync_retries\x00') ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:27 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x2, 0x0) syz_kvm_setup_cpu$x86(r1, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000280)="f2da6451feddccb9d20a0000b8df1f0000ba000000000f30f2410fc22900f3470f06c7442400aa000000c744240200500000ff2c2467f390470f01ca0f088fe978e121", 0x43}], 0x1, 0x10, &(0x7f0000000340)=[@flags={0x3, 0x260000}], 0x1) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000040)=0x7fff) tkill(r0, 0x200000000002b) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000080)=0x60, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x118, r0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000380)='trusted.overlay.opaque\x00', &(0x7f00000003c0)='y\x00', 0x2, 0x1) r2 = add_key(&(0x7f00000001c0)='cifs.spnego\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000240)="dcf87d3b70bf14d41b3fdf46e83b33466ea734d7219eaa1117ad1bc067a0865d1ae1cb0ceaacef4c5e8ad5", 0x2b, 0xfffffffffffffffd) add_key(&(0x7f0000000140)='syzkaller\x00', &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, r2) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f0000000400)={{0x555, 0x8, 0x1f, 0x9, 0xc00000000000000, 0x9}, 0x100000001, 0x100000000, 0x100000000}) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 666.656671][T25765] binder: 25764:25765 got transaction to invalid handle [ 666.685259][ T12] binder: release 25766:25768 transaction 421 out, still active 07:33:27 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c204800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:28 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f0000000140)={r4, 0x0, 0x0, 0x2d5, 0x827}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:28 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20a800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:28 executing program 0: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() select(0x260, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x100000000100001, 0x1) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000001280)=@known='com.apple.system.Security\x00', &(0x7f0000000080)='!vmnet0cgroup(nodev[\x00', 0xfdd1, 0x2) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/dlm-control\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000001700)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000016c0)={0xffffffffffffffff}, 0x106, 0xd}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r1, &(0x7f0000001740)={0xb, 0x10, 0xfa00, {&(0x7f0000001600), r2, 0x10001}}, 0x18) tkill(r0, 0x200000000002b) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") ptrace$cont(0x9, r0, 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x118}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x12040, 0x0) r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001180)='/selinux/enforce\x00', 0x400000, 0x0) ptrace(0x4219, r0) getsockopt$inet_sctp_SCTP_STATUS(r5, 0x84, 0xe, &(0x7f00000013c0)={0x0, 0x4, 0xffff, 0x1c, 0x4e037cf9, 0x5, 0x0, 0x6, {0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x2, 0x0, 0x8, 0x100000001, 0x2}}, &(0x7f0000001480)=0xb0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f00000014c0)={r6, 0x5}, &(0x7f0000001540)=0x1a5) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f00000012c0)={0x0, 0xad, "dc0a88f4b8dcdd0cbb1d3e8a9e4d4ee6298bf967588681adb7011567945c67ea0281954c740fe4166374bf8331e7759b964614aa7659d557f61afb6918ab47167a0e544873dc3471b1ded74317aaf735e643aa121402f55b0746f6cb84a2ea5e1b41692602597f465e0a888c74ac386a88073a53d3415002d38d90e82544a4839c98ef345713f6b34fbe266e2b4c5c2b352f7ccc1de31745abfd201f385a7c1b72ad380849959fc7422f4a092e"}, &(0x7f0000000040)=0xb5) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000001380)={0x4, 0x101, 0x0, 0x4, 0xded, 0xdfdc, 0x9, 0x6, r7}, 0x20) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0x40a85323, &(0x7f00000011c0)={{0x4, 0xffffffff}, 'port0\x00', 0x0, 0x20, 0x0, 0x3, 0x63c5, 0x8, 0x9, 0x0, 0x3, 0x865}) ioctl$EVIOCGSND(r4, 0x8040451a, &(0x7f0000000180)=""/4096) getsockopt$TIPC_CONN_TIMEOUT(r4, 0x10f, 0x82, &(0x7f0000001500), &(0x7f0000001580)=0x4) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:33:28 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x0, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:28 executing program 0: syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/net\x00') [ 668.105323][ T12] binder: release 25794:25807 transaction 427 out, still active [ 668.112491][T25803] binder: 25801:25803 got transaction to invalid handle 07:33:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 668.160063][T25803] binder_transaction: 2 callbacks suppressed [ 668.160077][T25803] binder: 25801:25803 transaction failed 29201/-22, size 0-8 line 2994 07:33:29 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20e800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:29 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x1) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x80}) [ 668.231859][T25051] binder_release_work: 2 callbacks suppressed [ 668.231865][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 668.402547][T25827] binder: 25826:25827 transaction failed 29201/-22, size 0-8 line 2994 [ 668.457255][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:29 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:29 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20f800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:29 executing program 0: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x20600) r1 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_CAPBSET_READ(0x17, 0xc) r2 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x40, 0x0) recvmsg(r2, 0x0, 0x0) bind$packet(r2, 0x0, 0x12c) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={0xffffffffffffff9c, 0x50, &(0x7f00000000c0)}, 0x10) r3 = openat(r2, &(0x7f0000000100)='./file0\x00', 0x800000000010241, 0xfffffffffffffffc) recvmsg(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000200)=""/144, 0x90}, {&(0x7f0000000400)=""/234, 0xea}], 0x2, &(0x7f00000005c0)=""/63, 0x3f}, 0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) chdir(&(0x7f0000000000)='./file0\x00') symlink(&(0x7f00000001c0)='.\x00', 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, 0x0, &(0x7f0000000540)) getrusage(0xfffffffffffffffe, &(0x7f0000001b00)) connect$packet(r2, &(0x7f0000000580)={0x11, 0xd, 0x0, 0x1, 0x200000000000b3, 0x6, @remote}, 0x14) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000002c0)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) exit_group(0x2) unshare(0x40000000) io_setup(0x137, &(0x7f0000000040)=0x0) r5 = eventfd2(0x9, 0x40000000001) io_submit(r4, 0x1, &(0x7f00000003c0)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r5}]) 07:33:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:29 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 668.961113][T25844] binder_transaction: 1 callbacks suppressed [ 668.961121][T25844] binder: 25836:25844 got transaction to invalid handle 07:33:29 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c260800000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 669.007981][T25844] binder: 25836:25844 transaction failed 29201/-22, size 0-8 line 2994 [ 669.045020][T25844] binder: 25836:25844 got transaction to invalid handle [ 669.070522][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 669.079794][T25844] binder: 25836:25844 transaction failed 29201/-22, size 0-8 line 2994 07:33:30 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200000000070000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 669.117933][ T12] binder: undelivered TRANSACTION_ERROR: 29201 07:33:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 669.168502][T25842] IPVS: ftp: loaded support on port[0] = 21 07:33:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 669.279104][T25866] binder: 25865:25866 got transaction to invalid handle [ 669.321925][T25866] binder: 25865:25866 transaction failed 29201/-22, size 0-8 line 2994 [ 669.356607][T25866] binder: 25865:25866 got transaction to invalid handle [ 669.385133][ T12] binder: undelivered TRANSACTION_ERROR: 29201 [ 669.391525][T25866] binder: 25865:25866 transaction failed 29201/-22, size 0-8 line 2994 [ 669.427375][ T12] binder: undelivered TRANSACTION_ERROR: 29201 07:33:30 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) ioctl$KVM_X86_SET_MCE(r0, 0x4040ae9e, &(0x7f0000000700)={0xc00000000000000, 0x1f003, 0x5, 0x7, 0x19}) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrandom(&(0x7f0000000780)=""/243, 0xf3, 0x3) mkdir(0x0, 0x101) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000000880)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000740)={r5}) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000640)=""/106) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000140)={@mcast1, 0x4, 0x1, 0xff, 0x2, 0x5, 0x6}, 0x20) readv(r3, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/234, 0xea}, {&(0x7f00000003c0)=""/167, 0xa7}, {&(0x7f00000004c0)=""/160, 0xa0}, {&(0x7f0000000200)=""/115, 0x73}], 0x4) syz_open_pts(r6, 0x0) write(r6, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:30 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800200000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000140), 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') sendfile(r0, r1, 0x0, 0xfffc) 07:33:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:30 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:30 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800400000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 670.082185][T25893] binder: 25884:25893 got transaction to invalid handle [ 670.089222][T25893] binder: 25884:25893 transaction failed 29201/-22, size 0-8 line 2994 07:33:31 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800a00000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:31 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x20000fff}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) [ 670.170985][T25051] binder_thread_release: 7 callbacks suppressed [ 670.170993][T25051] binder: release 25898:25899 transaction 461 out, still active 07:33:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:31 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800e00000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 670.282419][T25893] binder: 25884:25893 got transaction to invalid handle [ 670.309227][T25051] binder: release 25907:25909 transaction 465 out, still active [ 670.336355][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 670.342968][T25893] binder: 25884:25893 transaction failed 29201/-22, size 0-8 line 2994 [ 670.393118][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:31 executing program 4: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000200)='/proc/capi/capi20\x00', 0x280, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000300)={0xffffffff80000000, 0x3132564e, 0x3, @discrete={0x10001, 0x2735ae90}}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f00000002c0)) ioctl$VT_DISALLOCATE(r2, 0x5608) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000180)) ioctl$KDGKBMETA(r4, 0x4b62, &(0x7f0000000140)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(r2, 0xc004562f, 0x0) syz_open_pts(r5, 0x0) write(r5, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:31 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800f00000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:31 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getrusage(0x0, &(0x7f0000001b00)) 07:33:31 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 670.794746][T25925] binder: 25924:25925 got transaction to invalid handle [ 670.825676][T25922] binder: release 25929:25931 transaction 469 out, still active 07:33:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 670.856519][T25925] binder: 25924:25925 transaction failed 29201/-22, size 0-8 line 2994 07:33:31 executing program 0: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) ioctl$KVM_X86_SET_MCE(r0, 0x4040ae9e, &(0x7f0000000700)={0xc00000000000000, 0x1f003, 0x5, 0x7, 0x19}) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrandom(&(0x7f0000000780)=""/243, 0xf3, 0x3) mkdir(0x0, 0x101) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000000880)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000740)={r5}) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000640)=""/106) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000140)={@mcast1, 0x4, 0x1, 0xff, 0x2, 0x5, 0x6}, 0x20) readv(r3, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/234, 0xea}, {&(0x7f00000003c0)=""/167, 0xa7}, {&(0x7f00000004c0)=""/160, 0xa0}, {&(0x7f0000000200)=""/115, 0x73}], 0x4) syz_open_pts(r6, 0x0) write(r6, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:31 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200806000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 670.900766][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 671.006680][T25922] binder: release 25942:25944 transaction 472 out, still active [ 671.027518][T25922] binder: release 25942:25944 transaction 475 out, still active 07:33:31 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080f000000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 671.097355][T25949] binder: 25948:25949 got transaction to invalid handle [ 671.153463][T25949] binder: 25948:25949 transaction failed 29201/-22, size 0-8 line 2994 [ 671.195059][T25051] binder: release 25954:25955 transaction 479 out, still active [ 671.260367][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:32 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() r1 = syz_open_procfs(r0, &(0x7f0000000140)='autogroup\x00') ioctl$KDENABIO(r1, 0x4b36) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x5, 0x1, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:32 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000a000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:32 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:32 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080130c000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 671.962755][T25976] binder: 25970:25976 got transaction to invalid handle [ 671.989510][T25922] binder: release 25968:25969 transaction 483 out, still active 07:33:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 672.170419][T25992] binder: 25988:25992 got transaction to invalid handle 07:33:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:33 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000200)) r4 = mmap$binder(&(0x7f0000ac0000/0x4000)=nil, 0x4000, 0x0, 0x4810, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)={r4}) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000640)='/dev/nullb0\x00', 0x81002, 0x0) mknod(&(0x7f0000000540)='./file0\x00', 0x8024, 0xffffffff) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e23, @multicast2}}, [0x7fffffff, 0xd6, 0x7ff, 0x1, 0x8, 0x3, 0x2, 0xd24, 0x2, 0x1, 0x5, 0x80000000, 0x1, 0x4, 0xffffffffffffffe1]}, &(0x7f00000003c0)=0x100) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000400)={r6, 0xffff}, &(0x7f0000000440)=0x8) syz_open_pts(r5, 0x0) write(r5, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000140)='syz0\x00') 07:33:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:33 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000e000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:33 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:33 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:33 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:33 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080c00e000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 673.026003][T25051] binder: release 26019:26021 transaction 498 out, still active [ 673.042562][T25051] binder: release 26019:26021 transaction 501 out, still active 07:33:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:34 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000f000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 673.181879][T25051] binder: release 26035:26036 transaction 506 out, still active [ 673.267712][T26041] binder_transaction: 6 callbacks suppressed [ 673.267732][T26041] binder: 26040:26041 transaction failed 29201/-22, size 0-8 line 2994 [ 673.335171][T25922] binder_release_work: 6 callbacks suppressed [ 673.335177][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:34 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) r4 = syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) write$binfmt_elf64(r4, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x3, 0x7, 0x3f, 0x3, 0x3, 0x7, 0x7, 0x327, 0x40, 0x3db, 0x8, 0x6, 0x38, 0x2, 0x1, 0x9, 0x4}, [{0x0, 0x9f, 0x3ff, 0x9, 0x1, 0x9, 0xffffffffffffffff}, {0x5, 0x7, 0x2, 0x9, 0x5, 0x4, 0x8, 0x6}], "424b4bba06a167ea8a1b3994be557e", [[], []]}, 0x2bf) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) getegid() 07:33:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:34 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:34 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800c13000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:34 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:34 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:34 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800060000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 673.699242][T26060] binder: 26056:26060 transaction failed 29201/-22, size 0-8 line 2994 07:33:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 673.751335][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:34 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800ec0000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:34 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 673.920299][T26083] binder: 26079:26083 transaction failed 29201/-22, size 0-8 line 2994 [ 673.960896][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:35 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000f0000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:35 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:35 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000040)=0xffffffffffffffff) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000440)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000400)={r2}) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000001000000", @ANYRES32=r1, @ANYBLOB="0000100000000000000000000000000000000010"]) ioctl$TUNSETSNDBUF(r1, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) ioctl$VIDIOC_RESERVED(r1, 0x5601, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r1, 0xaead) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e24, @broadcast}}, 0x1b, 0x3}, &(0x7f0000000380)=0x90) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000003c0)={0x1f, 0x7, 0x207, 0x42, 0x7, 0x0, 0x0, 0x3b1, r4}, 0x20) ioctl$VT_RELDISP(r3, 0x5605) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) ioctl$KDGKBDIACR(r3, 0x4b4a, &(0x7f0000000200)=""/115) [ 674.272197][T26097] binder_transaction: 7 callbacks suppressed [ 674.272205][T26097] binder: 26095:26097 got transaction to invalid handle 07:33:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800040030000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:35 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 674.312612][T26097] binder: 26095:26097 transaction failed 29201/-22, size 0-8 line 2994 [ 674.338469][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x4c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800003400000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:35 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 674.526583][T26121] binder: 26117:26121 got transaction to invalid handle 07:33:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080fffff00000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:35 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 674.593074][T26121] binder: 26117:26121 transaction failed 29201/-22, size 0-8 line 2994 [ 674.630708][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:35 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:35 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) write$P9_RLERRORu(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b0000000702000e00000065762f736e617000686f7404ccb9ffff9eedc8298be6d1dc73c2b0000015b0fcfc85425ba6c666955f11a876875813e671c2daef91902556407f1c8f97d4f3c96955ad43dd2de4f13090bb7a629562fea9137c96befcbb4b0be813d14e63fc3ae7ca8560f5ab02e4d81c254f57662e8e60c527d3fa7ca937f0c57e503b744ff53c4750e06188f77e0153eba7defdb9069595cd2b7ac14ca3876e7c1abf3df2de3baca9bac1bd"], 0x1b) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r2, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:35 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000100000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:36 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000200000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 675.080729][T26153] binder: 26148:26153 got transaction to invalid handle [ 675.094197][T26150] binder: 26147:26150 ioctl c0306201 0 returned -14 [ 675.112522][T26153] binder: 26148:26153 transaction failed 29201/-22, size 0-8 line 2994 07:33:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 675.180244][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 675.251197][T25922] binder_thread_release: 8 callbacks suppressed [ 675.251207][T25922] binder: release 26161:26162 transaction 539 out, still active [ 675.286787][T26166] binder: 26163:26166 ioctl c0306201 0 returned -14 07:33:36 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000400000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 675.388146][T26173] binder: 26172:26173 got transaction to invalid handle [ 675.419635][T25051] binder: release 26170:26174 transaction 543 out, still active [ 675.449299][T26173] binder: 26172:26173 transaction failed 29201/-22, size 0-8 line 2994 [ 675.501393][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:36 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:36 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) ioctl$FIDEDUPERANGE(r3, 0xc0189436, &(0x7f0000000200)=ANY=[@ANYBLOB="090000000000000005000000000000000300000000000000", @ANYRES32=r2, @ANYBLOB="00000000a40000000000000000000000000000000000000000000000", @ANYRES32=r2, @ANYBLOB="02000000000001000000000000001d00000000000000000000000000", @ANYRES32=r2, @ANYBLOB="00000000ff0700000000000000000000000000000000000000000000"]) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:37 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:36 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000a00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 676.129817][T26197] binder: 26191:26197 ioctl c0306201 0 returned -14 [ 676.131898][T26196] binder: 26193:26196 got transaction to invalid handle [ 676.149305][T25051] binder: release 26192:26194 transaction 547 out, still active 07:33:37 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000130c00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 676.188603][T26196] binder: 26193:26196 transaction failed 29201/-22, size 0-8 line 2994 07:33:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x7400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 676.272094][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 676.307720][T25922] binder: release 26206:26210 transaction 550 out, still active 07:33:37 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 676.368770][T26215] binder: 26213:26215 got transaction to invalid handle [ 676.439611][T26215] binder: 26213:26215 transaction failed 29201/-22, size 0-8 line 2994 [ 676.449198][T25922] binder: release 26221:26222 transaction 554 out, still active [ 676.502859][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:37 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:37 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000e00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:33:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x7a00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:37 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:37 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000f00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 676.843677][T26234] binder: 26233:26234 got transaction to invalid handle [ 676.859132][T26234] binder: 26233:26234 transaction failed 29201/-22, size 0-8 line 2994 [ 676.878636][T25922] binder: release 26229:26239 transaction 558 out, still active 07:33:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 676.930815][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 677.031135][T25051] binder: release 26249:26251 transaction 561 out, still active 07:33:37 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000006000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 677.080081][T26255] binder: 26253:26255 got transaction to invalid handle [ 677.145363][T25922] binder: release 26258:26259 transaction 565 out, still active 07:33:38 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x3, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:38 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080ffffff9e00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) [ 677.412455][T25922] binder: release 26267:26269 transaction 568 out, still active [ 677.430655][T26274] binder: 26271:26274 got transaction to invalid handle 07:33:38 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x10, 0xffffffffffffffff, 0x0) 07:33:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:38 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000ec000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) [ 677.698020][T25922] binder: release 26283:26288 transaction 572 out, still active [ 677.714576][T26290] binder: 26285:26290 got transaction to invalid handle 07:33:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:39 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = mmap$binder(&(0x7f0000a53000/0x3000)=nil, 0x3000, 0x2000004, 0x80012, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)={r3}) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in={0x2, 0x4e23, @multicast2}], 0x20) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:39 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080fffffff000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:39 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x10, 0xffffffffffffffff, 0x0) 07:33:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 678.487079][T26320] binder_transaction: 3 callbacks suppressed [ 678.487092][T26320] binder: 26315:26320 transaction failed 29201/-22, size 0-8 line 2994 [ 678.514388][T25922] binder_release_work: 3 callbacks suppressed [ 678.514395][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:39 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000f0ffff00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 678.524754][ T26] audit: type=1400 audit(1553672019.385:67): avc: denied { map } for pid=26319 comm="syz-executor.4" path="/dev/snapshot" dev="devtmpfs" ino=15730 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:apm_bios_t:s0 tclass=chr_file permissive=1 07:33:39 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x10, 0xffffffffffffffff, 0x0) 07:33:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 678.702238][T26337] binder: 26334:26337 transaction failed 29201/-22, size 0-8 line 2994 [ 678.792456][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:39 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0xffffffffffffffda, 0x8, {0x0, 0x2000}}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:39 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200807fffffff00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200809effffff00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 679.152171][T26360] binder: 26358:26360 transaction failed 29201/-22, size 0-8 line 2994 [ 679.219399][T26360] binder: 26358:26360 transaction failed 29201/-22, size 0-8 line 2994 [ 679.257130][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080f0ffffff00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 679.268063][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 679.277037][T26371] binder: 26366:26371 got transaction with invalid offset (0, min 0 max 0) or object. [ 679.306592][T26371] binder: 26366:26371 transaction failed 29201/-22, size 0-8 line 3241 [ 679.329180][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 679.374907][T26380] binder_transaction: 4 callbacks suppressed [ 679.374914][T26380] binder: 26378:26380 got transaction to invalid handle [ 679.399697][T26380] binder: 26378:26380 transaction failed 29201/-22, size 0-8 line 2994 [ 679.443853][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:40 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) r4 = socket$inet6(0xa, 0x80003, 0x2c) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg(r4, &(0x7f0000000c40)=[{{0x0, 0xc000002000000000, &(0x7f00000009c0), 0x3e8, &(0x7f00000000c0)}}], 0x40000000000026a, 0x0) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nullb0\x00', 0x7ffff, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) 07:33:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800002000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 679.772333][T26392] binder: 26391:26392 got transaction with invalid offset (0, min 0 max 0) or object. [ 679.782006][T26392] binder: 26391:26392 transaction failed 29201/-22, size 0-8 line 3241 [ 679.800865][T26396] binder: 26390:26396 got transaction to invalid handle 07:33:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800004000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 679.852608][T26396] binder: 26390:26396 transaction failed 29201/-22, size 0-8 line 2994 [ 679.887002][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 679.926844][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xa000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:40 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000a000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 680.019088][T26412] binder: 26409:26412 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 680.067790][T26412] binder: 26409:26412 transaction failed 29201/-22, size 0-8 line 3241 [ 680.077547][T26416] binder: 26413:26416 got transaction to invalid handle [ 680.123162][T26416] binder: 26413:26416 transaction failed 29201/-22, size 0-8 line 2994 [ 680.159942][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 680.173040][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:41 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0x1f, 0x400000) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000004c0)={0x7, @raw_data="9ef206a73a2d786170dda1920cd577555553435c8263e92861f80566a83a1515aada5cecf2a5f8877322217142b53a27e7b0de132313805abf0d0e83fe9df3115c809e6adcee34f63ed750a2131ec003f67953b41dec87c86c6e52f1ba8d53584eabb4dfc15a58f4571a318161991b01d336b86a9ac2db265b11111a8f9a18ce73a8356a3f036eec3d1dc57aec71810713badf2880cec676725eeba5766b7800d140d1b544ebcad566fea94cf215eebde4220e3260610d8509ace3f64ac25204f1c219b878f5aec5"}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendto$packet(r2, &(0x7f00000002c0)="fd20eaa60835d774a15a091c71067b8ffb2e3b659bd6e9cbbba9327d4a8d119288246cbff004958123c556bd8927127e44f657f95316ba638199202a11b1214dd04180e59d1503ab2f7a1f842c954327c1983b5a5f559f1faf9b92eeb4a737b7c2d632d9b16992aa20fbe7aa50cfdd787b33a29f633f26d9aede429059a1e8180cb35bbcfe816ffd895bd64eac43e6b074b021e94d8f41bff20f8a1125605b08b9aa3d3b2901749ee26c58e16de22864bfbda8e44fdf2ffab61a225f8230699dff83cfa1029eebb24392511d362d6c238ea758f12b24eb1bc00f10397c910c3008e0d6213f3a264e69cb", 0xea, 0x0, &(0x7f0000000200)={0x11, 0xf7, r5, 0x1, 0x80000000}, 0x14) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:41 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000e000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:41 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x3, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 680.772813][T26432] binder: 26430:26432 got transaction with invalid offset (0, min 0 max 0) or object. [ 680.807107][T26434] binder: 26431:26434 got transaction to invalid handle 07:33:41 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000f000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 680.872948][T25922] binder_thread_release: 17 callbacks suppressed [ 680.872956][T25922] binder: release 26435:26437 transaction 639 out, still active 07:33:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 680.960279][T26450] binder: 26446:26450 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:41 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800060000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 681.003509][T26451] binder: 26448:26451 got transaction to invalid handle [ 681.015891][T25922] binder: release 26452:26454 transaction 644 out, still active [ 681.030677][T25922] binder: release 26452:26454 transaction 647 out, still active [ 681.136583][T26462] binder: 26461:26462 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:42 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(r1, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:42 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000f0000000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:42 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x0, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 681.682198][T25922] binder: release 26470:26472 transaction 651 out, still active [ 681.699359][T26476] binder: 26473:26476 got transaction to invalid handle [ 681.718858][T26478] binder: 26475:26478 got transaction with invalid offset (0, min 0 max 24) or object. 07:33:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:42 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000a0000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 681.839519][T25922] binder: release 26484:26485 transaction 656 out, still active [ 681.850845][T25922] binder: release 26484:26485 transaction 659 out, still active [ 681.879668][T26490] binder: 26489:26490 got transaction to invalid handle 07:33:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 681.982708][T26496] binder: 26494:26496 got transaction with invalid offset (0, min 0 max 24) or object. [ 682.061186][T25051] binder: release 26497:26501 transaction 664 out, still active [ 682.069761][T26502] binder: 26499:26502 got transaction to invalid handle 07:33:43 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r1, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000140)) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r3, 0x0) write(r3, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:43 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000130c0000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:43 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x0, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 682.434348][T26511] binder: 26510:26511 got transaction with invalid offset (0, min 0 max 24) or object. [ 682.456857][T25051] binder: release 26515:26517 transaction 669 out, still active [ 682.458644][T26516] binder: 26512:26516 got transaction to invalid handle 07:33:43 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000e0000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 682.636783][T25922] binder: release 26523:26528 transaction 673 out, still active [ 682.657150][T25922] binder: release 26523:26528 transaction 676 out, still active 07:33:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, 0x0}) [ 682.687206][T25922] binder: undelivered TRANSACTION_COMPLETE [ 682.692211][T26534] binder: 26530:26534 got transaction to invalid handle [ 682.790553][T25051] binder: undelivered TRANSACTION_COMPLETE 07:33:43 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/status\x00', 0x0, 0x0) ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f0000000240)={0x34, 0x0, &(0x7f0000000200)}) sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:43 executing program 0: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0x1f, 0x400000) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000004c0)={0x7, @raw_data="9ef206a73a2d786170dda1920cd577555553435c8263e92861f80566a83a1515aada5cecf2a5f8877322217142b53a27e7b0de132313805abf0d0e83fe9df3115c809e6adcee34f63ed750a2131ec003f67953b41dec87c86c6e52f1ba8d53584eabb4dfc15a58f4571a318161991b01d336b86a9ac2db265b11111a8f9a18ce73a8356a3f036eec3d1dc57aec71810713badf2880cec676725eeba5766b7800d140d1b544ebcad566fea94cf215eebde4220e3260610d8509ace3f64ac25204f1c219b878f5aec5"}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r2, &(0x7f00000000c0)={0x14, 0x49, 0x2, {0x0, 0x1, 0x8}}, 0x14) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r3, 0xc018620b, &(0x7f0000000000)) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendto$packet(r2, &(0x7f00000002c0)="fd20eaa60835d774a15a091c71067b8ffb2e3b659bd6e9cbbba9327d4a8d119288246cbff004958123c556bd8927127e44f657f95316ba638199202a11b1214dd04180e59d1503ab2f7a1f842c954327c1983b5a5f559f1faf9b92eeb4a737b7c2d632d9b16992aa20fbe7aa50cfdd787b33a29f633f26d9aede429059a1e8180cb35bbcfe816ffd895bd64eac43e6b074b021e94d8f41bff20f8a1125605b08b9aa3d3b2901749ee26c58e16de22864bfbda8e44fdf2ffab61a225f8230699dff83cfa1029eebb24392511d362d6c238ea758f12b24eb1bc00f10397c910c3008e0d6213f3a264e69cb", 0xea, 0x0, &(0x7f0000000200)={0x11, 0xf7, r5, 0x1, 0x80000000}, 0x14) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:43 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000c00e0000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:43 executing program 5: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x0, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:44 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000f0000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000218, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 683.119957][T26558] binder: 26550:26558 got transaction with invalid offset (0, min 0 max 3) or object. 07:33:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:44 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000c130000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:44 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000600000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 683.284724][T26571] binder_alloc: 14113: binder_alloc_buf size 536871456 failed, no address space [ 683.302376][T26571] binder_alloc: allocated: 6192 (num: 201 largest: 32), free: 6096 (num: 2 largest: 6088) 07:33:45 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = semget(0x2, 0x3, 0x40) semctl$IPC_INFO(r3, 0x3, 0x3, &(0x7f0000000140)=""/46) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) write$FUSE_IOCTL(r1, &(0x7f00000000c0)={0x20, 0x0, 0x5, {0x0, 0x0, 0x3ff, 0x7ff}}, 0x20) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000380)={0x4, &(0x7f0000000340)=[{0x7f, 0x1, 0xe0000000000, 0x6}, {0x1, 0x2, 0x4, 0x3}, {0x6, 0x1ff, 0x10000, 0x9}, {0x428e5887, 0x80000001, 0x10000, 0x5}]}) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) r5 = syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x200, 0x1, 0x8, 0x9, 0x0, 0x7ff, 0x2, 0x4, 0xdb5, 0x3, 0x0, 0x200, 0xe03c, 0x6c5a, 0x1000, 0x40369972, 0xffffffff, 0x400, 0x96, 0x1, 0x43, 0xed, 0x8, 0x0, 0x7, 0x6e6, 0x17fe934, 0x2, 0x7, 0xfffffffffffeffff, 0x9, 0x2, 0x7, 0x7fff, 0x52, 0x1, 0x0, 0xfffffffffffffffa, 0x0, @perf_bp={&(0x7f0000000240), 0x8}, 0x1080, 0x4e7, 0xd74, 0x0, 0x7, 0x7, 0x100}, r0, 0x4, 0xffffffffffffff9c, 0x1) ioctl$TCSETA(r5, 0x5406, &(0x7f0000000200)={0x65d, 0x7, 0x8000, 0x5, 0x9, 0x0, 0xdd, 0x8000, 0x8, 0x43c}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:45 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000ec00000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000218, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:45 executing program 0: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) [ 684.147958][T26598] binder_transaction: 18 callbacks suppressed [ 684.147970][T26598] binder: 26596:26598 transaction failed 29201/-22, size 0-8 line 2994 [ 684.165358][T26600] binder: 26591:26600 got transaction with invalid offsets size, 14 [ 684.176941][T26602] binder_alloc: 14113: binder_alloc_buf size 536871456 failed, no address space [ 684.178637][T25922] binder_release_work: 13 callbacks suppressed [ 684.178642][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:45 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000f00000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 684.281204][T26602] binder_alloc: allocated: 6232 (num: 202 largest: 40), free: 6056 (num: 2 largest: 6048) [ 684.291999][T26600] binder: 26591:26600 transaction failed 29201/-22, size 24-14 line 3201 [ 684.300749][T26610] binder: 26609:26610 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:45 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000400300000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x11, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 684.323027][T26602] binder: 26599:26602 transaction failed 29201/-28, size 536871448-8 line 3147 [ 684.351005][T26610] binder: 26609:26610 transaction failed 29201/-22, size 0-8 line 3241 07:33:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000218, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 684.411060][T26610] binder: 26609:26610 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:45 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000034000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 684.452937][T26616] binder: 26615:26616 got transaction with invalid offsets size, 17 [ 684.481748][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 684.492222][T26616] binder: 26615:26616 transaction failed 29201/-22, size 24-17 line 3201 [ 684.501857][T26610] binder: 26609:26610 transaction failed 29201/-22, size 0-8 line 3241 [ 684.546956][T26620] binder_alloc: 14113: binder_alloc_buf size 536871456 failed, no address space [ 684.577221][T26620] binder_alloc: allocated: 6192 (num: 201 largest: 32), free: 6096 (num: 2 largest: 6088) [ 684.612491][T26620] binder: 26618:26620 transaction failed 29201/-28, size 536871448-8 line 3147 [ 684.631611][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:45 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000040)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x100) r3 = semget(0x2, 0x3, 0x40) semctl$IPC_INFO(r3, 0x3, 0x3, &(0x7f0000000140)=""/46) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)) write$FUSE_IOCTL(r1, &(0x7f00000000c0)={0x20, 0x0, 0x5, {0x0, 0x0, 0x3ff, 0x7ff}}, 0x20) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x4, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000380)={0x4, &(0x7f0000000340)=[{0x7f, 0x1, 0xe0000000000, 0x6}, {0x1, 0x2, 0x4, 0x3}, {0x6, 0x1ff, 0x10000, 0x9}, {0x428e5887, 0x80000001, 0x10000, 0x5}]}) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x80002, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x0, @dev}, @in6={0xa, 0x4e21, 0x1e56, @ipv4={[], [], @loopback}}], 0x2c) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) r5 = syz_open_pts(r4, 0x0) write(r4, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x0, 0x2, 0x6, 0x0, 0x6, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x200, 0x1, 0x8, 0x9, 0x0, 0x7ff, 0x2, 0x4, 0xdb5, 0x3, 0x0, 0x200, 0xe03c, 0x6c5a, 0x1000, 0x40369972, 0xffffffff, 0x400, 0x96, 0x1, 0x43, 0xed, 0x8, 0x0, 0x7, 0x6e6, 0x17fe934, 0x2, 0x7, 0xfffffffffffeffff, 0x9, 0x2, 0x7, 0x7fff, 0x52, 0x1, 0x0, 0xfffffffffffffffa, 0x0, @perf_bp={&(0x7f0000000240), 0x8}, 0x1080, 0x4e7, 0xd74, 0x0, 0x7, 0x7, 0x100}, r0, 0x4, 0xffffffffffffff9c, 0x1) ioctl$TCSETA(r5, 0x5406, &(0x7f0000000200)={0x65d, 0x7, 0x8000, 0x5, 0x9, 0x0, 0xdd, 0x8000, 0x8, 0x43c}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x20000248, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:45 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000fffff000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000218, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:45 executing program 0: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000600)={0x69ed, 0x3f, 0x0, 0x6, 0x0, 0x0, 0x2, 0x800, 0x8, 0x9, 0x1, 0x1}) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:45 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000001000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 685.012900][T26636] binder: 26635:26636 got transaction with invalid offset (0, min 0 max 0) or object. [ 685.020958][T26638] binder_alloc: 14113: binder_alloc_buf size 536871520 failed, no address space [ 685.045623][T26638] binder_alloc: allocated: 6200 (num: 202 largest: 32), free: 6088 (num: 1 largest: 6088) [ 685.106515][T26638] binder: 26629:26638 transaction failed 29201/-28, size 24-536871496 line 3147 [ 685.106533][T26634] binder_alloc: 14113: binder_alloc_buf size 536871456 failed, no address space 07:33:46 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000002000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 685.172205][T26634] binder_alloc: allocated: 6200 (num: 202 largest: 32), free: 6088 (num: 1 largest: 6088) [ 685.197082][T26634] binder: 26632:26634 transaction failed 29201/-28, size 536871448-8 line 3147 [ 685.198583][T26636] binder: 26635:26636 transaction failed 29201/-22, size 0-8 line 3241 07:33:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 685.295943][T26650] binder: 26648:26650 got transaction with fd, 0, but target does not allow fds [ 685.311526][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:46 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000004000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 685.435846][T26657] binder: 26656:26657 got transaction with invalid offset (0, min 0 max 0) or object. [ 685.494536][T26662] binder: 26658:26662 got transaction with invalid offsets size, 14 [ 685.539732][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:46 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66646185}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:46 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000000a000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 685.929979][T26674] binder: 26672:26674 got transaction with fd, 0, but target does not allow fds [ 685.940946][T26676] binder: 26671:26676 got transaction with invalid offset (0, min 0 max 0) or object. [ 685.951137][T26675] binder: 26673:26675 got transaction with invalid offset (0, min 0 max 24) or object. [ 685.961800][T26679] binder: 26669:26679 got transaction with invalid offsets size, 14 07:33:46 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000130c000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 685.977838][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x70742a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 686.058516][T26686] binder: 26683:26686 got transaction with invalid offsets size, 14 07:33:47 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000000e000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 686.110235][T26692] binder: 26691:26692 got transaction with invalid offset (0, min 0 max 0) or object. [ 686.130571][T26695] binder: 26694:26695 got transaction with invalid offset (0, min 0 max 24) or object. [ 686.168906][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 686.178498][T26698] binder: 26690:26698 got transaction with fd, 0, but target does not allow fds 07:33:47 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:47 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000000f000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 686.391946][T26709] binder: 26707:26709 got transaction with invalid handle, 0 [ 686.412959][T26708] binder: 26706:26708 got transaction with invalid offset (0, min 0 max 0) or object. [ 686.424102][T26716] binder: 26713:26716 got transaction with fd, 0, but target does not allow fds 07:33:47 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000060000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 686.442230][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:47 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 686.549784][T26728] binder: 26727:26728 got transaction with invalid offset (0, min 0 max 0) or object. [ 686.565573][T25051] binder_thread_release: 1 callbacks suppressed [ 686.565581][T25051] binder: release 26726:26729 transaction 715 out, still active 07:33:47 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 686.637644][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:47 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100), 0x4) getpid() r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x100, 0x0) write$P9_RMKDIR(r0, &(0x7f00000000c0)={0x14, 0x49, 0x0, {0x0, 0x1, 0x8}}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000000)) ioctl$TUNSETSNDBUF(0xffffffffffffffff, 0x400454d4, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000180)) clock_nanosleep(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x402c560b, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nullb0\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280), 0x0) syz_open_pts(r2, 0x0) write(r2, &(0x7f0000c34fff), 0xffffff0b) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000080)={0x20, 0x0, 0x8}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000005, 0x5c831, 0xffffffffffffffff, 0x0) 07:33:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:47 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000ffffff9e000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:47 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 0: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000ec0000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:47 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 686.874742][T26753] binder: 26745:26753 got transaction with invalid handle, 0 [ 686.883726][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:47 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x2}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 687.092441][T25051] binder: release 26775:26776 transaction 721 out, still active 07:33:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000fffffff0000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:48 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x8}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 687.279969][T25051] binder: release 26784:26789 transaction 724 out, still active 07:33:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x12}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000f0ffff000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 687.330936][T25922] binder: release 26792:26793 transaction 728 out, still active 07:33:48 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 687.419358][T25051] binder: release 26800:26802 transaction 731 out, still active [ 687.452199][T25051] binder: release 26799:26806 transaction 735 out, still active 07:33:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x1200}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080007fffffff000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 687.557829][T25922] binder: release 26815:26816 transaction 738 out, still active 07:33:48 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 687.614883][T25922] binder: release 26817:26819 transaction 742 out, still active 07:33:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x2000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080009effffff000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:48 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x3f00}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000f0ffffff000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:48 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 687.948749][T26863] binder: 26857:26863 ioctl c0306201 0 returned -14 [ 687.966459][T25051] binder: release 26859:26860 transaction 747 out, still active 07:33:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x1000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:48 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000020000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:48 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:49 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x2000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 688.142163][T26878] binder: 26876:26878 ioctl c0306201 0 returned -14 [ 688.169536][T25922] binder: release 26879:26885 transaction 751 out, still active [ 688.184875][T26887] binder: 26884:26887 ioctl c0306201 0 returned -14 07:33:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000040000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 688.276802][T26898] binder: 26893:26898 ioctl c0306201 0 returned -14 07:33:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x8000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000a0000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 688.359288][T26905] binder: 26904:26905 ioctl c0306201 0 returned -14 07:33:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x12000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000e0000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:49 executing program 4: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 688.541175][T26923] binder: 26922:26923 ioctl c0306201 0 returned -14 07:33:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000f0000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x20000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 4: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:49 executing program 4: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x3f000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000600000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0xfdfdffff}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:49 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000f00000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0xfffffdfd}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 689.032694][T26980] binder: 26977:26980 ioctl c0306201 0 returned -14 07:33:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000a00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x100000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 689.190612][T26999] binder_transaction: 29 callbacks suppressed [ 689.190625][T26999] binder: 26995:26999 transaction failed 29201/-22, size 0-8 line 3241 07:33:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 689.267467][T25922] binder_release_work: 12 callbacks suppressed [ 689.267472][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 689.302973][T27007] binder: 27002:27007 ioctl c0306201 0 returned -14 07:33:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000130c00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x200000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 689.426509][T27021] binder_transaction: 14 callbacks suppressed [ 689.426520][T27021] binder: 27019:27021 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000e00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 689.479298][T27026] binder: 27024:27026 ioctl c0306201 0 returned -14 [ 689.488012][T27031] binder: 27029:27031 got transaction with invalid offset (0, min 0 max 0) or object. [ 689.501183][T27021] binder: 27019:27021 transaction failed 29201/-22, size 0-8 line 3241 [ 689.527137][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x800000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 689.552710][T27031] binder: 27029:27031 transaction failed 29201/-22, size 0-8 line 3241 [ 689.598253][T27039] binder: 27038:27039 got transaction with invalid offset (0, min 0 max 0) or object. [ 689.617373][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000c00e00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 689.644053][T27045] binder: 27042:27045 got transaction with invalid offset (0, min 0 max 0) or object. [ 689.684056][T27039] binder: 27038:27039 transaction failed 29201/-22, size 0-8 line 3241 07:33:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x1200000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 689.698279][T27045] binder: 27042:27045 transaction failed 29201/-22, size 0-8 line 3241 [ 689.726104][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 689.732421][T27052] binder: 27051:27052 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 689.751433][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x2000000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000f00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 689.812409][T27052] binder: 27051:27052 transaction failed 29201/-22, size 0-8 line 3241 07:33:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 689.874225][T27064] binder: 27061:27064 got transaction with invalid offset (0, min 0 max 0) or object. [ 689.878038][T27067] binder: 27063:27067 got transaction with invalid offset (0, min 0 max 0) or object. [ 689.899739][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 689.907856][T27064] binder: 27061:27064 transaction failed 29201/-22, size 0-8 line 3241 07:33:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x3f00000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 689.949105][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 689.969655][T27074] binder: 27071:27074 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:50 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000c1300000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 690.002341][T27074] binder: 27071:27074 transaction failed 29201/-22, size 0-8 line 3241 [ 690.010664][T27067] binder: 27063:27067 transaction failed 29201/-22, size 0-8 line 3241 07:33:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 690.050547][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 690.057246][T27082] binder: 27079:27082 got transaction with invalid offset (0, min 0 max 0) or object. [ 690.073688][T25051] binder: undelivered TRANSACTION_ERROR: 29201 07:33:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000006000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0xfdfdffff00000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 690.142169][T27082] binder: 27079:27082 transaction failed 29201/-22, size 0-8 line 3241 [ 690.170529][T27093] binder: 27090:27093 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) [ 690.220604][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x2}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000ec000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000f000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x8}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000004003000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x12}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 690.620034][T27143] binder: 27139:27143 got transaction with invalid offsets size, 14 07:33:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000340000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x1200}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 690.832164][T25051] binder: undelivered TRANSACTION_COMPLETE 07:33:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000fffff0000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x2000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 690.996127][T25922] binder: undelivered TRANSACTION_COMPLETE 07:33:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000010068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x3f00}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 691.156368][T25051] binder: undelivered TRANSACTION_COMPLETE 07:33:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat], 0x0}}], 0x0, 0x0, 0x0}) 07:33:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x66642a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000020068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat], 0x0}}], 0x0, 0x0, 0x0}) [ 691.309626][T25051] binder: undelivered TRANSACTION_COMPLETE 07:33:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x1000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x66642a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 691.376795][T25051] binder: undelivered TRANSACTION_COMPLETE [ 691.411589][T25922] binder: undelivered TRANSACTION_COMPLETE 07:33:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat], 0x0}}], 0x0, 0x0, 0x0}) 07:33:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000040068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x2000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x66642a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 691.549500][T25051] binder: undelivered TRANSACTION_COMPLETE [ 691.576255][T25922] binder_thread_release: 31 callbacks suppressed [ 691.576263][T25922] binder: release 27243:27247 transaction 875 out, still active 07:33:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 691.662124][T25922] binder: undelivered TRANSACTION_COMPLETE [ 691.673288][T25922] binder: release 27252:27253 transaction 876 out, still active [ 691.680949][T25922] binder: release 27254:27258 transaction 880 out, still active 07:33:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000000000a0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x8000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 691.738751][T27262] binder: 27261:27262 got transaction with invalid handle, 0 [ 691.754072][T25922] binder: undelivered TRANSACTION_COMPLETE 07:33:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000000130c0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 691.839834][T25051] binder: release 27270:27274 transaction 883 out, still active [ 691.856766][T25051] binder: release 27273:27275 transaction 886 out, still active 07:33:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x77622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x12000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 691.911389][T25051] binder: undelivered TRANSACTION_COMPLETE [ 691.920208][T27281] binder: 27280:27281 got transaction with invalid handle, 0 07:33:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x77622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000000000e0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 691.997236][T25922] binder: release 27286:27292 transaction 890 out, still active [ 692.019172][T25922] binder: release 27287:27293 transaction 891 out, still active 07:33:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x20000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 692.057045][T25922] binder: release 27290:27291 transaction 892 out, still active 07:33:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:53 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000000000000f0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x77622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x66642a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 692.149478][T27308] binder: 27303:27308 got transaction with invalid handle, 0 [ 692.160206][T25051] binder: release 27301:27310 transaction 896 out, still active [ 692.184434][T25051] binder: release 27302:27311 transaction 898 out, still active 07:33:53 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x3f000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 692.285797][T27320] binder: 27319:27320 got transaction with fd, 0, but target does not allow fds 07:33:53 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000000600068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0xfdfdffff}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 0: add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) sync() clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) set_robust_list(&(0x7f00000000c0), 0x18) 07:33:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:53 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000ffffff9e0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0xfffffdfd}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000000ec00068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x29, 0x5, 0x0) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0), 0xfffffdef) 07:33:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x100000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000fffffff00068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:53 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x200000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 692.899630][T25051] binder: unexpected work type, 4, not freed 07:33:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:53 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000f0ffff0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x800000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 693.058169][T25051] binder: unexpected work type, 4, not freed 07:33:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x77622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:54 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x4c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:54 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000007fffffff0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:54 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240), 0x4) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 07:33:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x1200000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x2000000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:54 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 693.325358][T25051] binder: unexpected work type, 4, not freed 07:33:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:54 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c2008000009effffff0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:54 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0x1, &(0x7f0000000040)=0x800, 0x4) 07:33:54 executing program 5: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73682a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0x3f00000000000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:54 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000f0ffffff0068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 693.629976][T27463] binder: 27459:27463 ioctl c0306201 0 returned -14 07:33:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = syz_open_procfs(0x0, &(0x7f0000000180)='net/rt_cache\x00') recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1, &(0x7f0000000000)={0x0, 0x989680}) preadv(r1, &(0x7f00000017c0), 0x1fe, 0x0) 07:33:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85, 0x0, 0x0, 0xfdfdffff00000000}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:54 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240), 0x4) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 07:33:54 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000200000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:54 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000400000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x2]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 693.980737][T27580] binder: 27579:27580 ioctl c0306201 0 returned -14 07:33:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:54 executing program 4: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x20000fff}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') ptrace$setopts(0xffffffffffffffff, 0x0, 0x1, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00') getpgid(0xffffffffffffffff) openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) ptrace$cont(0x29, 0x0, 0x8, 0xfffffffffffff134) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000540)={0x0, r0}, 0x10) 07:33:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:33:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x8]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:55 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000a00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 694.159526][T27601] binder: 27600:27601 ioctl c0306201 0 returned -14 07:33:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 694.231105][T27605] binder_transaction: 51 callbacks suppressed [ 694.231118][T27605] binder: 27602:27605 transaction failed 29201/-22, size 24-8 line 3241 07:33:55 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000e00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 694.305323][T27611] binder: 27610:27611 transaction failed 29201/-22, size 0-8 line 3241 07:33:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 694.361188][T25922] binder_release_work: 40 callbacks suppressed [ 694.361194][T25922] binder: undelivered TRANSACTION_ERROR: 29201 07:33:55 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240), 0x4) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 07:33:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x12]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 07:33:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$tipc2(0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x14, 0x0, &(0x7f0000000280)=[@increfs_done], 0x0, 0x0, 0x0}) 07:33:55 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000000f00000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 694.710977][T27625] binder_transaction: 47 callbacks suppressed [ 694.710987][T27625] binder: 27624:27625 got transaction with invalid offset (0, min 0 max 0) or object. [ 694.718202][T27628] binder: 27626:27628 got transaction with invalid offset (18, min 0 max 24) or object. [ 694.742222][T27625] binder: 27624:27625 transaction failed 29201/-22, size 0-8 line 3241 07:33:55 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c200800000006000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 694.762265][T27628] binder: 27626:27628 transaction failed 29201/-22, size 24-8 line 3241 [ 694.779023][T27634] binder: BINDER_SET_CONTEXT_MGR already set [ 694.785828][T27634] binder: 27630:27634 ioctl 40046207 0 returned -16 [ 694.801195][T27634] binder: 27630:27634 BC_INCREFS_DONE u0000000000000000 no match 07:33:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 07:33:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 694.815760][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 694.865854][T27639] binder: BINDER_SET_CONTEXT_MGR already set [ 694.878687][T27639] binder: 27630:27639 ioctl 40046207 0 returned -16 07:33:55 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x400060fe) ftruncate(r1, 0x208200) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x8000fffffffe) connect$inet6(r0, &(0x7f0000000100), 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) 07:33:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x1200]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 694.910150][T27646] binder: 27645:27646 got transaction with invalid offset (0, min 0 max 0) or object. 07:33:55 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000f000000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 695.012229][ T26] audit: type=1804 audit(1553672035.895:68): pid=27655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir009679881/syzkaller.UxNsHn/405/bus" dev="sda1" ino=16753 res=1 [ 695.041233][T27656] ------------[ cut here ]------------ [ 695.046692][T27656] kernel BUG at drivers/android/binder_alloc.c:1141! [ 695.082714][T27656] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 695.088786][T27656] CPU: 0 PID: 27656 Comm: syz-executor.3 Not tainted 5.1.0-rc2+ #38 [ 695.096566][T27646] binder: 27645:27646 transaction failed 29201/-22, size 0-8 line 3241 [ 695.096746][T27656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.109883][T25051] binder: undelivered TRANSACTION_ERROR: 29201 [ 695.115099][T27656] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 695.115131][T27656] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 ff f7 23 fc 4c 89 e6 4c 89 ef e8 14 f9 23 fc 4d 39 e5 76 07 e8 ea f7 23 fc <0f> 0b e8 e3 f7 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 f1 [ 695.141846][ T3876] kobject: 'loop2' (0000000021dee879): kobject_uevent_env [ 695.147378][T27656] RSP: 0018:ffff8880a9757550 EFLAGS: 00010212 [ 695.147389][T27656] RAX: 0000000000040000 RBX: 0000000020003070 RCX: ffffc9000c4a2000 [ 695.147400][T27656] RDX: 0000000000000424 RSI: ffffffff854c7996 RDI: 0000000000000006 [ 695.155897][ T3876] kobject: 'loop2' (0000000021dee879): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 695.160523][T27656] RBP: ffff8880a97575d0 R08: ffff88805b770300 R09: 0000000000000028 [ 695.160532][T27656] R10: ffffed10152eaf01 R11: ffff8880a975780f R12: 0000000000000020 [ 695.160546][T27656] R13: 0000000000000028 R14: ffff8880a5a44250 R15: 0000000000000000 [ 695.182408][ T3876] kobject: 'loop1' (0000000067d7c856): kobject_uevent_env [ 695.186553][T27656] FS: 00007f0035215700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 695.186560][T27656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 695.186571][T27656] CR2: 00007fd79828a518 CR3: 000000009e9ea000 CR4: 00000000001406f0 [ 695.195041][ T3876] kobject: 'loop1' (0000000067d7c856): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 695.202909][T27656] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 695.202916][T27656] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 695.202920][T27656] Call Trace: [ 695.202944][T27656] ? memcpy+0x46/0x50 [ 695.202961][T27656] binder_alloc_copy_from_buffer+0x37/0x42 [ 695.280401][T27656] binder_get_object+0xc3/0x200 [ 695.285238][T27656] binder_transaction+0x2b4a/0x6690 [ 695.290432][T27656] ? binder_thread_read+0x3d50/0x3d50 [ 695.295799][T27656] ? __might_fault+0x12b/0x1e0 [ 695.300557][T27656] ? lock_downgrade+0x880/0x880 [ 695.305408][T27656] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 695.311638][T27656] ? _copy_from_user+0xdd/0x150 [ 695.316482][T27656] binder_thread_write+0x64a/0x2820 [ 695.321669][T27656] ? binder_transaction+0x6690/0x6690 [ 695.327022][T27656] ? __might_fault+0x12b/0x1e0 [ 695.331792][T27656] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 695.338021][T27656] ? _copy_from_user+0xdd/0x150 [ 695.342861][T27656] binder_ioctl+0x1033/0x183b [ 695.347524][T27656] ? binder_thread_write+0x2820/0x2820 [ 695.352966][T27656] ? tomoyo_path_number_perm+0x263/0x520 [ 695.358582][T27656] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 695.364387][T27656] ? binder_thread_write+0x2820/0x2820 [ 695.369857][T27656] do_vfs_ioctl+0xd6e/0x1390 [ 695.374430][T27656] ? ioctl_preallocate+0x210/0x210 [ 695.379521][T27656] ? selinux_file_mprotect+0x620/0x620 [ 695.384967][T27656] ? __fget+0x381/0x550 [ 695.389110][T27656] ? ksys_dup3+0x3e0/0x3e0 [ 695.393544][T27656] ? nsecs_to_jiffies+0x30/0x30 [ 695.398387][T27656] ? tomoyo_file_ioctl+0x23/0x30 [ 695.403309][T27656] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.409533][T27656] ? security_file_ioctl+0x93/0xc0 [ 695.414630][T27656] ksys_ioctl+0xab/0xd0 [ 695.418775][T27656] __x64_sys_ioctl+0x73/0xb0 [ 695.423361][T27656] do_syscall_64+0x103/0x610 [ 695.427960][T27656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.433831][T27656] RIP: 0033:0x458209 [ 695.437713][T27656] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.457296][T27656] RSP: 002b:00007f0035214c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.465691][T27656] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458209 [ 695.473646][T27656] RDX: 0000000020000440 RSI: 00000000c0306201 RDI: 0000000000000003 07:33:56 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffbffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000240), 0x4) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 07:33:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 07:33:56 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000000a000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 695.481605][T27656] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 695.489566][T27656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f00352156d4 [ 695.497527][T27656] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 00000000ffffffff [ 695.503428][ T3876] kobject: 'loop0' (0000000020f00731): kobject_uevent_env [ 695.505486][T27656] Modules linked in: [ 695.520787][T27656] ---[ end trace 4ab1436018ed3be3 ]--- 07:33:56 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000130c000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) 07:33:56 executing program 4: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x3) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x20000fff}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') ptrace$setopts(0xffffffffffffffff, 0x0, 0x1, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00') getpgid(0xffffffffffffffff) openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) stat(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) ptrace$cont(0x29, 0x0, 0x8, 0xfffffffffffff134) [ 695.522546][T27667] binder: 27666:27667 got transaction with invalid offset (0, min 0 max 0) or object. [ 695.531181][T27656] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 695.542619][ T26] audit: type=1804 audit(1553672036.425:69): pid=27659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir009679881/syzkaller.UxNsHn/405/bus" dev="sda1" ino=16753 res=1 [ 695.561220][T27667] binder: 27666:27667 transaction failed 29201/-22, size 0-8 line 3241 07:33:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 07:33:56 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007c20080000000000e000068354046002c001d00b6821148a7a5ff34cb5f1996f32314c7a4bb5dec30de33a49868c62a2ca63d000000000000000000", 0x4c}], 0x1}, 0x0) [ 695.581897][ T3876] kobject: 'loop0' (0000000020f00731): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 695.609099][T27656] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 ff f7 23 fc 4c 89 e6 4c 89 ef e8 14 f9 23 fc 4d 39 e5 76 07 e8 ea f7 23 fc <0f> 0b e8 e3 f7 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 f1 [ 695.642911][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 695.656176][ T3876] kobject: 'loop1' (0000000067d7c856): kobject_uevent_env 07:33:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 695.684713][ T26] audit: type=1804 audit(1553672036.425:70): pid=27651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir009679881/syzkaller.UxNsHn/405/bus" dev="sda1" ino=16753 res=1 [ 695.704404][ T3876] kobject: 'loop1' (0000000067d7c856): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 695.712528][T27656] RSP: 0018:ffff8880a9757550 EFLAGS: 00010212 07:33:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) [ 695.743613][T27683] binder: 27682:27683 got transaction with invalid offset (0, min 0 max 0) or object. [ 695.770780][T27656] RAX: 0000000000040000 RBX: 0000000020003070 RCX: ffffc9000c4a2000 [ 695.778877][T27683] binder: 27682:27683 transaction failed 29201/-22, size 0-8 line 3241 [ 695.797633][ T3876] kobject: 'loop4' (0000000008e31431): kobject_uevent_env [ 695.810204][T27656] RDX: 0000000000000424 RSI: ffffffff854c7996 RDI: 0000000000000006 [ 695.819033][T25922] binder: undelivered TRANSACTION_ERROR: 29201 [ 695.832610][ T3876] kobject: 'loop4' (0000000008e31431): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 695.848296][T27656] RBP: ffff8880a97575d0 R08: ffff88805b770300 R09: 0000000000000028 [ 695.856855][ T3876] kobject: 'loop5' (00000000eebaacd5): kobject_uevent_env [ 695.864036][T27656] R10: ffffed10152eaf01 R11: ffff8880a975780f R12: 0000000000000020 [ 695.872027][ T3876] kobject: 'loop5' (00000000eebaacd5): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 695.882680][ T3876] kobject: 'loop1' (0000000067d7c856): kobject_uevent_env [ 695.889789][ T3876] kobject: 'loop1' (0000000067d7c856): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 695.900224][T27656] R13: 0000000000000028 R14: ffff8880a5a44250 R15: 0000000000000000 [ 695.908236][T27656] FS: 00007f0035215700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 695.921090][ T3876] kobject: 'loop2' (0000000021dee879): kobject_uevent_env [ 695.928617][T27656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 695.940618][ T3876] kobject: 'loop2' (0000000021dee879): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 695.952763][T27656] CR2: 000000000070b158 CR3: 000000009e9ea000 CR4: 00000000001406f0 [ 695.961053][ T3876] kobject: 'loop5' (00000000eebaacd5): kobject_uevent_env [ 695.968350][T27656] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 695.976396][ T3876] kobject: 'loop5' (00000000eebaacd5): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 695.986778][T27656] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 695.995104][ T3876] kobject: 'loop4' (0000000008e31431): kobject_uevent_env [ 696.002250][T27656] Kernel panic - not syncing: Fatal exception [ 696.009112][T27656] Kernel Offset: disabled [ 696.013419][T27656] Rebooting in 86400 seconds..