000003f"], 0x0, 0x0, 0x0}) [ 2840.989984][T29113] binder_alloc_new_buf_locked: 21 callbacks suppressed [ 2840.989993][T29113] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2840.990773][T29112] netlink: 'syz-executor.1': attribute type 7 has an invalid length. [ 2841.015057][T29109] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2841.052502][T29220] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space 17:06:15 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2841.110585][T29220] binder_alloc_new_buf_locked: 21 callbacks suppressed [ 2841.110601][T29220] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) 17:06:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000500000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000031fb19c200"/76], 0x0, 0x0, 0x0}) 17:06:15 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f0000000140)=@null) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x2000, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f00000000c0), 0x4) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x3c, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) [ 2841.294134][T29543] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2841.307018][T29543] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2841.331755][T29573] binder_transaction: 25 callbacks suppressed 17:06:15 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2841.331773][T29573] binder: 29560:29573 transaction failed 29201/-28, size 0-0 line 3148 [ 2841.333077][T29543] binder: 29542:29543 transaction failed 29201/-28, size 0-16128 line 3148 [ 2841.341610][T17448] binder_release_work: 25 callbacks suppressed [ 2841.341617][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) [ 2841.425784][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:15 executing program 1: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYRES64, @ANYRES32=0x0], 0x2}}, 0x0) [ 2841.488263][T29874] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space 17:06:15 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae10, 0x0) [ 2841.535992][T29874] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) 17:06:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000600000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2841.605755][T29874] binder: 29844:29874 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2841.644863][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2841.660345][T29982] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2841.702219][T29982] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2841.741952][T29982] binder: 29981:29982 transaction failed 29201/-28, size 0-16128 line 3148 [ 2841.758060][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:16 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8002}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xbc, r1, 0x4, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x65}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x30, 0x12}}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3e}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x2}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0xbc}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000280)='/dev/radio#\x00', 0x0, 0x2) ioctl$TIOCPKT(r2, 0x5420, &(0x7f00000002c0)=0x4) 17:06:16 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:16 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netfilter\x00') getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="116348400000000007800000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000001100000000000000000000000000000000000682fa96826cc5b56d9653e7ec57910ee9"], 0x0, 0x0, 0x0}) 17:06:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000700000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae11, 0x0) [ 2841.948607][T30261] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2841.996036][T30261] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2842.016823][T30261] binder: 30259:30261 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2842.016884][T30262] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2842.030015][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0xf7ffffe) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x235, 0x0, &(0x7f00000002c0)=[@reply={0x40406301, {0x2, 0x0, 0x1, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240), &(0x7f0000000280)=[0x20]}}], 0x0, 0x0, 0x0}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000340)='/dev/audio\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000380), &(0x7f00000003c0)=0x8) r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x100000001, 0x600) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x74e945e158f42b54}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xa0, r3, 0x700, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team_slave_0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x180000000}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fffffff}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80000000}]}, 0xa0}}, 0x10) [ 2842.100129][T30262] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) 17:06:16 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[]}, 0x1, 0x0, 0x0, 0xfffffffffffffffd}, 0x0) [ 2842.147682][T30262] binder: 30257:30262 transaction failed 29201/-28, size 0-16128 line 3148 17:06:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000000000000000000000000000100"/76], 0x0, 0x0, 0x0}) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='com.apple.FinderInfo\x00') [ 2842.190839][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000a00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2842.285003][T30684] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2842.299349][T30684] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2842.312438][T30684] binder: 30660:30684 transaction failed 29201/-28, size 16777216-0 line 3148 17:06:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x31) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000240)=0x1000, 0x4) getpeername(r0, &(0x7f0000000080)=@ipx, &(0x7f0000000140)=0x80) r2 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x800, 0x281) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000001c0)=0x3, 0x4) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) [ 2842.353149][T17448] binder: undelivered TRANSACTION_ERROR: 29201 [ 2842.366933][T30684] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space 17:06:16 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae12, 0x0) 17:06:16 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2842.429652][T30684] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2842.458177][T30790] validate_nla: 1 callbacks suppressed [ 2842.458187][T30790] netlink: 'syz-executor.1': attribute type 7 has an invalid length. [ 2842.459619][T30787] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2842.499535][T30684] binder: 30660:30684 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2842.535497][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000700ff030000000000000000000000000000000000000000000000000000000100000000000000000000004d2bff074a982124ee3c9df1353fcb00"/91], 0x0, 0x0, 0x0}) [ 2842.583469][T30787] binder: 30786:30787 transaction failed 29201/-28, size 0-16128 line 3148 [ 2842.610205][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:17 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) fremovexattr(r0, &(0x7f0000000080)=@known='system.posix_acl_default\x00') [ 2842.657519][T31061] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2842.678554][T31061] binder: 30981:31061 transaction failed 29201/-28, size 16777216-5548434740920451072 line 3148 [ 2842.695485][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x9, 0x4001) ioctl$PPPIOCGIDLE(r1, 0x8010743f, &(0x7f00000000c0)) ioctl$int_out(r0, 0x5460, &(0x7f0000000000)) 17:06:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000002000000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2842.784501][T31129] netlink: 'syz-executor.1': attribute type 7 has an invalid length. 17:06:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$IMDELTIMER(r1, 0x80044941, &(0x7f0000000000)=0x3) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 17:06:17 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000003f00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$setflags(r0, 0x2, 0x1) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) [ 2842.967211][T31506] binder: BINDER_SET_CONTEXT_MGR already set [ 2842.987601][T31506] binder: 31486:31506 ioctl 40046207 0 returned -16 [ 2843.006083][T31506] binder: 31486:31506 ioctl 80044941 20000000 returned -22 [ 2843.047835][T31532] binder: BINDER_SET_CONTEXT_MGR already set [ 2843.087636][T31532] binder: 31486:31532 ioctl 40046207 0 returned -16 [ 2843.109586][T31506] binder: 31486:31506 ioctl 80044941 20000000 returned -22 [ 2843.133718][T31659] netlink: 'syz-executor.1': attribute type 7 has an invalid length. 17:06:17 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:17 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae13, 0x0) 17:06:17 executing program 5: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x0, 0x0) getpeername$tipc(r0, &(0x7f0000000240)=@id, &(0x7f0000000280)=0x10) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') pipe2$9p(&(0x7f00000002c0), 0x84800) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x2000, 0x0) ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f00000001c0)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={'nr', 0x0}, 0xfe, 'syz0\x00', @bcast, 0x7, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) 17:06:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000004800000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f00000000c0)={0xbf, 0x1, 0x0, 0x104}) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x14, 0x28, 0xb, 0x0, 0x0, {0xc}}, 0x14}}, 0x0) r1 = accept(r0, &(0x7f0000000140)=@rc, &(0x7f0000000080)=0x80) bind$rose(r1, &(0x7f00000001c0)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c) 17:06:17 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = dup(r0) ioctl$TIOCSIG(r1, 0x40045436, 0x10) 17:06:17 executing program 1: r0 = semget$private(0x0, 0x0, 0x44) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000140)=""/216) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x40000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f00000000c0), 0x0) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) 17:06:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000004c00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2843.577136][T32112] binder: 32111:32112 ioctl 40045436 10 returned -22 17:06:18 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) geteuid() ioctl$PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000040)=0x3) [ 2843.704541][T32298] netlink: 'syz-executor.1': attribute type 7 has an invalid length. 17:06:18 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)=ANY=[@ANYBLOB="200000002800290800000000b2000700000000000000070008000000e3c9adbd98360167ba491afb9f88e26c42da561b7c911d1ae58ff59993b495a5b724a0c006bc1b793c91a803ce50a373213de25b754a061a80183c51df996e515ecf5a997c2b", @ANYRES32=0x0], 0x20}}, 0x0) r1 = accept4(r0, 0x0, &(0x7f0000000600), 0x80000) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000640)={0x0, 0x17b1}, &(0x7f0000000680)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000006c0)={r2, 0x4}, &(0x7f0000000700)=0x8) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000540)='/dev/autofs\x00', 0x420000, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r3, 0xc040563e, &(0x7f0000000580)={0x0, 0x0, 0x103, 0x2, {0x1, 0x7, 0x3, 0x8}}) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000500)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000004c0)={&(0x7f0000000140)={0x34c, r4, 0x700, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x3c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xb0}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xc0d6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x75ee}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0xb0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffffffffffffffe0}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xbfa}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xcf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x23}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5d4}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_NET={0x50, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8001}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffffa}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffffffffffc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5f}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}, @TIPC_NLA_SOCK={0x30, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x100}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xcb}]}, @TIPC_NLA_BEARER={0x84, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x1ff, @rand_addr="dc98a911d9d82b171a11fde27690e1bb", 0xfffffffffffffffe}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x10001, @mcast2, 0x2}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'ip6gre0\x00'}}]}, @TIPC_NLA_LINK={0x34, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2d}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x9c, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2d9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x5, @empty, 0x7fff}}}}]}, @TIPC_NLA_MEDIA={0x78, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffffff01}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x91}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}]}]}, 0x34c}, 0x1, 0x0, 0x0, 0x8800}, 0x8844) setsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000005c0)={0x2, 0x8, 0x20, 0x5, 0x8, 0x200, 0x100000001, 0xb1f6, 0x9, 0x100000001, 0x88f}, 0xb) 17:06:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x8000, 0x50100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000055c300000000000000"], 0x0, 0x0, 0x0}) 17:06:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000006000000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:18 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae14, 0x0) 17:06:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="116348c000000000070000efedfd9400"/60], 0x0, 0x0, 0x0}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) r2 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x1, 0x2) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000180)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r1, r2}}, 0x18) 17:06:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x7, 0x8000) ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000080)=0x6) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[]}}, 0x0) [ 2844.365130][T32741] binder: 32701:32741 unknown command -1068997871 17:06:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000006800000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2844.407217][T32741] binder: 32701:32741 ioctl c0306201 20007000 returned -22 17:06:18 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x2e9, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0xc02288b6cdc4238d, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r1, 0x8935, &(0x7f0000000040)={'syzkaller0\x00', 0x7}) 17:06:18 executing program 5: syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x7, 0x2000) syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x200, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif\x00'}, 0x58) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f0000000040)) 17:06:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000006c00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:19 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0xfffffffffffffffe}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) 17:06:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae15, 0x0) 17:06:19 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x200000, 0x0) pidfd_send_signal(r1, 0x1c, &(0x7f00000000c0)={0x40, 0x800, 0x8}, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 17:06:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x301a42, 0x0) ioctl$DRM_IOCTL_SET_MASTER(r1, 0x641e) 17:06:19 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x2b, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x800004}, 0xc) r1 = getpgrp(0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'ifb0\x00', 0x2}) perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0xb1, 0x0, 0x0, 0x1a000000}, {0x16}]}) r3 = geteuid() fstat(r0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$netlink(r0, &(0x7f00000008c0)={&(0x7f00000000c0)=@kern={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000007c0)=[{&(0x7f0000000140)={0x658, 0x2f, 0x400, 0x70bd26, 0x25dfdbfd, "", [@nested={0x1bc, 0x46, [@typed={0x14, 0x35, @ipv6=@rand_addr="87028be08d3528c60b5123e653f213e9"}, @typed={0x4, 0x44}, @generic="9d37f5f7cd543bd0b5cbdd1efda809949f29c00367e0efff4bec42f0ec00b900a4c099c0b3efdc409b5b5398a100dc186cd326dd2472d679ca896e5581dc43cbd9e02b89fde8e983061f8b756fbd68b1838e49f983da9b97f5274388388b915377b6f0e44861075ae3ceff", @generic="94c7c7d4a6105d", @generic="cf6435500d9cd33577b1dffaa458eed4c69f17400d6d07ebf18a33875ee8a5fec2c457d9e0fcc9cceb35667fa02682a2c2525180c621686891e9539785a1117682342deaaf6188628ad0b01f94e702392f1425693ada1efc39bd3e6765d35532d0ef7082dd2b9d55a76f87971da2e14a66fcab07d2a36be9a76a086582bc56098196e77b7d6b6cec6faa0e3eb17f1343543b34c322833215185bd02bf9340e85eab06a66016aebe4eabaa55121", @generic="f5e57ff68692b8dea065c655dc2d2c6ee89e29a33c152119fbc74871e43ef3eeb51c6908c3d23a1325725c56246c6f56b79a20f1474fac9a4d725ee40733f1343f6f2cfcf7915da1e4fc5b607ff5e1ef17d8394f3f096b53382ac0a7f1c6e54004e58d3c440e96e624d649a9fee5deebf57b0883d6b2c71220e1cfd7ebcc5f"]}, @typed={0x4, 0xb}, @generic="4f0d828536d9182cb307ce290a8155e6d6177be9daa0bff37956fb6c7ee74cd26fd0909cbc4847b0435ef0b52d963abab8fb565ebca2227b6bef248dfc4e8ae8c0832b310dcca6cab5e15939e638206ddc372ee5f4e1bb1861709edd157fcfbd89ee61d1f805dddc99fe8c398ef420e7f9d396cae33b1d83c36a261b03c12ce1a07ab82e7f7685c4cb2767523669635435f4ef4c8a8f0735025a3d74eda9692cf6ec80c156103dd74b1b6a29ab5f3c252195b91e9951e34bc30d75c5c4f7323c21826019fcb09202617dbd0f505c357d4a6a71db4f1b22d7265f08e41ac73fb0ca733b0e1987d970c64f604791e869e50a81f077403f64", @nested={0xc0, 0x85, [@generic="16fa602820422ae62bf380d3b114c64fe1e38dcaa1df015a172be9a22e244b0c678886add636a459509fc56cbc127287109d09c334383b77e54f9dd295fc7f0fd4375a856f0eb1d26fc5b47ff14c3b1204f252763437b40978dfdbf8afa2a20a21dd477d4446e9118f32c418b9ffd2af589cac1701169ad865f10de327f1d76a5574f68190c4f34b0144bde40b92de4c818ad1ea5f2d2ed38de90e8c73e4eb1d6f6db8f67c77df1099eff401ecbe672bafa245892656331b4663"]}, @nested={0x2c4, 0x92, [@generic="ce06695e96478b762721a078e6abb48f326728d3993c7cca1e1c740eadf071351d9e6fd0ed230db5f5cd347bffe1539affe323a684", @generic="207f2b7238c6ecdab1bcfe4ee386a3bca3c44cb60d8bbeca053e8546abe862c2c8ec009e21edf81ed90ac20108f2cee3330ad849ab971d93fa0dee024f84", @generic="8e7a0ae750d0d6551a0a4ed11bfdcb0c8b40e56b0425f965555cf23a1be476405abd983acc6ba3e83f8232836030de86b91df4fb7e0670bd9ce47e0d1a10ea29d0624b14e5f3c744758b8d9288479edfec2dc9121718fdfcb417d8fe9248cccc150a7e8f5678b5150e880d74222ffa501b1902644e730fdde77deeaf6fc3be75acc9fca7a82266c054bf55d4587fa1dffa6c55def5a508f9382d846157746d16a1dacef85c31785b5ace7b0902a0d0ff12", @typed={0x14, 0x8c, @str='ppp1\xf6!,cgroup\x00'}, @typed={0x38, 0x4f, @binary="c413dab8dfdd252565b2be1dc02c83fc9496071edf0c325ddcee3c0fd0443813a61cd0327fada745e76233718d5a4a6d3694"}, @typed={0x8, 0x4c, @u32=0x8}, @generic="00597f52ebc6a13b45942567234c8050720dcdf83d8f3ca125046d4aa54257ae1c268e552a9221a67aa8543d1517ed84437ad6235cb1e00054d81a2c03bb5ada2b651d441eefc06523978627aece23dd8c7d839508df1afdd0058bb0691e", @generic="6cd1d19d5a3cf749e192b9f8ef76b0b2c729c390240466a9bea9390098bab062b87f70794950e14c5f866afb443a71424663074b632364a0e2bb5fa72ee8b88a967684bb1c8179788eb96f854811ccd8bf824ba2d790ef3b5b36755e0061b1ac0bc917fdeab1f2d291bf783e071dc80c9e50e0017e9e0b11674e5027555695d112d13dfb80400acc60722d6fb40900ca2a85274ce22244c8b6cd70707ef1f1ea96750e088da5b7b8370166d8750ed9e4a3152217377dafc6045f2aa6a8932b39d5d095e43d2e5d8f1e224655674360a1ea09c25f02dccc3d983c4f4a03193c09e8d288b2d7bbc850"]}, @typed={0xc, 0x69, @u64=0x104}]}, 0x658}], 0x1, &(0x7f0000000880)=[@cred={0x20, 0x1, 0x2, r1, r3, r4}], 0x20, 0x80}, 0x800) 17:06:19 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000007400000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x8, 0x0) ioctl$PPPIOCDISCONN(r1, 0x7439) 17:06:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x280000, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, 0x7fff, 0x7, 0x1, &(0x7f0000ffb000/0x3000)=nil}) 17:06:19 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:20 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae16, 0x0) 17:06:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000007a00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000000c0)={0x8, 0x3, {0x3, 0x0, 0x6, 0x1}}) 17:06:20 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:20 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000000280029080000000000000000020000254c38aa575e5da71362f8645c821e000c000700080000008b13301c56e1b2bb1897d06d2f3b5cdbb990c6a0d51fe6c7ec9e97570336c13c9c7ef8f86bd437975ec1f6ca1d56350a2bada8126a408fe7779ab9b16b8c7f20800b6782db4d966743e0a9abf6", @ANYRES32=0x0], 0x20}}, 0x0) [ 2845.994999][ T1512] binder_alloc_new_buf_locked: 31 callbacks suppressed [ 2845.995009][ T1512] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2846.004229][ T1531] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. 17:06:20 executing program 5: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 17:06:20 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:20 executing program 1: r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x1000, 0x161881) connect$tipc(r0, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x1, 0x4}, 0x3}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) 17:06:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000003f000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2846.146013][ T1747] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2846.162834][ T1747] binder_alloc_new_buf_locked: 30 callbacks suppressed [ 2846.162851][ T1747] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) 17:06:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x10000, 0x0) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x00') sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x58, r2, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_AF={0x8, 0x2, 0x2}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x7f}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x6e}, @FOU_ATTR_AF={0x8, 0x2, 0xa}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x13}]}, 0x58}}, 0x4000080) [ 2846.257796][ T1826] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2846.268054][ T1822] netlink: 'syz-executor.1': attribute type 7 has an invalid length. [ 2846.301255][ T1826] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2846.343661][ T1983] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space 17:06:20 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2846.387677][ T1983] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2846.404539][ T1983] binder_transaction: 32 callbacks suppressed [ 2846.404555][ T1983] binder: 1935:1983 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2846.486549][T17448] binder_release_work: 32 callbacks suppressed [ 2846.486556][T17448] binder: undelivered TRANSACTION_ERROR: 29201 [ 2846.499961][ T1983] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2846.528394][ T1983] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2846.539313][ T1983] binder: 1935:1983 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2846.549004][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:21 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:21 executing program 1: r0 = gettid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/247, 0xffffff80}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xadbf80a3}], 0x23a, 0x0) mmap(&(0x7f0000710000/0x2000)=nil, 0x2000, 0x0, 0x1000000008031, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000350029080000000000020000000c00070008000000", @ANYRES32=0x0], 0x20}}, 0x0) 17:06:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae17, 0x0) 17:06:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000010000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:21 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) accept$packet(0xffffffffffffff9c, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000540)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'\x00', r1}) r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000040)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 17:06:21 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0}) mlockall(0x4) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2) ioctl$KVM_GET_FPU(r1, 0x81a0ae8c, &(0x7f00000000c0)) [ 2846.947739][ T2277] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2846.998591][ T2277] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2847.026880][ T2277] binder: 2271:2277 transaction failed 29201/-28, size 0-16128 line 3148 17:06:21 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) modify_ldt$read(0x0, &(0x7f00000001c0)=""/178, 0xb2) [ 2847.074280][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000020000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2847.240587][ T2684] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2847.264938][ T2684] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2847.309125][ T2684] binder: 2626:2684 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2847.357434][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2847.370847][ T2796] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x800) ioctl$PPPIOCATTACH(r1, 0x4004743d, &(0x7f0000000040)=0x5) 17:06:21 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2847.403454][ T2796] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2847.493033][ T2796] binder: 2781:2796 transaction failed 29201/-28, size 0-16128 line 3148 [ 2847.523913][T17448] binder: undelivered TRANSACTION_ERROR: 29201 [ 2847.532411][ T2832] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2847.564508][ T2832] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2847.616008][ T2832] binder: 2828:2832 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2847.627123][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:22 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0xffffffffffffff26, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESOCT=0x0], 0x2}}, 0x0) r1 = accept(r0, &(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000140)=0x80) ioctl$sock_bt_hidp_HIDPCONNDEL(r1, 0x400448c9, &(0x7f00000001c0)={{0x4, 0x4, 0x7fffffff, 0x82, 0x47b5, 0x4}, 0x3ff}) 17:06:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae18, 0x0) 17:06:22 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000030000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x101000, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x82120000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x44, r2, 0x4, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4084}, 0x20000080) [ 2847.828526][ T3046] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2847.875669][ T3046] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2847.893952][ T3069] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) 17:06:22 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2847.928174][ T3046] binder: 3044:3046 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2847.956998][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="20000000280000040000000000000000020000000c00070008000000fdebddcfc5848857caa540ed7823a287d793ae5bf60ef69eedd180ba6801358bf2b718708818a306089a891451895d40b4ec6f784e9ef3bbbf7532a84300dbaea743d347c1047e8371e547ae97bd34ece004370f3c0595b15d094ce77d0ccd5d1c8868d88ab5fbb6998be9b3f5cd1f951503002444e9057ac260e8823ef16c1a9a3f1650ad9b9792536e21611e20b9565dcc2994093c5b4e6f8289f7bc7c7ddbb5f9a63c573918ce", @ANYRES32=0x0], 0x20}, 0x1, 0x0, 0x0, 0xfffffffffffffffd}, 0x0) [ 2847.977271][ T3046] binder: 3044:3046 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2847.988641][ T3069] binder: 3042:3069 transaction failed 29201/-28, size 0-16128 line 3148 17:06:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.events\x00', 0x0, 0x0) ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f0000000040)={0x2, 0x0, 0x6, {0x8, 0x8, 0x7, 0x81}}) prctl$PR_SET_TSC(0x1a, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000000000000000000000000000000000010000000000000000000000008000"/76], 0x0, 0x0, 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$PPPIOCSNPMODE(r1, 0x4008744b, &(0x7f00000000c0)={0x82fb, 0x3}) [ 2848.031502][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2848.068098][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000280029081542b91aabfb5bf452000004000000006f020000000c00070008000000", @ANYRES32=0x0], 0x20}}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x94, r2, 0x28, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x78, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}]}, 0x94}, 0x1, 0x0, 0x0, 0x40000}, 0x80) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x7, 0x6}, &(0x7f0000000140)=0xc) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000180)={r3, 0x2, 0x30}, 0xc) 17:06:22 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000040000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2848.171130][ T3561] binder: 3491:3561 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2848.228811][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:23 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x6, 0x214202) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000040)={0x7, 0x1, 0x8, 0x118dfbb2, 0x1, 0x8, 0x1, 0xfffffffffffffff7, 0x0}, &(0x7f00000000c0)=0x20) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000100)={r2, 0x3}, &(0x7f00000001c0)=0x8) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000200)={0x4, 0x8000}) 17:06:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x20, 0x2d, 0x829, 0x0, 0x25dfdbfd, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x4, 0x1) 17:06:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae19, 0x0) 17:06:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000050000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:23 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 17:06:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000060000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:23 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$admmidi(&(0x7f00000001c0)='/dev/admmidi#\x00', 0x836, 0x80200) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000000200)) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000080)={0x0, 0x1, 0x1, 0x4}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={r2, 0x2, 0x10}, &(0x7f0000000180)=0xc) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) 17:06:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x10, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x12e, 0x0, &(0x7f00000002c0)=[@reply={0x40406301, {0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)=[0x38, 0x30, 0x78, 0x0, 0x48, 0x0, 0x78, 0x0]}}, @transaction={0x40406300, {0x4, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@flat={0x0, 0x0, r1}], &(0x7f0000000280)=[0x38, 0x18, 0x68, 0x0, 0x18]}}, @enter_looper, @increfs_done={0x40106308, r1, 0x4}, @increfs_done={0x40106308, r1, 0x3}], 0x0, 0x0, 0x0}) 17:06:23 executing program 1: r0 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000080)) accept$unix(r0, &(0x7f0000000140), &(0x7f00000000c0)=0x6e) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0x20}}, 0x0) [ 2849.019493][ T4278] binder: 4270:4278 got reply transaction with no transaction stack [ 2849.060724][ T4451] binder: 4270:4451 got reply transaction with no transaction stack [ 2849.128850][ T4494] netlink: 'syz-executor.1': attribute type 7 has an invalid length. 17:06:23 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000070000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:23 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae1a, 0x0) 17:06:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000035001000000000000000000000000000000000d7"], 0x0, 0x0, 0x0}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) setsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000100)={0x1f, 0x8}, 0x2) getpeername$llc(r1, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f00000000c0)=0x10) 17:06:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x200, 0x64100) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x64, r2, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x44, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xe19}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x5}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x5}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xffffffffffff40dd}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x0) 17:06:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x28, 0x829, 0x0, 0x0, {0x2}, [@nested={0xc, 0x7, [@typed={0x8, 0x0, @uid}]}]}, 0xff98}}, 0x1ffffffe) sendmsg$nl_generic(r0, &(0x7f0000000200)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0x26b, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, 0x1a, 0x504, 0x70bd25, 0x25dfdbfe, {0x1d}, [@generic="f2bd7d40ed41562ac15d37d5f81c22cf6cb4ffc5159f364d7acf8c6c30"]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x20004000) 17:06:23 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000a0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2849.433354][ T4819] netlink: 'syz-executor.1': attribute type 7 has an invalid length. 17:06:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000006aaed2c39d82267b9e94acebc1515d087e7ca7e6afe1ecaa209247a8c01d41244d124daa29"], 0x0, 0x0, 0x0}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000000)) [ 2849.486023][ T4819] netlink: 'syz-executor.1': attribute type 7 has an invalid length. 17:06:24 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="20005f4664546d566800ac010000800000000000000000000c01b63ce89c12281fee95bf414021472e2f7ba3393ca75bf49c90840e7f65de1192", @ANYRES32=0x0], 0x20}}, 0x0) 17:06:24 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:24 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:24 executing program 5: r0 = dup(0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000200)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000340), &(0x7f0000000300)=0x4) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000280)={0x5, 0x10, 0xfa00, {&(0x7f0000000000), r1, 0x2}}, 0x18) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0}) 17:06:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000200000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae1b, 0x0) 17:06:24 executing program 1 (fault-call:11 fault-nth:0): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:24 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:24 executing program 5: mlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x0, 0x220001) ioctl$PPPIOCSCOMPRESS(r1, 0x4010744d) 17:06:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000003f0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2850.004234][ T5391] FAULT_INJECTION: forcing a failure. [ 2850.004234][ T5391] name failslab, interval 1, probability 0, space 0, times 0 [ 2850.078213][ T5391] CPU: 1 PID: 5391 Comm: syz-executor.1 Not tainted 5.1.0-rc4+ #67 [ 2850.086168][ T5391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2850.096326][ T5391] Call Trace: [ 2850.099647][ T5391] dump_stack+0x172/0x1f0 [ 2850.104022][ T5391] should_fail.cold+0xa/0x15 [ 2850.108647][ T5391] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2850.114490][ T5391] ? ___might_sleep+0x163/0x280 [ 2850.119467][ T5391] __should_failslab+0x121/0x190 [ 2850.124488][ T5391] should_failslab+0x9/0x14 [ 2850.129020][ T5391] kmem_cache_alloc+0x2b2/0x6f0 [ 2850.133890][ T5391] ? vcpu_enter_guest+0x194f/0x60a0 [ 2850.139125][ T5391] ? find_held_lock+0x35/0x130 [ 2850.144006][ T5391] mmu_topup_memory_caches+0x97/0x490 [ 2850.149404][ T5391] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2850.155673][ T5391] ? kvm_hv_setup_tsc_page+0xae/0x6d0 [ 2850.161068][ T5391] kvm_mmu_load+0x21/0x1300 [ 2850.165740][ T5391] ? kvm_lapic_enable_pv_eoi+0x170/0x170 [ 2850.171364][ T5391] ? vcpu_enter_guest+0x2a33/0x60a0 [ 2850.176584][ T5391] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2850.182839][ T5391] ? vmx_get_nmi_mask+0x107/0x180 [ 2850.187877][ T5391] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2850.194117][ T5391] ? vmx_clear_hlt.isra.0+0x7c/0xd0 [ 2850.194139][ T5391] vcpu_enter_guest+0x3c8e/0x60a0 [ 2850.194164][ T5391] ? emulator_read_emulated+0x50/0x50 [ 2850.194180][ T5391] ? lock_acquire+0x16f/0x3f0 [ 2850.194194][ T5391] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 2850.194215][ T5391] kvm_arch_vcpu_ioctl_run+0x425/0x1750 17:06:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae1c, 0x0) [ 2850.204408][ T5391] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2850.204434][ T5391] kvm_vcpu_ioctl+0x4dc/0xf90 [ 2850.204449][ T5391] ? kvm_vcpu_block+0xce0/0xce0 [ 2850.204463][ T5391] ? tomoyo_path_number_perm+0x263/0x520 [ 2850.204479][ T5391] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2850.204510][ T5391] ? __fget+0x35a/0x550 [ 2850.204528][ T5391] ? kvm_vcpu_block+0xce0/0xce0 [ 2850.204545][ T5391] do_vfs_ioctl+0xd6e/0x1390 [ 2850.204570][ T5391] ? ioctl_preallocate+0x210/0x210 [ 2850.204581][ T5391] ? smack_file_ioctl+0x196/0x310 [ 2850.204593][ T5391] ? smack_inode_rename+0x2d0/0x2d0 [ 2850.204611][ T5391] ? ksys_dup3+0x3e0/0x3e0 [ 2850.204630][ T5391] ? tomoyo_file_ioctl+0x23/0x30 [ 2850.204645][ T5391] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2850.204666][ T5391] ? security_file_ioctl+0x93/0xc0 [ 2850.246923][ T5391] ksys_ioctl+0xab/0xd0 [ 2850.246943][ T5391] __x64_sys_ioctl+0x73/0xb0 [ 2850.261895][ T5391] do_syscall_64+0x103/0x610 [ 2850.261918][ T5391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2850.261931][ T5391] RIP: 0033:0x458c29 17:06:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x200000) ioctl$EVIOCSCLOCKID(r1, 0x400445a0, &(0x7f00000000c0)=0x7) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7fffffff, 0x400000) ioctl$PPPOEIOCDFWD(r2, 0xb101, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 17:06:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000480000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2850.261944][ T5391] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2850.261951][ T5391] RSP: 002b:00007fcc7e1a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2850.261965][ T5391] RAX: ffffffffffffffda RBX: 00007fcc7e1a3c90 RCX: 0000000000458c29 [ 2850.261973][ T5391] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 2850.261980][ T5391] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 17:06:24 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2850.261988][ T5391] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc7e1a46d4 [ 2850.261995][ T5391] R13: 00000000004c1baf R14: 00000000004d43d0 R15: 0000000000000007 17:06:25 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:25 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f0000000100)={0x0, 0xd8, "648e520b0305d2595fb80475509d89bb8b8703bf7ea2e4096f0dbce101cd5613d6d4f5b3494fc61d3b3464400a7746dff9266ac2fe50a73f1507067e3068b04d2e98652fe8b2fe6954208972285cdf82bd5fbb21da3fbb832a3e5ddb50eb7da491824771b6c29f4f80dcc712ceb8d361b9f9d8383e4b3abfcd47817f677d852ecae0b5a788588a1fbad211da61969955ddd6348ed80fd9c24269d6010134304fbd5f231a2b13aa917440762c3fc2d600ea85e51a887bedd5ba44d6ac88fd7a6e208fad606db6ab30c9add93bbcf8ee307ce154b7f6276c78"}, &(0x7f0000000200)=0xe0) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000240)={r2, @in={{0x2, 0x4e23, @rand_addr=0x3}}}, 0x84) r3 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffc) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634800100000000000009604ef7e9e04dfbdf000000000000000d980f7470004000000000000000000f3ffffffffffff0000c5f3328e000004683c000000000000000000000000000000000000c47a3e75e614b9ed"], 0x0, 0x0, 0x0}) ioctl$VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000300)={0x6379, 0x41323151, 0x1, @stepwise={0x2, 0x8, 0x1, 0x1ff, 0x4, 0x8}}) 17:06:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000004c0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:25 executing program 1 (fault-call:11 fault-nth:1): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:25 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000100"/76], 0x0, 0x0, 0x0}) 17:06:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae1d, 0x0) [ 2850.837437][ T6100] FAULT_INJECTION: forcing a failure. [ 2850.837437][ T6100] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2850.850694][ T6100] CPU: 0 PID: 6100 Comm: syz-executor.1 Not tainted 5.1.0-rc4+ #67 [ 2850.858578][ T6100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2850.858583][ T6100] Call Trace: [ 2850.858612][ T6100] dump_stack+0x172/0x1f0 [ 2850.858634][ T6100] should_fail.cold+0xa/0x15 [ 2850.858654][ T6100] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2850.858668][ T6100] ? percpu_ref_tryget_live+0xef/0x290 [ 2850.858688][ T6100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2850.898464][ T6100] ? debug_smp_processor_id+0x3c/0x280 [ 2850.904141][ T6100] should_fail_alloc_page+0x50/0x60 [ 2850.909707][ T6100] __alloc_pages_nodemask+0x1a1/0x7e0 [ 2850.915090][ T6100] ? find_held_lock+0x35/0x130 [ 2850.915113][ T6100] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2850.915147][ T6100] cache_grow_begin+0x9c/0x860 [ 2850.915165][ T6100] ? mmu_topup_memory_caches+0x97/0x490 [ 2850.915180][ T6100] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2850.915202][ T6100] kmem_cache_alloc+0x62d/0x6f0 [ 2850.936324][ T6100] ? vcpu_enter_guest+0x194f/0x60a0 [ 2850.952593][ T6100] mmu_topup_memory_caches+0x97/0x490 [ 2850.957984][ T6100] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2850.964251][ T6100] ? kvm_hv_setup_tsc_page+0xae/0x6d0 [ 2850.969652][ T6100] kvm_mmu_load+0x21/0x1300 [ 2850.974180][ T6100] ? kvm_lapic_enable_pv_eoi+0x170/0x170 [ 2850.979917][ T6100] ? vcpu_enter_guest+0x2a33/0x60a0 [ 2850.985232][ T6100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2850.991501][ T6100] ? vmx_get_nmi_mask+0x107/0x180 [ 2850.996541][ T6100] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2851.002801][ T6100] ? vmx_clear_hlt.isra.0+0x7c/0xd0 [ 2851.008020][ T6100] vcpu_enter_guest+0x3c8e/0x60a0 [ 2851.013074][ T6100] ? emulator_read_emulated+0x50/0x50 [ 2851.018472][ T6100] ? lock_acquire+0x16f/0x3f0 [ 2851.023172][ T6100] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 2851.028896][ T6100] kvm_arch_vcpu_ioctl_run+0x425/0x1750 17:06:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0xffffffffffffff9e, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0002000000000000070000000000000000000000000000000000000000000000000000000000000100"/76], 0x3c0, 0x0, 0x0}) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x2, 0x10000) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xfffffffffffffffe) getdents(r1, &(0x7f00000001c0)=""/175, 0xaf) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r1) [ 2851.034537][ T6100] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2851.040273][ T6100] kvm_vcpu_ioctl+0x4dc/0xf90 [ 2851.044968][ T6100] ? kvm_vcpu_block+0xce0/0xce0 [ 2851.049821][ T6100] ? tomoyo_path_number_perm+0x263/0x520 [ 2851.049841][ T6100] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2851.049870][ T6100] ? __fget+0x35a/0x550 [ 2851.049893][ T6100] ? kvm_vcpu_block+0xce0/0xce0 [ 2851.070390][ T6100] do_vfs_ioctl+0xd6e/0x1390 [ 2851.070413][ T6100] ? ioctl_preallocate+0x210/0x210 [ 2851.070427][ T6100] ? smack_file_ioctl+0x196/0x310 17:06:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae1e, 0x0) [ 2851.070445][ T6100] ? smack_inode_rename+0x2d0/0x2d0 [ 2851.085133][ T6100] ? ksys_dup3+0x3e0/0x3e0 [ 2851.085159][ T6100] ? tomoyo_file_ioctl+0x23/0x30 [ 2851.085174][ T6100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2851.085191][ T6100] ? security_file_ioctl+0x93/0xc0 [ 2851.085212][ T6100] ksys_ioctl+0xab/0xd0 [ 2851.099731][ T6100] __x64_sys_ioctl+0x73/0xb0 [ 2851.099752][ T6100] do_syscall_64+0x103/0x610 [ 2851.099773][ T6100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2851.099786][ T6100] RIP: 0033:0x458c29 [ 2851.099799][ T6100] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2851.099812][ T6100] RSP: 002b:00007fcc7e1a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2851.153814][ T6100] RAX: ffffffffffffffda RBX: 00007fcc7e1a3c90 RCX: 0000000000458c29 [ 2851.153823][ T6100] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 2851.153831][ T6100] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 17:06:25 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2851.153840][ T6100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc7e1a46d4 [ 2851.153848][ T6100] R13: 00000000004c1baf R14: 00000000004d43d0 R15: 0000000000000007 [ 2851.217645][ T6424] binder: 6422:6424 ioctl c0306201 20007000 returned -14 17:06:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000600000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2851.240705][ T6424] binder: 6422:6424 ioctl c0306201 20007000 returned -14 17:06:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 2851.282264][ T6444] binder_alloc_new_buf_locked: 22 callbacks suppressed [ 2851.282274][ T6444] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2851.367337][ T6444] binder_alloc_new_buf_locked: 21 callbacks suppressed [ 2851.367355][ T6444] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2851.437948][ T6544] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2851.455878][ T6444] binder_transaction: 22 callbacks suppressed [ 2851.455895][ T6444] binder: 6436:6444 transaction failed 29201/-28, size 0-16128 line 3148 [ 2851.489486][ T6544] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2851.508275][ T6544] binder: 6526:6544 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2851.536629][T13809] binder_release_work: 22 callbacks suppressed [ 2851.536637][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2851.560754][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:26 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:26 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:26 executing program 1 (fault-call:11 fault-nth:2): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae21, 0x0) 17:06:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x20010, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x5c, 0x0, &(0x7f00000001c0)=[@reply={0x40406301, {0x4, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x18, 0x28, &(0x7f0000000040)=[@fd={0x66642a85, 0x0, r0, 0x0, 0x3}], &(0x7f00000000c0)=[0x38, 0x48, 0x30, 0x48, 0x30]}}, @acquire_done={0x40106309, r1, 0x2}, @enter_looper], 0x0, 0x0, 0x0}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000100)) 17:06:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000680000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2851.704825][ T6747] binder: 6746:6747 got reply transaction with no transaction stack [ 2851.752666][ T6747] binder: 6746:6747 transaction failed 29201/-71, size 24-40 line 2900 17:06:26 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2851.829043][ T6803] binder: 6746:6803 got reply transaction with no transaction stack [ 2851.848143][ T6752] FAULT_INJECTION: forcing a failure. [ 2851.848143][ T6752] name failslab, interval 1, probability 0, space 0, times 0 [ 2851.851998][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2851.866723][ T6859] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2851.889888][ T6859] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2851.913553][ T6803] binder: 6746:6803 transaction failed 29201/-71, size 24-40 line 2900 [ 2851.931116][T17448] binder: undelivered TRANSACTION_ERROR: 29201 [ 2851.937449][ T6859] binder: 6858:6859 transaction failed 29201/-28, size 0-16128 line 3148 [ 2851.938007][ T6752] CPU: 1 PID: 6752 Comm: syz-executor.1 Not tainted 5.1.0-rc4+ #67 [ 2851.953771][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2851.963859][ T6752] Call Trace: [ 2851.967167][ T6752] dump_stack+0x172/0x1f0 [ 2851.971514][ T6752] should_fail.cold+0xa/0x15 [ 2851.973888][T17448] binder: undelivered TRANSACTION_ERROR: 29201 [ 2851.976109][ T6752] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2851.976130][ T6752] ? ___might_sleep+0x163/0x280 [ 2851.976150][ T6752] __should_failslab+0x121/0x190 [ 2851.997970][ T6752] should_failslab+0x9/0x14 [ 2851.997989][ T6752] kmem_cache_alloc+0x2b2/0x6f0 [ 2851.998007][ T6752] ? vcpu_enter_guest+0x194f/0x60a0 [ 2852.007357][ T6752] ? find_held_lock+0x35/0x130 [ 2852.007382][ T6752] mmu_topup_memory_caches+0x97/0x490 [ 2852.007435][ T6752] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2852.029150][ T6752] kvm_mmu_load+0x21/0x1300 [ 2852.033764][ T6752] ? kvm_lapic_enable_pv_eoi+0x170/0x170 17:06:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="11634840aca800000700000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000c7031295212ab00017eb8705612757950e3e95758f81a17c53f76b712dd2c7141b6e5892094d49416f35d81bf66470d507fe4e9f05410a721e924b00083a65790d0a115fac40ecef3cbc0ed37852fd6f56ecd0498338e5de3430f9f9b4db8500b29301ee02c81fe06ac533cdae2eb12d9e91593273db7415cee99a1302e25eee0faf"], 0x0, 0x0, 0x0}) [ 2852.039446][ T6752] ? vcpu_enter_guest+0x2a33/0x60a0 [ 2852.044665][ T6752] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2852.050927][ T6752] ? vmx_get_nmi_mask+0x107/0x180 [ 2852.055995][ T6752] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2852.062260][ T6752] ? vmx_clear_hlt.isra.0+0x7c/0xd0 [ 2852.068171][ T6752] vcpu_enter_guest+0x3c8e/0x60a0 [ 2852.073229][ T6752] ? emulator_read_emulated+0x50/0x50 [ 2852.078620][ T6752] ? lock_acquire+0x16f/0x3f0 [ 2852.083313][ T6752] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 2852.089057][ T6752] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2852.094619][ T6752] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2852.100370][ T6752] kvm_vcpu_ioctl+0x4dc/0xf90 [ 2852.105067][ T6752] ? kvm_vcpu_block+0xce0/0xce0 [ 2852.109916][ T6752] ? tomoyo_path_number_perm+0x263/0x520 [ 2852.115646][ T6752] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2852.121495][ T6752] ? __fget+0x35a/0x550 [ 2852.125681][ T6752] ? kvm_vcpu_block+0xce0/0xce0 [ 2852.130558][ T6752] do_vfs_ioctl+0xd6e/0x1390 [ 2852.135175][ T6752] ? ioctl_preallocate+0x210/0x210 17:06:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000006c0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2852.140304][ T6752] ? smack_file_ioctl+0x196/0x310 [ 2852.145360][ T6752] ? smack_inode_rename+0x2d0/0x2d0 [ 2852.150594][ T6752] ? ksys_dup3+0x3e0/0x3e0 [ 2852.155040][ T6752] ? tomoyo_file_ioctl+0x23/0x30 [ 2852.159997][ T6752] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2852.166260][ T6752] ? security_file_ioctl+0x93/0xc0 [ 2852.171402][ T6752] ksys_ioctl+0xab/0xd0 [ 2852.171424][ T6752] __x64_sys_ioctl+0x73/0xb0 [ 2852.171441][ T6752] do_syscall_64+0x103/0x610 [ 2852.171463][ T6752] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2852.180608][ T6752] RIP: 0033:0x458c29 [ 2852.180625][ T6752] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2852.180634][ T6752] RSP: 002b:00007fcc7e1a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2852.180653][ T6752] RAX: ffffffffffffffda RBX: 00007fcc7e1a3c90 RCX: 0000000000458c29 [ 2852.230988][ T6752] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 17:06:26 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2852.238980][ T6752] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2852.246957][ T6752] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc7e1a46d4 [ 2852.246967][ T6752] R13: 00000000004c1baf R14: 00000000004d43d0 R15: 0000000000000007 [ 2852.293668][ T7174] binder: 6972:7174 got transaction to invalid handle [ 2852.298488][ T7172] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2852.326231][ T7174] binder: 6972:7174 transaction failed 29201/-22, size 16777216-0 line 2995 17:06:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae22, 0x0) [ 2852.326452][ T7172] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2852.345618][ T7172] binder: 7170:7172 transaction failed 29201/-28, size 0-16128 line 3148 [ 2852.358443][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2852.399564][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:06:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="484000000000070000000000000000000000000000000000000000ffffffffffffffe70000000007b2000012b09b452e000000000000f2ff00000016871464cf000000040000ff00"/84], 0xffffffffffffffba, 0x0, 0x0}) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x3c) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000180)=0xffffffffffff87f9, &(0x7f00000001c0)=0x2) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x9e, 0x480080) setsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000040)=0x400, 0x4) 17:06:26 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:26 executing program 1 (fault-call:11 fault-nth:3): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000740000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:26 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2852.567868][ T7420] binder: 7419:7420 unknown command 16456 [ 2852.591703][ T7420] binder: 7419:7420 ioctl c0306201 20007000 returned -22 [ 2852.643586][ T7460] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2852.657571][ T7420] binder: 7419:7420 unknown command 16456 [ 2852.681055][ T7460] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2852.708322][ T7420] binder: 7419:7420 ioctl c0306201 20007000 returned -22 [ 2852.731834][ T7466] FAULT_INJECTION: forcing a failure. [ 2852.731834][ T7466] name failslab, interval 1, probability 0, space 0, times 0 [ 2852.752267][ T7460] binder: 7458:7460 transaction failed 29201/-28, size 0-16128 line 3148 [ 2852.774420][ T7466] CPU: 0 PID: 7466 Comm: syz-executor.1 Not tainted 5.1.0-rc4+ #67 [ 2852.782369][ T7466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2852.792438][ T7466] Call Trace: [ 2852.793434][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2852.795744][ T7466] dump_stack+0x172/0x1f0 [ 2852.795775][ T7466] should_fail.cold+0xa/0x15 [ 2852.795797][ T7466] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2852.816646][ T7466] ? ___might_sleep+0x163/0x280 [ 2852.821525][ T7466] __should_failslab+0x121/0x190 [ 2852.826482][ T7466] should_failslab+0x9/0x14 [ 2852.831001][ T7466] kmem_cache_alloc+0x2b2/0x6f0 [ 2852.835864][ T7466] ? vcpu_enter_guest+0x194f/0x60a0 [ 2852.841071][ T7466] ? find_held_lock+0x35/0x130 [ 2852.845857][ T7466] mmu_topup_memory_caches+0x97/0x490 [ 2852.851253][ T7466] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2852.857521][ T7466] kvm_mmu_load+0x21/0x1300 [ 2852.862038][ T7466] ? kvm_lapic_enable_pv_eoi+0x170/0x170 [ 2852.867684][ T7466] ? vcpu_enter_guest+0x2a33/0x60a0 [ 2852.872905][ T7466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2852.879176][ T7466] ? vmx_get_nmi_mask+0x107/0x180 [ 2852.884221][ T7466] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2852.890486][ T7466] ? vmx_clear_hlt.isra.0+0x7c/0xd0 [ 2852.895708][ T7466] vcpu_enter_guest+0x3c8e/0x60a0 [ 2852.900775][ T7466] ? emulator_read_emulated+0x50/0x50 [ 2852.906178][ T7466] ? lock_acquire+0x16f/0x3f0 [ 2852.906196][ T7466] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 2852.906216][ T7466] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2852.906236][ T7466] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2852.916743][ T7466] kvm_vcpu_ioctl+0x4dc/0xf90 [ 2852.916763][ T7466] ? kvm_vcpu_block+0xce0/0xce0 [ 2852.916784][ T7466] ? tomoyo_path_number_perm+0x263/0x520 [ 2852.943337][ T7466] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2852.949268][ T7466] ? __fget+0x35a/0x550 [ 2852.953441][ T7466] ? kvm_vcpu_block+0xce0/0xce0 [ 2852.958322][ T7466] do_vfs_ioctl+0xd6e/0x1390 [ 2852.962940][ T7466] ? ioctl_preallocate+0x210/0x210 [ 2852.968067][ T7466] ? smack_file_ioctl+0x196/0x310 [ 2852.973098][ T7466] ? smack_inode_rename+0x2d0/0x2d0 [ 2852.973124][ T7466] ? ksys_dup3+0x3e0/0x3e0 [ 2852.973147][ T7466] ? tomoyo_file_ioctl+0x23/0x30 [ 2852.982826][ T7466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2852.982843][ T7466] ? security_file_ioctl+0x93/0xc0 [ 2852.982860][ T7466] ksys_ioctl+0xab/0xd0 [ 2852.982878][ T7466] __x64_sys_ioctl+0x73/0xb0 17:06:27 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae23, 0x0) 17:06:27 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2852.982898][ T7466] do_syscall_64+0x103/0x610 [ 2853.012456][ T7466] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2853.018360][ T7466] RIP: 0033:0x458c29 [ 2853.022271][ T7466] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2853.041978][ T7466] RSP: 002b:00007fcc7e1a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2853.041993][ T7466] RAX: ffffffffffffffda RBX: 00007fcc7e1a3c90 RCX: 0000000000458c29 17:06:27 executing program 5: openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x1, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x1) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x200000, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000100)={0x4, &(0x7f0000000080)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @link_local}, {}, {0x0, 0x0, 0x0, @broadcast}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0xffffffffffffffd4, 0x0, &(0x7f0000000140), 0x0, 0x0, 0x0}) 17:06:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000007a0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2853.041999][ T7466] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 2853.042006][ T7466] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2853.042014][ T7466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc7e1a46d4 [ 2853.042022][ T7466] R13: 00000000004c1baf R14: 00000000004d43d0 R15: 0000000000000007 17:06:27 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:27 executing program 1 (fault-call:11 fault-nth:4): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffff9c}) connect$llc(r1, &(0x7f0000000040)={0x1a, 0x110, 0x100000001, 0x40000000000000, 0x2, 0x7f, @dev={[], 0x26}}, 0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 2853.186751][ T8001] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2853.230368][ T8001] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2853.257989][ T8001] binder: 7980:8001 transaction failed 29201/-28, size 0-16128 line 3148 [ 2853.280543][T17448] binder: undelivered TRANSACTION_ERROR: 29201 [ 2853.513482][ T8312] FAULT_INJECTION: forcing a failure. [ 2853.513482][ T8312] name failslab, interval 1, probability 0, space 0, times 0 [ 2853.531860][ T8312] CPU: 0 PID: 8312 Comm: syz-executor.1 Not tainted 5.1.0-rc4+ #67 [ 2853.539786][ T8312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2853.550459][ T8312] Call Trace: [ 2853.553764][ T8312] dump_stack+0x172/0x1f0 [ 2853.558117][ T8312] should_fail.cold+0xa/0x15 [ 2853.562732][ T8312] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2853.568562][ T8312] ? ___might_sleep+0x163/0x280 [ 2853.573440][ T8312] __should_failslab+0x121/0x190 [ 2853.578403][ T8312] should_failslab+0x9/0x14 [ 2853.582939][ T8312] kmem_cache_alloc+0x2b2/0x6f0 [ 2853.587812][ T8312] ? vcpu_enter_guest+0x194f/0x60a0 [ 2853.593463][ T8312] ? find_held_lock+0x35/0x130 [ 2853.598349][ T8312] mmu_topup_memory_caches+0x97/0x490 [ 2853.603729][ T8312] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2853.609996][ T8312] kvm_mmu_load+0x21/0x1300 [ 2853.615575][ T8312] ? kvm_lapic_enable_pv_eoi+0x170/0x170 [ 2853.618879][ T8322] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2853.621224][ T8312] ? vcpu_enter_guest+0x2a33/0x60a0 [ 2853.621240][ T8312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2853.621266][ T8312] ? vmx_get_nmi_mask+0x107/0x180 [ 2853.621279][ T8312] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2853.621300][ T8312] ? vmx_clear_hlt.isra.0+0x7c/0xd0 [ 2853.658237][ T8312] vcpu_enter_guest+0x3c8e/0x60a0 [ 2853.659282][ T8322] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2853.663299][ T8312] ? emulator_read_emulated+0x50/0x50 [ 2853.663319][ T8312] ? lock_acquire+0x16f/0x3f0 [ 2853.663332][ T8312] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 2853.663352][ T8312] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2853.663371][ T8312] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2853.692387][ T8322] binder: 8318:8322 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2853.695104][ T8312] kvm_vcpu_ioctl+0x4dc/0xf90 17:06:27 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x200803, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x1, 0x0, 0x3, 0x101, 0x7, 0x1, 0x3, 0x1ff], 0x9, 0xf5, 0x1, 0x800, 0x3, 0x100, {0x0, 0x1, 0x2, 0x0, 0x2, 0x0, 0x1, 0x8, 0x2, 0x20, 0xffffffffffffffff, 0x9, 0x7ff, 0x63e2, "08d356fc33046f5a1c12c94411503d5dd7411b3f2741c8c7ee7a3e7e96810f65"}}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) 17:06:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae24, 0x0) 17:06:27 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000fffffdfd0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:28 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2853.695121][ T8312] ? kvm_vcpu_block+0xce0/0xce0 [ 2853.695137][ T8312] ? tomoyo_path_number_perm+0x263/0x520 [ 2853.695154][ T8312] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2853.695180][ T8312] ? __fget+0x35a/0x550 [ 2853.710722][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2853.714253][ T8312] ? kvm_vcpu_block+0xce0/0xce0 [ 2853.714279][ T8312] do_vfs_ioctl+0xd6e/0x1390 [ 2853.714298][ T8312] ? ioctl_preallocate+0x210/0x210 [ 2853.714310][ T8312] ? smack_file_ioctl+0x196/0x310 [ 2853.714327][ T8312] ? smack_inode_rename+0x2d0/0x2d0 [ 2853.722031][ T8326] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2853.724804][ T8312] ? ksys_dup3+0x3e0/0x3e0 [ 2853.724830][ T8312] ? tomoyo_file_ioctl+0x23/0x30 [ 2853.724847][ T8312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2853.724869][ T8312] ? security_file_ioctl+0x93/0xc0 [ 2853.734823][ T8312] ksys_ioctl+0xab/0xd0 [ 2853.734845][ T8312] __x64_sys_ioctl+0x73/0xb0 [ 2853.745833][ T8312] do_syscall_64+0x103/0x610 [ 2853.745852][ T8312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2853.745864][ T8312] RIP: 0033:0x458c29 [ 2853.745883][ T8312] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2853.752891][ T8326] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2853.755548][ T8312] RSP: 002b:00007fcc7e1a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2853.755565][ T8312] RAX: ffffffffffffffda RBX: 00007fcc7e1a3c90 RCX: 0000000000458c29 [ 2853.755574][ T8312] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 2853.755582][ T8312] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2853.755591][ T8312] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc7e1a46d4 [ 2853.755598][ T8312] R13: 00000000004c1baf R14: 00000000004d43d0 R15: 0000000000000007 [ 2853.830596][ T8372] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000040)=ANY=[@ANYBLOB="09000000030000000900060006001b0001800080ffff"], &(0x7f00000000c0)=0x16) 17:06:28 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2853.908738][ T8372] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) 17:06:28 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2853.999171][ T8483] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2854.021813][ T8483] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) 17:06:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="116348400000000007001b0000000000000000000000000000050000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000df4edaaf68d96da704c194494ce39e2776"], 0x0, 0x0, 0x0}) r1 = syz_open_dev$radio(&(0x7f0000000180)='/dev/radio#\x00', 0x3, 0x2) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0x1, 0x4) 17:06:28 executing program 1 (fault-call:11 fault-nth:5): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:28 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000fdfdffff0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae25, 0x0) 17:06:28 executing program 5: r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 2854.332089][ T8762] FAULT_INJECTION: forcing a failure. [ 2854.332089][ T8762] name failslab, interval 1, probability 0, space 0, times 0 [ 2854.388400][ T8762] CPU: 0 PID: 8762 Comm: syz-executor.1 Not tainted 5.1.0-rc4+ #67 [ 2854.396345][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2854.406600][ T8762] Call Trace: [ 2854.409955][ T8762] dump_stack+0x172/0x1f0 [ 2854.414592][ T8762] should_fail.cold+0xa/0x15 [ 2854.419230][ T8762] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2854.425074][ T8762] ? ___might_sleep+0x163/0x280 [ 2854.429957][ T8762] __should_failslab+0x121/0x190 [ 2854.435007][ T8762] should_failslab+0x9/0x14 [ 2854.439617][ T8762] kmem_cache_alloc+0x2b2/0x6f0 [ 2854.444502][ T8762] ? vcpu_enter_guest+0x194f/0x60a0 [ 2854.449716][ T8762] ? find_held_lock+0x35/0x130 [ 2854.454505][ T8762] mmu_topup_memory_caches+0x97/0x490 [ 2854.459929][ T8762] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2854.466206][ T8762] kvm_mmu_load+0x21/0x1300 [ 2854.470987][ T8762] ? kvm_lapic_enable_pv_eoi+0x170/0x170 [ 2854.476635][ T8762] ? vcpu_enter_guest+0x2a33/0x60a0 [ 2854.481871][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2854.488227][ T8762] ? vmx_get_nmi_mask+0x107/0x180 [ 2854.493301][ T8762] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2854.499559][ T8762] ? vmx_clear_hlt.isra.0+0x7c/0xd0 [ 2854.504791][ T8762] vcpu_enter_guest+0x3c8e/0x60a0 [ 2854.509837][ T8762] ? emulator_read_emulated+0x50/0x50 [ 2854.515330][ T8762] ? lock_acquire+0x16f/0x3f0 [ 2854.520028][ T8762] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 2854.525772][ T8762] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2854.531369][ T8762] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2854.537120][ T8762] kvm_vcpu_ioctl+0x4dc/0xf90 [ 2854.541837][ T8762] ? kvm_vcpu_block+0xce0/0xce0 [ 2854.546714][ T8762] ? tomoyo_path_number_perm+0x263/0x520 [ 2854.552375][ T8762] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2854.558225][ T8762] ? __fget+0x35a/0x550 [ 2854.562407][ T8762] ? kvm_vcpu_block+0xce0/0xce0 [ 2854.567285][ T8762] do_vfs_ioctl+0xd6e/0x1390 [ 2854.571922][ T8762] ? ioctl_preallocate+0x210/0x210 [ 2854.577046][ T8762] ? smack_file_ioctl+0x196/0x310 [ 2854.582078][ T8762] ? smack_inode_rename+0x2d0/0x2d0 [ 2854.587303][ T8762] ? ksys_dup3+0x3e0/0x3e0 [ 2854.591747][ T8762] ? tomoyo_file_ioctl+0x23/0x30 [ 2854.596699][ T8762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2854.602960][ T8762] ? security_file_ioctl+0x93/0xc0 [ 2854.608446][ T8762] ksys_ioctl+0xab/0xd0 [ 2854.612639][ T8762] __x64_sys_ioctl+0x73/0xb0 [ 2854.617252][ T8762] do_syscall_64+0x103/0x610 [ 2854.621866][ T8762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2854.627782][ T8762] RIP: 0033:0x458c29 17:06:28 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:28 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) 17:06:28 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000002, 0x11a072, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x44, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="01634040030000000000000002000000000000000000000000000000000000000000000030000000000000002000000000000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="852a646600000000", @ANYRES32=r0, @ANYBLOB="0d0b6bc51cd600", @ANYRES64=r1, @ANYBLOB="0200000000000000"], @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB='H\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 2854.631694][ T8762] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2854.645309][ T9161] binder: 9159:9161 got reply transaction with no transaction stack [ 2854.651314][ T8762] RSP: 002b:00007fcc7e1a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2854.651329][ T8762] RAX: ffffffffffffffda RBX: 00007fcc7e1a3c90 RCX: 0000000000458c29 [ 2854.651337][ T8762] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 2854.651346][ T8762] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2854.651355][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc7e1a46d4 [ 2854.651363][ T8762] R13: 00000000004c1baf R14: 00000000004d43d0 R15: 0000000000000007 [ 2854.774698][ T9248] binder: 9159:9248 got reply transaction with no transaction stack 17:06:29 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000003f0000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:29 executing program 5: openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='pids.events\x00', 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x5, 0x200000) r1 = syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0x27f1, 0x2000) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={0x0, 0xffffffff, 0x200000, 0x3, 0x337, 0x2}, &(0x7f0000000240)=0x14) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000280)={r2, 0x7fff, 0x30}, 0xc) r3 = syz_open_pts(r1, 0x200000) ioctl$TIOCGWINSZ(r3, 0x5413, &(0x7f0000000000)) r4 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x200040, 0x0) 17:06:29 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:29 executing program 1 (fault-call:11 fault-nth:6): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae26, 0x0) 17:06:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 2855.159285][ T9408] FAULT_INJECTION: forcing a failure. [ 2855.159285][ T9408] name failslab, interval 1, probability 0, space 0, times 0 [ 2855.206650][ T9408] CPU: 0 PID: 9408 Comm: syz-executor.1 Not tainted 5.1.0-rc4+ #67 [ 2855.214601][ T9408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2855.224665][ T9408] Call Trace: [ 2855.224694][ T9408] dump_stack+0x172/0x1f0 [ 2855.224715][ T9408] should_fail.cold+0xa/0x15 [ 2855.224738][ T9408] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2855.242769][ T9408] ? ___might_sleep+0x163/0x280 [ 2855.247633][ T9408] __should_failslab+0x121/0x190 [ 2855.247651][ T9408] should_failslab+0x9/0x14 [ 2855.247667][ T9408] kmem_cache_alloc+0x2b2/0x6f0 [ 2855.247685][ T9408] ? vcpu_enter_guest+0x194f/0x60a0 [ 2855.267164][ T9408] ? find_held_lock+0x35/0x130 [ 2855.271963][ T9408] mmu_topup_memory_caches+0x97/0x490 [ 2855.277380][ T9408] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2855.283648][ T9408] kvm_mmu_load+0x21/0x1300 [ 2855.288177][ T9408] ? kvm_lapic_enable_pv_eoi+0x170/0x170 [ 2855.293830][ T9408] ? vcpu_enter_guest+0x2a33/0x60a0 [ 2855.299039][ T9408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2855.305300][ T9408] ? vmx_get_nmi_mask+0x107/0x180 [ 2855.310349][ T9408] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2855.316600][ T9408] ? vmx_clear_hlt.isra.0+0x7c/0xd0 [ 2855.316624][ T9408] vcpu_enter_guest+0x3c8e/0x60a0 [ 2855.326826][ T9408] ? emulator_read_emulated+0x50/0x50 [ 2855.326849][ T9408] ? lock_acquire+0x16f/0x3f0 [ 2855.336876][ T9408] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 2855.342622][ T9408] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2855.348168][ T9408] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2855.353908][ T9408] kvm_vcpu_ioctl+0x4dc/0xf90 [ 2855.358607][ T9408] ? kvm_vcpu_block+0xce0/0xce0 [ 2855.363639][ T9408] ? tomoyo_path_number_perm+0x263/0x520 [ 2855.363659][ T9408] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2855.363685][ T9408] ? __fget+0x35a/0x550 [ 2855.375096][ T9408] ? kvm_vcpu_block+0xce0/0xce0 [ 2855.375115][ T9408] do_vfs_ioctl+0xd6e/0x1390 [ 2855.375134][ T9408] ? ioctl_preallocate+0x210/0x210 [ 2855.375146][ T9408] ? smack_file_ioctl+0x196/0x310 [ 2855.375164][ T9408] ? smack_inode_rename+0x2d0/0x2d0 [ 2855.404215][ T9408] ? ksys_dup3+0x3e0/0x3e0 [ 2855.408662][ T9408] ? tomoyo_file_ioctl+0x23/0x30 [ 2855.413618][ T9408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2855.419890][ T9408] ? security_file_ioctl+0x93/0xc0 [ 2855.425029][ T9408] ksys_ioctl+0xab/0xd0 [ 2855.429213][ T9408] __x64_sys_ioctl+0x73/0xb0 [ 2855.433831][ T9408] do_syscall_64+0x103/0x610 [ 2855.438447][ T9408] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2855.445860][ T9408] RIP: 0033:0x458c29 [ 2855.449772][ T9408] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2855.469390][ T9408] RSP: 002b:00007fcc7e1a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2855.477828][ T9408] RAX: ffffffffffffffda RBX: 00007fcc7e1a3c90 RCX: 0000000000458c29 [ 2855.485816][ T9408] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 2855.493803][ T9408] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 17:06:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000100000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:29 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7, 0x2000) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0485661, &(0x7f00000000c0)={0x5, 0x0, @stop_pts=0x3}) ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000040)={0x101ff, 0x0, &(0x7f0000ffc000/0x3000)=nil}) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000aa288e693ca59604468bc63861c2f52f55d325788f25ec37522580ae87d61d522e9a912f3685bc3fdc2a9426b4876ef4be5d968d59edd9c312158a82b552b324386703b360fb94c5ec893b47de2d883e7d36ddb92d44baeb99290beca3dd12e8af8efcfd22918b2e7665abe3c8b4db8dfbae03d48632"], 0x0, 0x0, 0x0}) 17:06:29 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae27, 0x0) 17:06:29 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2855.501788][ T9408] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc7e1a46d4 [ 2855.509774][ T9408] R13: 00000000004c1baf R14: 00000000004d43d0 R15: 0000000000000007 17:06:30 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:30 executing program 1 (fault-call:11 fault-nth:7): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:30 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae28, 0x0) 17:06:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000200000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:30 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x2) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) [ 2856.027252][T10145] FAULT_INJECTION: forcing a failure. [ 2856.027252][T10145] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2856.040497][T10145] CPU: 1 PID: 10145 Comm: syz-executor.1 Not tainted 5.1.0-rc4+ #67 [ 2856.048496][T10145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2856.058565][T10145] Call Trace: [ 2856.061871][T10145] dump_stack+0x172/0x1f0 [ 2856.066235][T10145] should_fail.cold+0xa/0x15 [ 2856.070851][T10145] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2856.076660][T10145] ? percpu_ref_tryget_live+0xef/0x290 [ 2856.082128][T10145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2856.088362][T10145] ? debug_smp_processor_id+0x3c/0x280 [ 2856.093810][T10145] should_fail_alloc_page+0x50/0x60 [ 2856.098995][T10145] __alloc_pages_nodemask+0x1a1/0x7e0 [ 2856.104356][T10145] ? find_held_lock+0x35/0x130 [ 2856.109105][T10145] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2856.114824][T10145] cache_grow_begin+0x9c/0x860 [ 2856.119577][T10145] ? mmu_topup_memory_caches+0x97/0x490 [ 2856.125105][T10145] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2856.131333][T10145] kmem_cache_alloc+0x62d/0x6f0 [ 2856.136190][T10145] mmu_topup_memory_caches+0x97/0x490 [ 2856.141630][T10145] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2856.147863][T10145] kvm_mmu_load+0x21/0x1300 [ 2856.152367][T10145] ? kvm_lapic_enable_pv_eoi+0x170/0x170 [ 2856.157982][T10145] ? vcpu_enter_guest+0x2a33/0x60a0 [ 2856.163163][T10145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2856.169400][T10145] ? vmx_get_nmi_mask+0x107/0x180 [ 2856.174410][T10145] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2856.180634][T10145] ? vmx_clear_hlt.isra.0+0x7c/0xd0 [ 2856.185816][T10145] vcpu_enter_guest+0x3c8e/0x60a0 [ 2856.190846][T10145] ? emulator_read_emulated+0x50/0x50 [ 2856.196206][T10145] ? lock_acquire+0x16f/0x3f0 [ 2856.200864][T10145] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 2856.206572][T10145] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2856.212114][T10145] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 2856.217822][T10145] kvm_vcpu_ioctl+0x4dc/0xf90 [ 2856.222481][T10145] ? kvm_vcpu_block+0xce0/0xce0 [ 2856.227334][T10145] ? tomoyo_path_number_perm+0x263/0x520 [ 2856.232956][T10145] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2856.238754][T10145] ? __fget+0x35a/0x550 [ 2856.242902][T10145] ? kvm_vcpu_block+0xce0/0xce0 [ 2856.247742][T10145] do_vfs_ioctl+0xd6e/0x1390 [ 2856.252322][T10145] ? ioctl_preallocate+0x210/0x210 [ 2856.257413][T10145] ? smack_file_ioctl+0x196/0x310 [ 2856.262419][T10145] ? smack_inode_rename+0x2d0/0x2d0 [ 2856.267605][T10145] ? ksys_dup3+0x3e0/0x3e0 [ 2856.272022][T10145] ? tomoyo_file_ioctl+0x23/0x30 [ 2856.276948][T10145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2856.283172][T10145] ? security_file_ioctl+0x93/0xc0 [ 2856.288283][T10145] ksys_ioctl+0xab/0xd0 [ 2856.292427][T10145] __x64_sys_ioctl+0x73/0xb0 [ 2856.297034][T10145] do_syscall_64+0x103/0x610 [ 2856.301641][T10145] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2856.307518][T10145] RIP: 0033:0x458c29 [ 2856.311400][T10145] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2856.330985][T10145] RSP: 002b:00007fcc7e1a3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2856.339400][T10145] RAX: ffffffffffffffda RBX: 00007fcc7e1a3c90 RCX: 0000000000458c29 [ 2856.347377][T10145] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 2856.355647][T10145] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2856.363601][T10145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcc7e1a46d4 17:06:30 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) r1 = shmat(0xffffffffffffffff, &(0x7f0000ffc000/0x3000)=nil, 0x1000) shmdt(r1) [ 2856.371555][T10145] R13: 00000000004c1baf R14: 00000000004d43d0 R15: 0000000000000007 17:06:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000300000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2856.479878][T10363] binder_alloc_new_buf_locked: 9 callbacks suppressed [ 2856.479888][T10363] binder_alloc: 13297: binder_alloc_buf size 16777216 failed, no address space [ 2856.505537][T10363] binder_alloc_new_buf_locked: 9 callbacks suppressed 17:06:30 executing program 5: r0 = socket$rds(0x15, 0x5, 0x0) r1 = dup(r0) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f00000005c0)=0x6) read$rfkill(r1, &(0x7f0000000580), 0x8) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={0x0, 0x3, 0x8}, 0xc) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xec, 0x104, 0x3f, {"e2676df6d6b5f4c08effe9232d9274d8bad09158874702cac95ca930a2f4ff93dea7fe011667f5635484bfa7f690b4618cb3a3815fd53daa35839e9a876df2a240bf037550cfbb6a6814c45520269b1fd55c5915144246c48888fdf9283a187bc40a99a00fc67a6e4e8f435284398acebc22b00dd5cb723bd854342efc8ec1e67d8188dbb39ef5c8004e8554ca708c26dadcc1ec20edb7ec3bdfb0dd848c3ae5fb6517d8ade7f92bcb05bfd4b137624c54ecd2cae0066caba2e0ae67a65f2d2e0882355c14790b8608c276a14e356194574c5cfd534e896d892c2965f2d488d10c82487e6f2f0882be373de4"}}, {0x0, "787fdd510af088a4453a80ab7187506e0c2fb8424fde3d4d2c413069d01dfdad03f745c2d93ec825b5c128e9bcede11abaf1139623f1961678838ebc68cb9f8f6965369bdc8e"}}, &(0x7f0000000300)=""/143, 0x14c, 0x8f, 0x1}, 0x20) socket$inet_udp(0x2, 0x2, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000540)='/dev/zero\x00', 0x20000, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000400)='net/rt_acct\x00') r4 = syz_open_dev$mice(&(0x7f0000000440)='/dev/input/mice\x00', 0x0, 0x4800) close(0xffffffffffffffff) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = add_key$user(&(0x7f0000000040)='user\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$get_security(0x11, r5, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r6, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x18\xff', @ifru_names='bond_slave_1\x00'}) r7 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x8000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) r9 = dup2(r8, r2) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f00000004c0)=[@in={0x2, 0x4e20, @loopback}], 0x10) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000640)={'nr0\x00', 0x9101}) ioctl$KVM_GET_CLOCK(r3, 0x8030ae7c, &(0x7f0000000500)) getsockopt$inet_tcp_int(r9, 0x6, 0x26, &(0x7f00000000c0), &(0x7f0000000100)=0x4) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000600)) r10 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000000000000000000000000cfd47f70636351f500000000000000000000000000000000000000000000000000000000000098e947798babf5012e074eb38f15430b66e93e10c658bbe46ff1aa"], 0x0, 0x0, 0x0}) [ 2856.505552][T10363] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2856.535649][T10364] binder_transaction: 20 callbacks suppressed [ 2856.535667][T10364] binder: 10362:10364 transaction failed 29201/-28, size 0-16128 line 3148 [ 2856.535778][T10363] binder: 10359:10363 transaction failed 29201/-28, size 16777216-0 line 3148 [ 2856.550047][T17448] binder_release_work: 20 callbacks suppressed [ 2856.550054][T17448] binder: undelivered TRANSACTION_ERROR: 29201 [ 2856.638885][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:31 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000400000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae29, 0x0) 17:06:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:31 executing program 1 (fault-call:11 fault-nth:8): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2856.865413][T10671] bond0: Releasing backup interface bond_slave_1 17:06:31 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000500000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2857.210411][T11034] binder: 10979:11034 transaction failed 29201/-28, size 0-16128 line 3148 [ 2857.287015][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 17:06:31 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xd0, 0x3, 0x4, 0x8001, 0x5}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0xb1, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000000001510000400000000000000000faffffff000000000000000000000000000000000000001e00e9d87626c293c3e2c644e6e6723c21b6e5bd9e3e8e0cc168c675d9bebe6bd6bc40f84d83c1c81308d50b00d6e36b0f0d9d6939fb1317cbbccf2e49fb7a73b5baab8202e1568168ccd24f7ab91caf0e89fc38d493ab9463b9a5dfc0e02344bebb3af45dd9a0205c0c38f78bd696af697fce"], 0x0, 0x0, 0x0}) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x180, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x3}, &(0x7f0000000100)=0x8) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f0000000300)="72fbef7e88bf20f75e2fd2cd6833a00b0cfd894fa636792cc4787f9d3206ba95787644ffd7273462466dd9f0fc933c4110770c9d935d5e2407dfa63972f9bc6927ff340a1b571bd34d76e51ab27cac3a1c378e34414d563806625521b1bab511775d749d5881b72aacafdc0617f4bcb5b33cf4322273d6d0b65b73a506d089d993bad7a3bf3a3289af645f782cf3d6e4b1b981044c0b66e753901d848c1a71ab1a321c77518b701104e31ddd9a89d52cab21c50b8d3a4e1538d2165b511937a6e8f285204c9eb2c2b3b230371eb581eb1668ceb81db371c534fecd56008729ab24f5842663834e8e67abba4ac81064b2289a8ef8dbe4014665f31d1eb49fd4c0") write$P9_RREADDIR(r1, &(0x7f0000000400)={0xb, 0x29, 0x2, {0x8}}, 0xb) ioctl$KVM_RUN(r1, 0xae80, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000200)={r2, 0xa3, "5732ff8ad0dda1a045b44246e4f24f3aa6678eee45e8c41df7401a58d6c0f21ceb17591e680e8cd36f7b3f06fa89aeab9c41a9b11c716b401aa58c60c1e5c5f6ac843a753c23aedab1181c99a8b4f6f974c88555da68c414c3cebec520156a84e7ad1201d0117e8735c4af8a4ef815266f5b8bb9c4600b38b3fd86908b7d68e10a70a3e2cefae9a224c7798287902c25a2c6b1a7352206ca258a1833453e79122d3702"}, &(0x7f00000002c0)=0xab) 17:06:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000600000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae2a, 0x0) [ 2857.519717][T11301] binder: 11299:11301 ioctl 401c5820 20000000 returned -22 [ 2857.539978][T11301] binder_alloc: 13297: binder_alloc_buf size -1736624985406729272 failed, no address space [ 2857.569754][T11301] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2857.594540][T11301] binder: 11299:11301 transaction failed 29201/-28, size 72057593937264640-0 line 3148 [ 2857.631065][T11355] binder: 11299:11355 ioctl 660c 0 returned -22 [ 2857.637916][T11390] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:32 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000001, 0x2050, r0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x220080, 0x150) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x7, 0x3}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000180)={r3, 0x8}, &(0x7f0000000400)=0x8) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x2000, 0x0) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r4, 0xc0905664, &(0x7f0000000340)={0x0, 0x0, [], @bt={0x3, 0x6, 0x7f, 0x5, 0x10000, 0xb3bc1ac, 0x6, 0x8}}) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000000)={0x0, 0x200, 0x8}) ioctl$KDSETLED(r4, 0x4b32, 0x2) ioctl$VIDIOC_G_FBUF(r2, 0x8030560a, &(0x7f0000000480)={0x1, 0x30, &(0x7f0000000580)="4609dfffa1143f299e01e39c64abd7801d3864507041a245ccfa9905ccfed642ab960cecf5a76e4d96f42e5bc6643a2c64cbd09e487d1ab7f36e964ea954b9106c87a1a6e26bbf5e863b57d449010ede0ac1", {0x3a8, 0xfffffffffffffff7, 0x0, 0x6, 0x2, 0x8, 0xf, 0x3}}) setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000440)={0x1f, 0x101, 0x7, 0x1, 0x6, 0x1, 0x82b}, 0xc) ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x2) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x76f, 0x0, &(0x7f00000004c0)=[@increfs_done={0x40106308, r1, 0x1}, @transaction={0x40406300, {0x3, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@flat={0x776a2a85, 0x10a, r1, 0x1}, @flat={0x0, 0x0, r1, 0x3}], &(0x7f0000000240)=[0x20, 0x38, 0x28, 0x30, 0x38]}}, @reply_sg={0x40486312, {{0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@flat={0x0, 0xb, r1, 0x2}, @ptr={0x70742a85, 0x1, &(0x7f0000000280), 0x0, 0x0, 0x18}], &(0x7f0000000300)=[0x38, 0x30]}, 0x1b96}}, @decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 17:06:32 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2857.724129][T11390] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2857.747165][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 [ 2857.761919][T11390] binder: 11314:11390 transaction failed 29201/-28, size 0-16128 line 3148 [ 2857.799362][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x2, 0x0) 17:06:32 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000240)=0xc) perf_event_open(&(0x7f00000001c0)={0x7, 0x70, 0x2, 0x3, 0xb01, 0x7, 0x0, 0x6, 0x10420, 0x9, 0x9, 0x9, 0x0, 0x2, 0x3f, 0x0, 0x20, 0x6, 0xfffffffffffffff7, 0xcc4, 0x6, 0x3f, 0x8, 0x5, 0x0, 0xfffffffffffffff8, 0x5, 0x8001, 0x3, 0x5, 0x2, 0x0, 0x7ff, 0x1, 0x2, 0x4, 0xfffffffffffffffb, 0xdc, 0x0, 0x9, 0x2, @perf_bp={&(0x7f00000000c0), 0x1}, 0x284a0, 0x7fffffff, 0x1f, 0x0, 0x8, 0x531, 0x7}, r0, 0xe, 0xffffffffffffff9c, 0x3) r1 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x1) r2 = dup3(r1, r1, 0x80000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000280)={0x8, 0x2, 0x4, 0x0, 0x0}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000300)={0xb934, 0x1, 0x8007, 0x2, 0x8, 0x1, 0x6, 0x7, r3}, &(0x7f0000000340)=0x20) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1163484000000000070000000400000000000000000000000000001900000000000000d1e3ffc248b7811e8e7f2a000000000100"/76], 0x0, 0x0, 0x0}) r4 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x169b00, 0x0) setsockopt$bt_hci_HCI_FILTER(r4, 0x0, 0x2, &(0x7f0000000040)={0x1, 0x9, 0x6, 0x1f}, 0x10) 17:06:32 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae2b, 0x0) 17:06:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000700000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1135b00cd50000000700000000000000000000000000000000000000000000000000000000000001000000000000000000000a000000000000000000000000000000000000000000000000001d2d054fd154b473cb29f1fa0979f71c2f0c00eb3b8d70be71ebac908ba9240000000000000f3b33103c8268be04ed790a3d2c760006ab2b957ea388046423b1d539e754267c58640fefbba5ccb71182aaf463e5d6b6550bc2d3df3159c7badf0b969c5c6f47801f523e7f6afb8331914b5e10d332ce287f0a3a07480ca8de08a5e7a663c33bda0963f9"], 0xffffffffffffffd3, 0x0, 0x0}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x20000, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r1, 0x8934, &(0x7f00000001c0)={'yam0\x00', 0xffff}) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x200, 0x0) ioctl$RTC_AIE_ON(r2, 0x7001) r3 = syz_open_dev$dmmidi(&(0x7f0000000200)='/dev/dmmidi#\x00', 0xffffffff, 0x20000) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000240)) [ 2858.115732][T11757] binder: 11730:11757 transaction failed 29201/-28, size 0-16128 line 3148 [ 2858.153201][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:32 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2858.216554][T11897] binder: 11889:11897 unknown command 212874513 [ 2858.249191][T11897] binder: 11889:11897 ioctl c0306201 20007000 returned -22 17:06:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000a00000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x5421, 0x0) [ 2858.352193][T11897] binder: 11889:11897 unknown command 212874513 17:06:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae2c, 0x0) [ 2858.394879][T11897] binder: 11889:11897 ioctl c0306201 20007000 returned -22 [ 2858.420845][T12249] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:32 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2858.513153][T12249] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2858.545257][T12249] binder: 12224:12249 transaction failed 29201/-28, size 0-16128 line 3148 [ 2858.574556][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:33 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x5450, 0x0) 17:06:33 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000000000000100000000b803000000000000000000000000000000ff0700"/76], 0x0, 0x0, 0x0}) 17:06:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000002000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2858.762686][T12594] binder_alloc: 13297: binder_alloc_buf size -72057594037927936 failed, no address space [ 2858.800589][T12594] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2858.820613][T12593] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2858.829906][T12594] binder: 12591:12594 transaction failed 29201/-28, size 0--72057594037927936 line 3148 [ 2858.840080][T12593] binder_alloc: allocated: 1344 (num: 166 largest: 16), free: 10944 (num: 1 largest: 10944) [ 2858.841897][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x12, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000000140)=[@increfs_done={0x40106308, r1}], 0x0, 0x0, 0x0}) [ 2858.872417][T12593] binder: 12592:12593 transaction failed 29201/-28, size 0-16128 line 3148 [ 2858.896205][T17448] binder: undelivered TRANSACTION_ERROR: 29201 [ 2858.934092][T12766] binder: 12729:12766 BC_INCREFS_DONE u0000000020ffd000 no match [ 2858.949552][T12818] binder: 12729:12818 BC_INCREFS_DONE u0000000020ffd000 no match 17:06:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae2d, 0x0) 17:06:33 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @loopback}, &(0x7f0000000040)=0x10, 0x800) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000001c0)={{{@in=@broadcast, @in6=@empty}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in=@remote}}, &(0x7f00000000c0)=0xe8) r2 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio\x00', 0x2000, 0x0) ioctl$SIOCX25CALLACCPTAPPRV(r2, 0x89e8) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f00000002c0)="fcc510002bb61f04dacded721fcad6d85aeb9029cde525e54eb93df3cb21c13c6ab8481d8924f9f9fff2187c9d8ed6b5b6f5bbb0fc75a0eb42db5467110bdf91b4b8339a80fa395f33fe4f91d5738745d9aeb3ca79d2b458cee4a6cdbc5af78723977295dbea687e2204049bac1a8f8060aa08dba29600e73c78ee88aa98a3379cf75c87520a1d3c18dcb9ed32be790d4dd3958ce8669eb0b90e0e02404a9596916f43ca87ecbdb968dac1c9678452611ae8cd612ae4f39c25cd4153afd325563339e76bd66ce3d829a2a4869ff797fc2e087d40bc3a2e37b32f6ff0ab50d22a76b820cc8acd9b2017187cdf0b432c5f5afd8cfb5a62b9c72d341ca8a55a165e") ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f00000003c0)={0x9, 0x7fffffff}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x4c, 0x0, &(0x7f0000000400)=[@transaction_sg={0x40486311, {{0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) 17:06:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x5451, 0x0) 17:06:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000003f00000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:33 executing program 5: r0 = socket$inet6(0xa, 0x80000, 0x8) setsockopt$inet6_mreq(r0, 0x29, 0x8000000001b, &(0x7f0000000040)={@remote}, 0x14) syz_emit_ethernet(0x22d, &(0x7f00000001c0)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "833132", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe80]}, @remote, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 2859.145064][ T5566] binder: release 12981:13000 transaction 5060 out, still active [ 2859.176297][ T5566] binder: undelivered TRANSACTION_COMPLETE [ 2859.217191][ T5566] binder: release 12981:13000 transaction 5061 out, still active [ 2859.255306][ T5566] binder: undelivered TRANSACTION_COMPLETE [ 2859.277188][T13135] binder: 13107:13135 transaction failed 29201/-28, size 0-16128 line 3148 [ 2859.362511][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:34 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:34 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000200)) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x40, 0x4) 17:06:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000004800000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:34 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae2e, 0x0) 17:06:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x5452, 0x0) 17:06:34 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0xff0e) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x2000, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f00000001c0)={{0x2f, @empty, 0x4e21, 0x2, 'ovf\x00', 0x8, 0x9, 0x55}, {@empty, 0x4e20, 0x10000, 0x3, 0x5, 0x6e08}}, 0x44) r2 = dup(r0) ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f00000000c0)=r2) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000040)=0x1, 0x4) sendmmsg(r0, &(0x7f0000002580)=[{{&(0x7f0000000140)=@hci, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000000880)}}, {{&(0x7f0000000400)=@sco, 0x359, &(0x7f0000000a80), 0x26c, &(0x7f0000000c40)}}], 0x4000000000002f0, 0x0) [ 2859.699375][T13424] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2859.728474][T13424] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:34 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000004c00000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:34 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x0, 0x8de7d8f023d06bd7}, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='bridge0\x00', 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000000480), 0x1e, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) mkdir(&(0x7f0000000400)='./file0\x00', 0x80) r3 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x0, 0x20000) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x2}}, 0x20) connect$rds(r3, &(0x7f0000000440)={0x2, 0x4e22, @rand_addr=0x80000001}, 0x10) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f00000003c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000180), r4, 0x1}}, 0x18) write$binfmt_elf64(r2, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 17:06:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x5460, 0x0) 17:06:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae2f, 0x0) [ 2860.019590][T13872] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2860.086395][T13872] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:34 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000006000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:34 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x40049409, 0x0) 17:06:34 executing program 5: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@empty, 0x8, 0x2, 0x3, 0xf, 0x400, 0x101}, 0x20) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) perf_event_open(&(0x7f0000000580)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f0000001300), 0x40000a2, 0x0, &(0x7f00000013c0)={0x0, 0x1c9c380}) 17:06:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae30, 0x0) [ 2860.544124][T14272] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2860.590108][T14272] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x0, 0x2) socket$nl_crypto(0x10, 0x3, 0x15) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x202100, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x94, &(0x7f0000000080)=[@in={0x2, 0x4e22, @loopback}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e21, @multicast1}, @in6={0xa, 0x4e23, 0x9, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7ff}, @in6={0xa, 0x4e21, 0x4000000, @mcast1, 0x8}, @in6={0xa, 0x4e23, 0x7, @mcast1, 0x1}, @in={0x2, 0x4e21, @rand_addr=0x9}]}, &(0x7f00000001c0)=0x10) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000200)={r3, 0x9}, 0x8) ioctl$SG_IO(r1, 0x2285, 0x0) write$binfmt_script(r1, &(0x7f0000000580)=ANY=[], 0xda) write$P9_RREAD(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="2e00000075040000000000abe63035949eec64fe1108bef38a5998c79a92fc2af5000000000000000000"], 0x2a) setsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000240)={r3, 0x10000}, 0x8) 17:06:35 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000006800000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:35 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000001440)='/dev/snd/pcmC#D#c\x00', 0xdef0, 0x200200) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000001480)=0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0xd, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x8, &(0x7f00000000c0), 0x8) dup3(r4, r3, 0x0) close(r2) 17:06:35 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x4004ae8b, 0x0) [ 2860.944767][T14765] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:35 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2860.994453][T14765] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae31, 0x0) 17:06:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$midi(&(0x7f0000000180)='/dev/midi#\x00', 0xc0000, 0x800) ioctl$sock_ax25_SIOCDELRT(r1, 0x890c, &(0x7f00000001c0)={@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @default, @null, @bcast]}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r2 = socket(0x10, 0x803, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r2, 0x10e, 0x3, &(0x7f0000000080)=0x3, 0x4) write(r2, &(0x7f0000df8fd9)="2600000022004701050007000200e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) getsockopt$bt_hci(r2, 0x0, 0x0, &(0x7f00000000c0)=""/180, &(0x7f0000000040)=0xb4) r3 = fcntl$dupfd(r2, 0x0, r0) ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x7) recvmsg(r2, &(0x7f0000002400)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee8}, 0x200000000000000) 17:06:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000006c00000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:35 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:35 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3000002, 0x400032, 0xffffffffffffffff, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000080)) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000040)) 17:06:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x4004ae99, 0x0) 17:06:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) 17:06:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000007400000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:35 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2861.579568][T15445] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2861.579578][T15445] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2861.661807][T15445] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2861.661824][T15445] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2861.705591][T15445] binder_transaction: 5 callbacks suppressed [ 2861.705610][T15445] binder: 15443:15445 transaction failed 29201/-28, size 0-16128 line 3148 [ 2861.734176][ T5566] binder_release_work: 5 callbacks suppressed [ 2861.734184][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:36 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:36 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) write$FUSE_INIT(r1, &(0x7f0000000140)={0x45}, 0x50) 17:06:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae32, 0x0) 17:06:36 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x4020940d, 0x0) 17:06:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000007a00000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2861.916225][T15764] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2861.955525][T15764] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2861.971993][T15764] binder: 15755:15764 transaction failed 29201/-28, size 0-16128 line 3148 [ 2861.998375][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:36 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000fffffdfd00000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x4048ae9b, 0x0) 17:06:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae33, 0x0) [ 2862.273173][T16185] binder: 16159:16185 transaction failed 29201/-28, size 0-16128 line 3148 [ 2862.299854][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:36 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:36 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:36 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x401012f7, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b92481f2b6049517f74de08916cf213343b15d035fc2fe51426f3c9125e1da89cad2929cd06aca1bd4b0a988279268e61234ff8a41cd19abd481eb55130d64ca", "a3510a8deb27705deb2fac58f4f379ddd8e50e8d868ee0425ecfc1c6f4a716df3e4be867d973bcc3e056a1a04eafdeacbd0e434a62db69a6bd53316c42f16b21", "f0642b0793a51cd04ad5c00d6cf24b506d17a8df96c5968a4226e09f847e4b08"}) 17:06:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000200000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x4090ae82, 0x0) [ 2862.643940][T16626] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:37 executing program 5: r0 = request_key(0x0, 0x0, 0x0, 0xfffffffffffffffa) keyctl$update(0x2, r0, 0x0, 0xfffffffffffffcd9) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000000)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) syz_genetlink_get_family_id$fou(0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r2, 0x0) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000140)) open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x27) 17:06:37 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2862.689900][T16626] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2862.702323][T16626] binder: 16609:16626 transaction failed 29201/-28, size 0-16128 line 3148 [ 2862.753790][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000300000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:37 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='memory.current\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x28) r1 = perf_event_open(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x3) ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup(r0, &(0x7f0000000600)='\x00\x02\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TUNSETTXFILTER(r2, 0x400454d1, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_type(r3, &(0x7f0000000580)='cgroup.type\x00', 0x2, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) sendmsg(r4, &(0x7f0000000440)={&(0x7f0000000000)=@nfc={0x103, 0x14}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="9cabbf0400cbb14041", 0x9}], 0x1}, 0x40000) write$cgroup_int(r2, &(0x7f0000000240), 0x12) openat$cgroup_ro(r3, &(0x7f0000000080)='memory.current\x00', 0x0, 0x0) r5 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) gettid() r6 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, 0x0}, 0x24000001) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_type(r1, &(0x7f0000000380)='cgroup.type\x00', 0x2, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(r5, &(0x7f00000003c0)=0x100, 0x12) 17:06:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae34, 0x0) 17:06:37 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x4138ae84, 0x0) [ 2863.058359][T17030] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2863.108100][T17030] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2863.140603][T17030] binder: 17023:17030 transaction failed 29201/-28, size 0-16128 line 3148 17:06:37 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2863.185396][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:37 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000400000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x41a0ae8d, 0x0) [ 2863.434007][T17536] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:37 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae35, 0x0) 17:06:37 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2863.521814][T17536] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2863.573845][T17536] binder: 17531:17536 transaction failed 29201/-28, size 0-16128 line 3148 17:06:38 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) [ 2863.616726][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x8004ae98, 0x0) 17:06:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000500000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:38 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:38 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) [ 2863.881373][T17973] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2863.911893][T17973] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2863.957789][T17973] binder: 17971:17973 transaction failed 29201/-28, size 0-16128 line 3148 [ 2863.985852][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:38 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae36, 0x0) 17:06:38 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:38 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, 0x0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000600000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x8090ae81, 0x0) 17:06:38 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, 0x0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) [ 2864.344754][T18300] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:38 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, 0x0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) [ 2864.445000][T18300] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2864.477403][T18300] binder: 18295:18300 transaction failed 29201/-28, size 0-16128 line 3148 17:06:38 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2864.500190][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x8138ae83, 0x0) 17:06:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000700000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:39 executing program 5: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) [ 2864.768778][T18828] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2864.801210][T18828] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2864.848060][T18828] binder: 18826:18828 transaction failed 29201/-28, size 0-16128 line 3148 [ 2864.861058][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:39 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae37, 0x0) 17:06:39 executing program 5: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:39 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0x81a0ae8c, 0x0) 17:06:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000a00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2865.250699][T19041] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2865.318495][T19041] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2865.341637][T19041] binder: 19039:19041 transaction failed 29201/-28, size 0-16128 line 3148 17:06:39 executing program 5: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:39 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2865.390822][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:39 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xc0045878, 0x0) 17:06:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000004800000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae38, 0x0) [ 2865.730936][T19569] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2865.800638][T19569] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:40 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:40 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:40 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xc0045878, 0x0) 17:06:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000004c00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae39, 0x0) 17:06:40 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000006000000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:40 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xc0189436, 0x0) 17:06:40 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:40 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:41 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000006800000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae3a, 0x0) [ 2866.699885][T20692] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2866.699895][T20692] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:41 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:41 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xc018ae85, 0x0) [ 2866.841686][T20692] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2866.841703][T20692] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:41 executing program 5: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) [ 2866.902710][T20692] binder_transaction: 3 callbacks suppressed [ 2866.902730][T20692] binder: 20688:20692 transaction failed 29201/-28, size 0-16128 line 3148 [ 2866.970801][ T5566] binder_release_work: 3 callbacks suppressed [ 2866.970809][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:41 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, 0x0, 0x0) 17:06:41 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000006c00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:41 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae3b, 0x0) [ 2867.171099][T21162] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2867.205121][T21162] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xc020660b, 0x0) 17:06:41 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, 0x0, 0x0) [ 2867.255575][T21162] binder: 21158:21162 transaction failed 29201/-28, size 0-16128 line 3148 17:06:41 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2867.314626][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000007400000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:41 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, 0x0, 0x0) 17:06:41 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2867.570864][T21566] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2867.618958][T21566] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2) 17:06:42 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:42 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) [ 2867.667354][T21566] binder: 21536:21566 transaction failed 29201/-28, size 0-16128 line 3148 [ 2867.700605][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:42 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae3c, 0x0) 17:06:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000007a00000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:42 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) [ 2867.985255][T22021] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2868.014988][T22021] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3) 17:06:42 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) [ 2868.064057][T22021] binder: 21957:22021 transaction failed 29201/-28, size 0-16128 line 3148 17:06:42 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2868.106260][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000003000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:42 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 17:06:42 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2868.309079][T22432] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2868.364414][T22432] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2868.421768][T22432] binder: 22431:22432 transaction failed 29201/-28, size 0-16128 line 3148 [ 2868.458584][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:42 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000005000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae3d, 0x0) 17:06:42 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 17:06:42 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4) [ 2868.629372][T22746] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) [ 2868.687183][T22746] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2868.746977][T22746] binder: 22739:22746 transaction failed 29201/-28, size 0-16128 line 3148 17:06:43 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2868.796650][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x5) 17:06:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, 0x0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000006000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, 0x0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) [ 2869.023089][T23262] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2869.090579][T23262] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2869.154069][T23262] binder: 23260:23262 transaction failed 29201/-28, size 0-16128 line 3148 [ 2869.176660][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:43 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:43 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae3e, 0x0) 17:06:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6) 17:06:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, 0x0, 0x701, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000007000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2869.539269][T23479] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:43 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x0, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) [ 2869.580587][T23479] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2869.604185][T23479] binder: 23473:23479 transaction failed 29201/-28, size 0-16128 line 3148 [ 2869.624348][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:44 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000a000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:44 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x0, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x7) [ 2869.865442][T23977] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae41, 0x0) [ 2869.911223][T23977] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2869.961678][T23977] binder: 23969:23977 transaction failed 29201/-28, size 0-16128 line 3148 [ 2870.013580][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:44 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:44 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:44 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x0, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 17:06:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x8) 17:06:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000020000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae42, 0x0) [ 2870.433718][T24316] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:44 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2870.478817][T24316] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:44 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2870.565397][T24316] binder: 24315:24316 transaction failed 29201/-28, size 0-16128 line 3148 [ 2870.621079][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x9) [ 2870.669041][T24470] input: syz1 as /devices/virtual/input/input12 17:06:45 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000003f000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2870.766962][T24814] input: syz1 as /devices/virtual/input/input13 17:06:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2871.015106][T25144] input: syz1 as /devices/virtual/input/input14 17:06:45 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae43, 0x0) 17:06:45 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000048000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xa) 17:06:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2871.381013][T25159] input: syz1 as /devices/virtual/input/input15 17:06:45 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000004c000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xb) 17:06:46 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000060000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2871.763423][T25687] input: syz1 as /devices/virtual/input/input16 17:06:46 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2871.884536][T25844] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2871.884546][T25844] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae44, 0x0) 17:06:46 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2871.940640][T25844] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2871.940657][T25844] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) dup3(r0, r1, 0x0) [ 2871.997216][T25844] binder_transaction: 3 callbacks suppressed [ 2871.997234][T25844] binder: 25828:25844 transaction failed 29201/-28, size 0-16128 line 3148 17:06:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xc) [ 2872.039059][ T5566] binder_release_work: 3 callbacks suppressed [ 2872.039066][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:46 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2872.157155][T26112] input: syz1 as /devices/virtual/input/input17 17:06:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000068000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) dup3(r0, r1, 0x0) 17:06:46 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2872.337532][T26304] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2872.411402][T26304] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:46 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae45, 0x0) [ 2872.455835][T26304] binder: 26282:26304 transaction failed 29201/-28, size 0-16128 line 3148 [ 2872.496718][T26480] input: syz1 as /devices/virtual/input/input18 [ 2872.503507][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xd) 17:06:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000006c000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:47 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:47 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) dup3(r0, r1, 0x0) [ 2872.784700][T26807] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2872.809240][T26806] input: syz1 as /devices/virtual/input/input19 [ 2872.818209][T26807] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe) [ 2872.848517][T26807] binder: 26792:26807 transaction failed 29201/-28, size 0-16128 line 3148 [ 2872.883059][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:47 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae46, 0x0) 17:06:47 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000074000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2873.084746][T27162] input: syz1 as /devices/virtual/input/input20 [ 2873.141505][T27335] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2873.154241][T27335] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2873.174153][T27335] binder: 27169:27335 transaction failed 29201/-28, size 0-16128 line 3148 17:06:47 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:47 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf) [ 2873.264313][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:47 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, 0xffffffffffffffff, 0x0) 17:06:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000007a000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:47 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae47, 0x0) [ 2873.475991][T27674] input: syz1 as /devices/virtual/input/input21 [ 2873.527608][T27693] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2873.541846][T27693] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2873.591489][T27693] binder: 27679:27693 transaction failed 29201/-28, size 0-16128 line 3148 [ 2873.616997][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, 0xffffffffffffffff, 0x0) 17:06:48 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000003f0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x10) [ 2873.761461][T27993] input: syz1 as /devices/virtual/input/input22 17:06:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, 0xffffffffffffffff, 0x0) [ 2873.836920][T28033] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2873.869224][T28033] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2873.894957][T28033] binder: 28025:28033 transaction failed 29201/-28, size 0-16128 line 3148 [ 2873.921996][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:48 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2873.978887][T28203] input: syz1 as /devices/virtual/input/input23 17:06:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae48, 0x0) 17:06:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000100000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x11) 17:06:48 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:48 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2874.291900][T28520] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2874.310677][T28520] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2874.349332][T28520] binder: 28514:28520 transaction failed 29201/-28, size 0-16128 line 3148 [ 2874.382931][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x12) 17:06:48 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000200000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae49, 0x0) [ 2874.684537][T29012] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2874.748667][T29012] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:49 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2874.791370][T29012] binder: 28991:29012 transaction failed 29201/-28, size 0-16128 line 3148 [ 2874.820314][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x13) 17:06:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000300000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2875.102368][T29538] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2875.130126][T29538] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:49 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae4a, 0x0) [ 2875.161076][T29538] binder: 29536:29538 transaction failed 29201/-28, size 0-16128 line 3148 17:06:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x14) [ 2875.220529][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:49 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000400000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2875.512363][T29930] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2875.522350][T29930] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x15) 17:06:49 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2875.591392][T29930] binder: 29914:29930 transaction failed 29201/-28, size 0-16128 line 3148 [ 2875.647814][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:50 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup3(0xffffffffffffffff, r0, 0x0) 17:06:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000500000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae4b, 0x0) 17:06:50 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x16) 17:06:50 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup3(0xffffffffffffffff, r0, 0x0) 17:06:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000600000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:50 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:50 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup3(0xffffffffffffffff, r0, 0x0) 17:06:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000700000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x17) 17:06:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:50 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae4c, 0x0) 17:06:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000a00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:51 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x18) 17:06:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000002000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:51 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae4d, 0x0) [ 2877.016851][T31693] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 2877.016863][T31693] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2877.140576][T31693] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 2877.140614][T31693] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:51 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2877.219653][T31693] binder_transaction: 4 callbacks suppressed [ 2877.219672][T31693] binder: 31692:31693 transaction failed 29201/-28, size 0-16128 line 3148 17:06:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x19) 17:06:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2877.282778][T17448] binder_release_work: 4 callbacks suppressed [ 2877.282786][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae4e, 0x0) 17:06:51 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000003f00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2877.630294][T32378] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2877.668252][T32378] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2877.683272][T32378] binder: 32292:32378 transaction failed 29201/-28, size 0-16128 line 3148 [ 2877.701435][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:52 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1a) 17:06:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000004800000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae4f, 0x0) [ 2877.913796][T32639] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2877.988221][T32639] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:52 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2878.037466][T32639] binder: 32633:32639 transaction failed 29201/-28, size 0-16128 line 3148 [ 2878.051951][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1b) 17:06:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000004c00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:52 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2878.310113][ T694] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae50, 0x0) [ 2878.364471][ T694] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2878.406319][ T694] binder: 692:694 transaction failed 29201/-28, size 0-16128 line 3148 [ 2878.446035][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:53 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:53 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1c) 17:06:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000006000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae51, 0x0) [ 2878.809067][ T1126] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2878.875128][ T1126] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:53 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2878.929813][ T1126] binder: 1121:1126 transaction failed 29201/-28, size 0-16128 line 3148 [ 2878.966748][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1d) 17:06:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000006800000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:53 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2879.276935][ T1678] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2879.321116][ T1678] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2879.354911][ T1678] binder: 1675:1678 transaction failed 29201/-28, size 0-16128 line 3148 [ 2879.377228][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae52, 0x0) 17:06:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1e) 17:06:54 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000006c00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2879.719192][ T1998] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:06:54 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2879.761711][ T1998] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2879.839049][ T1998] binder: 1994:1998 transaction failed 29201/-28, size 0-16128 line 3148 17:06:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2879.900753][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x21) 17:06:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000007400000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:54 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2880.149689][ T2539] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2880.204413][ T2539] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2880.262315][ T2539] binder: 2534:2539 transaction failed 29201/-28, size 0-16128 line 3148 [ 2880.308640][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae53, 0x0) 17:06:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x23) 17:06:54 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:54 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000007a00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2880.642093][ T2879] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2880.651873][ T2877] input: syz1 as /devices/virtual/input/input39 [ 2880.675916][ T2879] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2880.699673][ T2879] binder: 2873:2879 transaction failed 29201/-28, size 0-16128 line 3148 17:06:55 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2880.746264][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:55 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x25) 17:06:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000fffffdfd00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2880.947263][ T3343] input: syz1 as /devices/virtual/input/input40 17:06:55 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2881.028698][ T3463] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2881.057899][ T3463] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae54, 0x0) [ 2881.071295][ T3463] binder: 3432:3463 transaction failed 29201/-28, size 0-16128 line 3148 [ 2881.149356][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:55 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:55 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:55 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000fdfdffff00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x26) 17:06:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae55, 0x0) 17:06:56 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2881.618569][ T3900] input: syz1 as /devices/virtual/input/input41 17:06:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000003f00000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:56 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:06:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x27) [ 2881.861327][ T4211] input: syz1 as /devices/virtual/input/input42 17:06:56 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:56 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2882.157619][ T4532] input: syz1 as /devices/virtual/input/input43 17:06:56 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000001000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:56 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae56, 0x0) 17:06:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x29) 17:06:56 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) [ 2882.549329][ T4653] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2882.549338][ T4653] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2882.613515][ T4665] input: syz1 as /devices/virtual/input/input44 17:06:57 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:57 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup3(r0, r1, 0x0) [ 2882.727097][ T4653] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2882.727113][ T4653] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2882.783097][ T4653] binder_transaction: 2 callbacks suppressed [ 2882.783114][ T4653] binder: 4643:4653 transaction failed 29201/-28, size 0-16128 line 3148 17:06:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2b) [ 2882.850169][ T5566] binder_release_work: 2 callbacks suppressed [ 2882.850176][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 [ 2882.866073][ T5039] input: syz1 as /devices/virtual/input/input45 17:06:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae57, 0x0) 17:06:57 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000002000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2883.098205][ T5253] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2883.110765][ T5253] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2883.134166][ T5253] binder: 5247:5253 transaction failed 29201/-28, size 0-16128 line 3148 [ 2883.177080][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:57 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:57 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup3(r0, r1, 0x0) 17:06:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2d) 17:06:57 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000003000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae58, 0x0) [ 2883.456701][ T5590] input: syz1 as /devices/virtual/input/input46 [ 2883.511299][ T5593] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2883.534552][ T5593] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2883.559557][ T5593] binder: 5592:5593 transaction failed 29201/-28, size 0-16128 line 3148 [ 2883.588000][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:58 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) dup3(r0, r1, 0x0) 17:06:58 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000004000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2883.748653][ T6015] input: syz1 as /devices/virtual/input/input47 17:06:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2e) 17:06:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae59, 0x0) 17:06:58 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2883.895036][ T6129] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2883.918402][ T6129] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2883.930992][ T6129] binder: 6096:6129 transaction failed 29201/-28, size 0-16128 line 3148 17:06:58 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(0xffffffffffffffff, r1, 0x0) [ 2883.995952][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2f) [ 2884.087832][ T6405] input: syz1 as /devices/virtual/input/input48 17:06:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000005000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2884.256951][ T6550] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2884.281222][ T6550] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:06:58 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae5a, 0x0) 17:06:58 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:58 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(0xffffffffffffffff, r1, 0x0) [ 2884.318934][ T6550] binder: 6547:6550 transaction failed 29201/-28, size 0-16128 line 3148 [ 2884.375878][ T6614] input: syz1 as /devices/virtual/input/input49 [ 2884.390816][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x31) 17:06:58 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000006000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:58 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(0xffffffffffffffff, r1, 0x0) [ 2884.694913][ T7019] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2884.734798][ T7072] input: syz1 as /devices/virtual/input/input50 17:06:59 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2884.749184][ T7019] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2884.785493][ T7019] binder: 6971:7019 transaction failed 29201/-28, size 0-16128 line 3148 17:06:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae5b, 0x0) [ 2884.838502][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:06:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, 0xffffffffffffffff, 0x0) 17:06:59 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2885.038937][ T7395] input: syz1 as /devices/virtual/input/input51 17:06:59 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:06:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000007000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:06:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x33) 17:06:59 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, 0xffffffffffffffff, 0x0) 17:06:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae5c, 0x0) [ 2885.326172][ T7622] input: syz1 as /devices/virtual/input/input52 [ 2885.340967][ T7623] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2885.376700][ T7623] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2885.395791][ T7623] binder: 7617:7623 transaction failed 29201/-28, size 0-16128 line 3148 [ 2885.411303][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:06:59 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:06:59 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, 0xffffffffffffffff, 0x0) 17:06:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000000a000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae5d, 0x0) [ 2885.662064][ T8085] input: syz1 as /devices/virtual/input/input53 [ 2885.687112][ T8118] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x35) 17:07:00 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2885.771936][ T8118] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:00 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) [ 2885.822696][ T8118] binder: 8051:8118 transaction failed 29201/-28, size 0-16128 line 3148 17:07:00 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2885.867476][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000020000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:00 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae5e, 0x0) 17:07:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x36) 17:07:00 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) [ 2886.146767][ T8652] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2886.202597][ T8652] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2886.261075][ T8652] binder: 8639:8652 transaction failed 29201/-28, size 0-16128 line 3148 [ 2886.279632][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:00 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:00 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000003f000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x37) [ 2886.579483][ T9103] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2886.595899][ T9103] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2886.609474][ T9103] binder: 9057:9103 transaction failed 29201/-28, size 0-16128 line 3148 [ 2886.630894][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:01 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae5f, 0x0) 17:07:01 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000048000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:01 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x38) 17:07:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000004c000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:01 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:01 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:01 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae60, 0x0) 17:07:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000060000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x39) 17:07:02 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:02 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae61, 0x0) [ 2887.701883][T10226] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2887.701893][T10226] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:02 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x4004743b, &(0x7f0000000040)) [ 2887.768130][T10226] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2887.768146][T10226] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:02 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2887.837867][T10226] binder_transaction: 2 callbacks suppressed [ 2887.837886][T10226] binder: 10218:10226 transaction failed 29201/-28, size 0-16128 line 3148 [ 2887.861221][ T5566] binder_release_work: 2 callbacks suppressed [ 2887.861228][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:02 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x4004743b, &(0x7f0000000040)) 17:07:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3b) 17:07:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000068000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:02 executing program 5: openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x4004743b, &(0x7f0000000040)) [ 2888.118789][T10728] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2888.128335][T10728] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2888.139391][T10728] binder: 10711:10728 transaction failed 29201/-28, size 0-16128 line 3148 [ 2888.150838][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000006c000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:02 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3d) 17:07:02 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r0, 0x4004743b, &(0x7f0000000040)) 17:07:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae62, 0x0) [ 2888.623857][T10967] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:03 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r0, 0x4004743b, &(0x7f0000000040)) [ 2888.671823][T10967] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:03 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:03 executing program 5: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r0, 0x4004743b, &(0x7f0000000040)) [ 2888.725330][T10967] binder: 10964:10967 transaction failed 29201/-28, size 0-16128 line 3148 [ 2888.765391][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000074000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae63, 0x0) 17:07:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3e) [ 2888.997785][T11461] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2889.049782][T11461] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2889.066312][T11461] binder: 11460:11461 transaction failed 29201/-28, size 0-16128 line 3148 [ 2889.121230][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:03 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae64, 0x0) 17:07:03 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:03 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000007a000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x41) [ 2889.530299][T11804] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:03 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) [ 2889.578809][T11804] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2889.631846][T11804] binder: 11798:11804 transaction failed 29201/-28, size 0-16128 line 3148 17:07:04 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x44) 17:07:04 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) [ 2889.703264][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae65, 0x0) 17:07:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000fffffdfd000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:04 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:04 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:04 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2890.031413][T12385] binder: 12374:12385 transaction failed 29201/-28, size 0-16128 line 3148 17:07:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x46) 17:07:04 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) [ 2890.116813][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:04 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000002000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:04 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(0xffffffffffffffff, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae66, 0x0) [ 2890.402347][T12754] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:04 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2890.470775][T12754] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2890.496640][T12754] binder: 12748:12754 transaction failed 29201/-28, size 0-16128 line 3148 17:07:04 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x48) [ 2890.522749][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000003000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:05 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:05 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae67, 0x0) 17:07:05 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4a) [ 2891.005854][T13382] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2891.021772][T13382] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2891.070525][T13382] binder: 13380:13382 transaction failed 29201/-28, size 0-16128 line 3148 17:07:05 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, 0xffffffffffffffff) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) [ 2891.116675][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:05 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:05 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4c) 17:07:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000004000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:05 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:05 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2891.434524][T13908] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2891.494474][T13908] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2891.541165][T13908] binder: 13848:13908 transaction failed 29201/-28, size 0-16128 line 3148 17:07:05 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae68, 0x0) 17:07:06 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) [ 2891.584266][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4f) 17:07:06 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:06 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:06 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000005000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2891.972679][T14351] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2892.002280][T14351] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:06 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae69, 0x0) [ 2892.038085][T14351] binder: 14346:14351 transaction failed 29201/-28, size 0-16128 line 3148 [ 2892.064102][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:06 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x64) 17:07:06 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, &(0x7f0000000040)) 17:07:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000006000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:06 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2892.378371][T14801] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2892.401035][T14801] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x65) 17:07:07 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:07 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x4004743b, &(0x7f0000000040)) 17:07:07 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae6a, 0x0) 17:07:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000007000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x66) [ 2892.882262][T15297] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2892.926919][T15297] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2892.944423][T15297] binder_transaction: 1 callbacks suppressed [ 2892.944443][T15297] binder: 15291:15297 transaction failed 29201/-28, size 0-16128 line 3148 [ 2892.977883][ T5566] binder_release_work: 1 callbacks suppressed [ 2892.977891][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:07 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:07 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x4004743b, &(0x7f0000000040)) 17:07:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000a000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x67) 17:07:07 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2893.240080][T15800] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2893.261348][T15800] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2893.273987][T15800] binder: 15727:15800 transaction failed 29201/-28, size 0-16128 line 3148 [ 2893.313329][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:07 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae6b, 0x0) 17:07:07 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:07 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x4004743b, &(0x7f0000000040)) 17:07:07 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000048000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xd8) 17:07:08 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, 0x0) [ 2893.635874][T16143] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2893.649011][T16143] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2893.666971][T16143] binder: 16130:16143 transaction failed 29201/-28, size 0-16128 line 3148 [ 2893.667792][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:08 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000004c000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2893.898589][T16432] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2893.926680][T16432] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:08 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, 0x0) [ 2893.945572][T16432] binder: 16399:16432 transaction failed 29201/-28, size 0-16128 line 3148 17:07:08 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2894.023612][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:08 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae6c, 0x0) 17:07:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x300) 17:07:08 executing program 5: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ppp\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000180)=""/246) ioctl$PPPIOCSMAXCID(r1, 0x4004743b, 0x0) 17:07:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000060000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:08 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2894.321111][T16875] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2894.349294][T16875] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:08 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000001000)=ANY=[@ANYBLOB="7b1af8ff0000000069a2f8ff0000966f1503db0cfd2a0000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0xffffffffffffff87) r0 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) bind$packet(r0, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r0, 0x107, 0x5, &(0x7f0000001000), 0xc5) syz_emit_ethernet(0x4e, &(0x7f0000000080)={@local, @link_local, [{}], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2f, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 2894.409987][T16875] binder: 16874:16875 transaction failed 29201/-28, size 0-16128 line 3148 [ 2894.448325][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3e8) 17:07:08 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000068000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae6d, 0x0) [ 2894.696188][T17296] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2894.725026][T17296] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2894.756426][T17296] binder: 17295:17296 transaction failed 29201/-28, size 0-16128 line 3148 [ 2894.789014][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:09 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x480) 17:07:09 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:09 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r1, 0x701, 0x0, 0x0, {0xe}}, 0x14}}, 0x0) 17:07:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000006c000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2895.019507][T17717] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae6e, 0x0) [ 2895.067028][T17717] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2895.086543][T17717] binder: 17699:17717 transaction failed 29201/-28, size 0-16128 line 3148 17:07:09 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) semget(0x1, 0x1, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)={0x9, 0x80000001}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2895.115605][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:09 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000074000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x500) [ 2895.362672][T18088] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2895.412683][T18088] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:09 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:09 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2895.472817][T18088] binder: 18054:18088 transaction failed 29201/-28, size 0-16128 line 3148 [ 2895.537143][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae6f, 0x0) 17:07:10 executing program 5: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000200)=@full={0xb, @remote, @bcast, 0x0, [@null, @default, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x40) 17:07:10 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000007a000000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x600) 17:07:10 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, &(0x7f0000000000)) [ 2895.842443][T18660] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2895.867378][T18660] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2895.881308][T18660] binder: 18657:18660 transaction failed 29201/-28, size 0-16128 line 3148 17:07:10 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2895.920724][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae70, 0x0) 17:07:10 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, &(0x7f0000000000)) 17:07:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000030000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:10 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, &(0x7f0000000000)) [ 2896.218993][T19090] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2896.242236][T19090] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2896.293360][T19090] binder: 19086:19090 transaction failed 29201/-28, size 0-16128 line 3148 [ 2896.320075][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:10 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:10 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:10 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, &(0x7f0000000000)) 17:07:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x700) 17:07:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000050000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae71, 0x0) 17:07:10 executing program 5: ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0505510, &(0x7f0000000000)) 17:07:11 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000060000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:11 executing program 5: ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0505510, &(0x7f0000000000)) 17:07:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x900) 17:07:11 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:11 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000070000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:11 executing program 5: ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0505510, &(0x7f0000000000)) 17:07:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae72, 0x0) 17:07:11 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xa00) 17:07:11 executing program 5: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, &(0x7f0000000000)) 17:07:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000a0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:11 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:12 executing program 5: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, &(0x7f0000000000)) 17:07:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xb00) 17:07:12 executing program 5: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, &(0x7f0000000000)) 17:07:12 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000200000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:12 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae73, 0x0) 17:07:12 executing program 5: syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0505510, &(0x7f0000000000)) 17:07:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xc00) [ 2898.265227][T20883] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 2898.265238][T20883] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2898.301805][T20883] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 2898.301821][T20883] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:12 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:12 executing program 5: syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0505510, &(0x7f0000000000)) [ 2898.413086][T20883] binder_transaction: 4 callbacks suppressed [ 2898.413106][T20883] binder: 20880:20883 transaction failed 29201/-28, size 0-16128 line 3148 [ 2898.537444][T17448] binder_release_work: 4 callbacks suppressed [ 2898.537452][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xd00) 17:07:13 executing program 5: syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(0xffffffffffffffff, 0xc0505510, &(0x7f0000000000)) 17:07:13 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae74, 0x0) 17:07:13 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000003f0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:13 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:13 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, 0x0) 17:07:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe00) 17:07:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae75, 0x0) [ 2899.176216][T21739] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:13 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, 0x0) [ 2899.222134][T21739] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:13 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2899.263178][T21739] binder: 21730:21739 transaction failed 29201/-28, size 0-16128 line 3148 [ 2899.296492][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:13 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0505510, 0x0) 17:07:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000480000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf00) [ 2899.507987][T22231] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae76, 0x0) [ 2899.557660][T22231] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2899.577203][T22231] binder: 22212:22231 transaction failed 29201/-28, size 0-16128 line 3148 [ 2899.629717][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:14 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:14 executing program 5: r0 = socket(0x20000000000000a, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev, 0x1}, 0x1c) getsockopt$sock_buf(r0, 0x1, 0x1000000000000019, 0x0, &(0x7f00000000c0)) 17:07:14 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf7c) 17:07:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000004c0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae77, 0x0) [ 2900.072805][T22579] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2900.094812][T22579] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2900.130258][T22579] binder: 22575:22579 transaction failed 29201/-28, size 0-16128 line 3148 [ 2900.158846][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:14 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000600000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x10d8) [ 2900.332430][T23048] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2900.347334][T23048] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2900.361020][T23048] binder: 23046:23048 transaction failed 29201/-28, size 0-16128 line 3148 17:07:14 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2900.384623][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae78, 0x0) 17:07:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000680000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2900.627181][T23405] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2900.638580][T23405] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2900.666453][T23405] binder: 23401:23405 transaction failed 29201/-28, size 0-16128 line 3148 [ 2900.693142][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:15 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1100) 17:07:15 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae79, 0x0) 17:07:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000006c0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) dup2(r2, r1) [ 2900.968147][T23617] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2901.023869][T23617] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2901.040374][T23617] binder: 23613:23617 transaction failed 29201/-28, size 0-16128 line 3148 17:07:15 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) dup2(r2, r1) [ 2901.086714][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) dup2(r2, r1) 17:07:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000740000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1200) 17:07:15 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2901.362160][T24135] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2901.386481][T24135] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2901.442012][T24135] binder: 24120:24135 transaction failed 29201/-28, size 0-16128 line 3148 [ 2901.470425][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:16 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae7a, 0x0) 17:07:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1300) 17:07:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) dup2(r2, r1) 17:07:16 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000007a0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2901.854147][T24458] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2901.907775][T24458] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) dup2(r2, r1) 17:07:16 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2901.957990][T24458] binder: 24449:24458 transaction failed 29201/-28, size 0-16128 line 3148 [ 2901.990364][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1400) 17:07:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000003f00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:16 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:16 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) dup2(0xffffffffffffffff, r1) [ 2902.252234][T24969] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2902.308768][T24969] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2902.368110][T24969] binder: 24962:24969 transaction failed 29201/-28, size 0-16128 line 3148 [ 2902.393249][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:17 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1500) 17:07:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae7b, 0x0) 17:07:17 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000001000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:17 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) dup2(0xffffffffffffffff, r1) 17:07:17 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) writev(r1, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) dup2(0xffffffffffffffff, r1) 17:07:17 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000002000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1600) 17:07:17 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) dup2(r2, r1) 17:07:17 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:18 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae7c, 0x0) 17:07:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000003000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) dup2(r2, r1) 17:07:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1700) 17:07:18 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2903.686745][T26131] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2903.686755][T26131] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2903.720345][T26131] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2903.720363][T26131] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) dup2(r2, r1) 17:07:18 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2903.801746][T26131] binder_transaction: 2 callbacks suppressed [ 2903.801830][T26131] binder: 26124:26131 transaction failed 29201/-28, size 0-16128 line 3148 [ 2903.894377][ T5566] binder_release_work: 2 callbacks suppressed [ 2903.894390][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1800) 17:07:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000004000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:18 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae7d, 0x0) 17:07:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, 0xffffffffffffffff) [ 2904.079633][T26649] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2904.150807][T26649] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2904.181104][T26649] binder: 26599:26649 transaction failed 29201/-28, size 0-16128 line 3148 [ 2904.199590][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:18 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, 0xffffffffffffffff) 17:07:18 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000005000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1900) [ 2904.440334][T26924] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2904.455551][T26924] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:18 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, 0xffffffffffffffff) 17:07:18 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2904.493298][T26924] binder: 26923:26924 transaction failed 29201/-28, size 0-16128 line 3148 [ 2904.514997][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae7e, 0x0) 17:07:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000006000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:19 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1a00) [ 2904.802284][T27388] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:19 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2904.850110][T27388] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2904.871952][T27388] binder: 27351:27388 transaction failed 29201/-28, size 0-16128 line 3148 [ 2904.945831][ T5566] binder: undelivered TRANSACTION_ERROR: 29201 17:07:19 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000007000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:19 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1b00) 17:07:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x40049409, 0x0) [ 2905.237915][T27814] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2905.280887][T27814] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2905.323954][T27814] binder: 27806:27814 transaction failed 29201/-28, size 0-16128 line 3148 17:07:19 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2905.447147][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:19 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1c00) 17:07:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000a000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x4004ae8b, 0x0) [ 2905.753865][T28351] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:20 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2905.795835][T28351] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:20 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2905.861814][T28351] binder: 28333:28351 transaction failed 29201/-28, size 0-16128 line 3148 [ 2905.893998][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000020000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1d00) 17:07:20 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2906.105487][T28808] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x4004ae99, 0x0) [ 2906.168287][T28808] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2906.185597][T28808] binder: 28725:28808 transaction failed 29201/-28, size 0-16128 line 3148 [ 2906.226531][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:20 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:20 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000003f000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:20 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1e00) 17:07:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x4020940d, 0x0) [ 2906.541211][T29184] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2906.596301][T29184] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:21 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2906.669362][T29184] binder: 29183:29184 transaction failed 29201/-28, size 0-16128 line 3148 17:07:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2906.735950][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1f00) 17:07:21 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000048000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2907.073138][T29783] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2907.086725][T29783] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2907.098286][T29783] binder: 29748:29783 transaction failed 29201/-28, size 0-16128 line 3148 [ 2907.113735][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:21 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000004c000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x4048ae9b, 0x0) 17:07:21 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2100) [ 2907.417087][T30022] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2907.448354][T30022] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2907.459732][T30022] binder: 30019:30022 transaction failed 29201/-28, size 0-16128 line 3148 [ 2907.526813][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:22 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2300) 17:07:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000060000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x4090ae82, 0x0) 17:07:22 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2500) 17:07:22 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000068000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x4138ae84, 0x0) 17:07:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:22 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000006c000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2600) 17:07:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x41a0ae8d, 0x0) 17:07:23 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:23 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:23 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000074000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2700) 17:07:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x8004ae98, 0x0) [ 2909.242064][T31696] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2909.242077][T31696] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2909.268601][T31696] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2909.268618][T31696] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2909.300451][T31696] binder_transaction: 3 callbacks suppressed [ 2909.300468][T31696] binder: 31689:31696 transaction failed 29201/-28, size 0-16128 line 3148 17:07:23 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:23 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2909.386023][T13809] binder_release_work: 3 callbacks suppressed [ 2909.386056][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000007a000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2900) 17:07:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x8090ae81, 0x0) 17:07:24 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2909.645055][T32211] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2909.698568][T32211] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2909.743170][T32211] binder: 32209:32211 transaction failed 29201/-28, size 0-16128 line 3148 [ 2909.774758][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:24 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:24 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:24 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000fffffdfd000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2b00) 17:07:24 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x8138ae83, 0x0) [ 2910.145321][T32526] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:24 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2910.199334][T32526] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2910.236527][T32526] binder: 32524:32526 transaction failed 29201/-28, size 0-16128 line 3148 17:07:24 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2910.316297][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2d00) 17:07:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000fdfdffff000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:24 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:24 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2910.574962][ T583] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2910.632507][ T583] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2910.649876][ T583] binder: 575:583 transaction failed 29201/-28, size 0-16128 line 3148 [ 2910.683146][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:25 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 17:07:25 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2e00) 17:07:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000000000003f000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:25 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2911.067949][ T897] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:25 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000), 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2911.122313][ T897] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2911.155988][ T897] binder: 896:897 transaction failed 29201/-28, size 0-16128 line 3148 17:07:25 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2911.180167][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000010000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2f00) 17:07:25 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000), 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:25 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2911.453959][ T1435] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2911.484476][ T1435] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2911.517253][ T1435] binder: 1363:1435 transaction failed 29201/-28, size 0-16128 line 3148 [ 2911.557853][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:26 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xc0045878, 0x0) 17:07:26 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000), 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:26 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000020000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3100) [ 2911.946322][ T1773] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2911.998819][ T1773] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2912.027763][ T1773] binder: 1769:1773 transaction failed 29201/-28, size 0-16128 line 3148 17:07:26 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{0x0}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2912.059784][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:26 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000030000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3300) 17:07:26 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{0x0}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2912.334553][ T2259] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xc0045878, 0x0) [ 2912.378497][ T2259] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2912.418536][ T2259] binder: 2204:2259 transaction failed 29201/-28, size 0-16128 line 3148 [ 2912.469662][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:27 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:27 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{0x0}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:27 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000040000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3500) 17:07:27 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xc0189436, 0x0) [ 2912.857710][ T2631] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2912.886585][ T2631] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2912.910816][ T2631] binder: 2621:2631 transaction failed 29201/-28, size 0-16128 line 3148 [ 2912.937478][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:27 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:27 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000050000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3600) 17:07:27 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:27 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2913.225713][ T3189] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2913.338138][ T3189] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2913.359876][ T3189] binder: 3058:3189 transaction failed 29201/-28, size 0-16128 line 3148 [ 2913.383805][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:28 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xc018ae85, 0x0) 17:07:28 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000060000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:28 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3700) 17:07:28 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) socket$netlink(0x10, 0x3, 0x0) dup2(0xffffffffffffffff, r0) 17:07:28 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000070000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3800) 17:07:28 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:28 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) socket$netlink(0x10, 0x3, 0x0) dup2(0xffffffffffffffff, r0) 17:07:29 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xc020660b, 0x0) 17:07:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000000a0000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:29 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:29 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) socket$netlink(0x10, 0x3, 0x0) dup2(0xffffffffffffffff, r0) 17:07:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3900) [ 2914.705650][ T4397] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2914.705661][ T4397] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2914.753177][ T4397] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2914.753195][ T4397] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2914.795583][ T4397] binder_transaction: 2 callbacks suppressed [ 2914.795600][ T4397] binder: 4392:4397 transaction failed 29201/-28, size 0-16128 line 3148 [ 2914.825343][T17448] binder_release_work: 2 callbacks suppressed [ 2914.825350][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:29 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, 0xffffffffffffffff) 17:07:29 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000200000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3b00) 17:07:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x2) [ 2915.089545][ T4817] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:29 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, 0xffffffffffffffff) [ 2915.148379][ T4817] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2915.215188][ T4817] binder: 4793:4817 transaction failed 29201/-28, size 0-16128 line 3148 [ 2915.260922][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:29 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:29 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:29 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, 0xffffffffffffffff) 17:07:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000003f0000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3d00) 17:07:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x3) [ 2915.670408][ T5243] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2915.737689][ T5243] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:30 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:30 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="2e0000002e008183ad5de0713c444d000d00000810000340140003400000000037113e370000000000000000d1bd", 0x2e}], 0x1}, 0x0) [ 2915.786481][ T5243] binder: 5236:5243 transaction failed 29201/-28, size 0-16128 line 3148 [ 2915.824501][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3e00) 17:07:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000480000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") poll(&(0x7f00000001c0)=[{r1}], 0x1, 0x1f) 17:07:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x4) [ 2916.086202][ T5777] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2916.108983][ T5777] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2916.155124][ T5777] binder: 5768:5777 transaction failed 29201/-28, size 0-16128 line 3148 [ 2916.177042][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:30 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:30 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3f00) 17:07:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @local, @multicast1}, 0xc) 17:07:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000004c0000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x5) [ 2916.612408][ T6105] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2916.651815][ T6105] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:31 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:31 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2916.711865][ T6105] binder: 6091:6105 transaction failed 29201/-28, size 0-16128 line 3148 [ 2916.744395][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4000) 17:07:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000600000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:31 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x6) [ 2917.053544][ T6694] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2917.070091][ T6694] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2917.095661][ T6694] binder: 6653:6694 transaction failed 29201/-28, size 0-16128 line 3148 [ 2917.133689][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4100) 17:07:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000680000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:31 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x7) [ 2917.509135][ T7046] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2917.535492][ T7046] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2917.565054][ T7046] binder: 7039:7046 transaction failed 29201/-28, size 0-16128 line 3148 [ 2917.597746][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:32 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:32 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000006c0000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4400) 17:07:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x8) [ 2917.839111][ T7499] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2917.851467][ T7499] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2917.876925][ T7499] binder: 7470:7499 transaction failed 29201/-28, size 0-16128 line 3148 17:07:32 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2917.903726][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:32 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:32 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000740000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4600) 17:07:32 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:32 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x9) [ 2918.432054][ T8053] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:32 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) dup2(0xffffffffffffffff, r0) [ 2918.477075][ T8053] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2918.504896][ T8053] binder: 8041:8053 transaction failed 29201/-28, size 0-16128 line 3148 [ 2918.530083][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:32 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000007a0000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:33 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) dup2(0xffffffffffffffff, r0) 17:07:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4800) [ 2918.792580][ T8601] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:33 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2918.842745][ T8601] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2918.909129][ T8601] binder: 8520:8601 transaction failed 29201/-28, size 0-16128 line 3148 [ 2918.944500][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:33 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:33 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) dup2(0xffffffffffffffff, r0) 17:07:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xa) 17:07:33 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000fffffdfd0000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4a00) 17:07:33 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000020000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:33 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4c00) 17:07:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xb) 17:07:34 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:34 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000030000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:34 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) dup2(r0, 0xffffffffffffffff) 17:07:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xc) 17:07:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4f00) 17:07:34 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2920.179921][ T9765] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2920.179932][ T9765] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:34 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) dup2(r0, 0xffffffffffffffff) [ 2920.288326][ T9765] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2920.288341][ T9765] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:34 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2920.368181][ T9765] binder_transaction: 2 callbacks suppressed [ 2920.368211][ T9765] binder: 9760:9765 transaction failed 29201/-28, size 0-16128 line 3148 [ 2920.451720][T13809] binder_release_work: 2 callbacks suppressed [ 2920.451728][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6400) 17:07:34 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) dup2(r0, 0xffffffffffffffff) 17:07:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xd) 17:07:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000040000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2920.808540][T10293] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2920.853200][T10293] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2920.864563][T10293] binder: 10292:10293 transaction failed 29201/-28, size 0-16128 line 3148 [ 2920.886580][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:35 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:35 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6500) 17:07:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000050000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xe) [ 2921.136077][T10605] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2921.180197][T10605] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2921.205893][T10605] binder: 10604:10605 transaction failed 29201/-28, size 0-16128 line 3148 17:07:35 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2921.251164][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6600) 17:07:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000060000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:35 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2921.526278][T11126] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2921.582960][T11126] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2921.632422][T11126] binder: 11125:11126 transaction failed 29201/-28, size 0-16128 line 3148 [ 2921.643213][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:36 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xf) 17:07:36 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:36 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000070000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6700) 17:07:36 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2922.092383][T11443] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2922.117118][T11443] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2922.161359][T11443] binder: 11438:11443 transaction failed 29201/-28, size 0-16128 line 3148 17:07:36 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:36 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2922.228124][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:36 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000a0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:36 executing program 5: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:36 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2922.474424][T11916] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2922.535061][T11916] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2922.551735][T11916] binder: 11913:11916 transaction failed 29201/-28, size 0-16128 line 3148 [ 2922.570358][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:37 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x7c0f) 17:07:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x10) 17:07:37 executing program 5: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:37 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000480000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:37 executing program 5: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2922.993040][T12180] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2923.028422][T12180] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2923.093220][T12180] binder: 12178:12180 transaction failed 29201/-28, size 0-16128 line 3148 17:07:37 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2923.134216][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:37 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x8004) 17:07:37 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000004c0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:37 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2923.399346][T12682] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2923.439629][T12682] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2923.477623][T12682] binder: 12662:12682 transaction failed 29201/-28, size 0-16128 line 3148 [ 2923.538314][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:38 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x11) 17:07:38 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xd800) 17:07:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000600000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:38 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2923.924179][T13016] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2923.948246][T13016] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2923.988640][T13016] binder: 13015:13016 transaction failed 29201/-28, size 0-16128 line 3148 [ 2924.020885][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:38 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:38 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000680000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:38 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xd810) 17:07:38 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2924.249952][T13439] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:38 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x12) [ 2924.314413][T13439] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2924.366195][T13439] binder: 13438:13439 transaction failed 29201/-28, size 0-16128 line 3148 [ 2924.404792][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:39 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:39 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) 17:07:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe0fe) 17:07:39 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000006c0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x13) 17:07:39 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:39 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) dup2(0xffffffffffffffff, r0) 17:07:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000740000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe803) 17:07:39 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) dup2(0xffffffffffffffff, r0) 17:07:39 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000007a0000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2925.237307][T14513] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2925.237317][T14513] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:40 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:40 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x14) 17:07:40 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) dup2(0xffffffffffffffff, r0) 17:07:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x40000) 17:07:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000300000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2925.661699][T14726] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2925.670443][T14726] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2925.670460][T14726] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2925.716409][T14726] binder_transaction: 3 callbacks suppressed [ 2925.716426][T14726] binder: 14724:14726 transaction failed 29201/-28, size 0-16128 line 3148 [ 2925.740806][T13809] binder_release_work: 3 callbacks suppressed [ 2925.740813][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:40 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:40 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) dup2(r0, 0xffffffffffffffff) 17:07:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000500000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:40 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) dup2(r0, 0xffffffffffffffff) 17:07:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xc0000) [ 2925.978438][T15149] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2926.004227][T15149] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2926.037528][T15149] binder: 15088:15149 transaction failed 29201/-28, size 0-16128 line 3148 17:07:40 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2926.141288][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:40 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xfffff) 17:07:40 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) dup2(r0, 0xffffffffffffffff) 17:07:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x15) 17:07:40 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000600000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:40 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2926.587350][T15563] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2926.605608][T15563] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2926.621339][T15563] binder: 15557:15563 transaction failed 29201/-28, size 0-16128 line 3148 17:07:41 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f000037d000)=[{&(0x7f0000199fe1)="1f", 0x1}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) dup2(r1, r0) [ 2926.647962][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:41 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000700000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:41 executing program 5: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x16) [ 2926.880935][T15944] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2926.904237][T15944] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2926.921907][T15944] binder: 15930:15944 transaction failed 29201/-28, size 0-16128 line 3148 17:07:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x100000) [ 2927.007409][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:41 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:41 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:41 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000a00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:41 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:07:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x231860) 17:07:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x17) [ 2927.414586][T16400] input: syz1 as /devices/virtual/input/input54 [ 2927.450464][T16403] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2927.505854][T16403] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2927.523602][T16403] binder: 16401:16403 transaction failed 29201/-28, size 0-16128 line 3148 [ 2927.558189][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:42 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:07:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000002000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2927.743219][T16714] input: syz1 as /devices/virtual/input/input55 17:07:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x80ffff) 17:07:42 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2927.836568][T16907] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) dup3(r0, r1, 0x0) 17:07:42 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2927.927632][T16907] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x18) 17:07:42 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2928.077542][T17030] input: syz1 as /devices/virtual/input/input56 [ 2928.087465][T16907] binder: 16861:16907 transaction failed 29201/-28, size 0-16128 line 3148 [ 2928.154763][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1000000) 17:07:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:42 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000003f00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:42 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2928.413026][T17422] input: syz1 as /devices/virtual/input/input57 [ 2928.422508][T17426] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2928.450429][T17426] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:42 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2928.478492][T17426] binder: 17425:17426 transaction failed 29201/-28, size 0-16128 line 3148 [ 2928.506897][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:42 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x19) 17:07:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1000080) 17:07:43 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000004800000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2928.687246][T17779] input: syz1 as /devices/virtual/input/input58 [ 2928.791165][T17823] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:43 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:43 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2928.895252][T17823] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2928.947565][T18008] input: syz1 as /devices/virtual/input/input59 17:07:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2000000) [ 2928.989116][T17823] binder: 17819:17823 transaction failed 29201/-28, size 0-16128 line 3148 [ 2929.030284][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:43 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000004c00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2929.204148][T18312] input: syz1 as /devices/virtual/input/input60 17:07:43 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1a) [ 2929.299523][T18442] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:43 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:43 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2929.342582][T18442] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2929.382873][T18442] binder: 18363:18442 transaction failed 29201/-28, size 0-16128 line 3148 [ 2929.410366][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x3000000) 17:07:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000006000000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2929.630841][T18840] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2929.678135][T18840] binder: 18839:18840 transaction failed 29201/-28, size 0-16128 line 3148 [ 2929.710638][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:44 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:44 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:44 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x4000000) 17:07:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1b) 17:07:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000006800000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:44 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000006c00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:44 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x5000000) 17:07:44 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000007400000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:44 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2930.347387][T19686] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2930.347398][T19686] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:45 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:45 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1c) 17:07:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x6000000) 17:07:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000007a00000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2930.835342][T19907] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2930.878077][T19907] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2930.878097][T19907] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2930.914353][T19907] binder_transaction: 3 callbacks suppressed [ 2930.914371][T19907] binder: 19898:19907 transaction failed 29201/-28, size 0-16128 line 3148 17:07:45 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:45 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2930.959962][T17448] binder_release_work: 3 callbacks suppressed [ 2930.959970][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x7000000) 17:07:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000007000000000000000000000000003f000000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:45 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:45 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 2931.259252][T20427] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2931.325032][T20427] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2931.368717][T20427] binder: 20406:20427 transaction failed 29201/-28, size 0-16128 line 3148 [ 2931.391206][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:46 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1d) 17:07:46 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x8000000) 17:07:46 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 17:07:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000010000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2931.720573][T20749] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2931.776816][T20749] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2931.800874][T20749] binder: 20747:20749 transaction failed 29201/-28, size 0-16128 line 3148 17:07:46 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:46 executing program 5: ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) [ 2931.879892][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000020000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x9000000) 17:07:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1e) 17:07:46 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2932.130812][T21287] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2932.239806][T21287] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2932.253416][T21287] binder: 21281:21287 transaction failed 29201/-28, size 0-16128 line 3148 [ 2932.265577][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:46 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:46 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xa000000) 17:07:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000030000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:46 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x300) [ 2932.656664][T21724] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:47 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:47 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2932.749400][T21724] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2932.796322][T21724] binder: 21703:21724 transaction failed 29201/-28, size 0-16128 line 3148 [ 2932.813115][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000040000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xb000000) 17:07:47 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:47 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2933.073862][T22237] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x3e8) [ 2933.136081][T22237] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2933.190889][T22237] binder: 22214:22237 transaction failed 29201/-28, size 0-16128 line 3148 [ 2933.211073][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:47 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xc000000) 17:07:47 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:47 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000050000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:47 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2933.608284][T22769] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x500) 17:07:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2933.671953][T22769] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2933.694449][T22769] binder: 22765:22769 transaction failed 29201/-28, size 0-16128 line 3148 17:07:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xd000000) [ 2933.747274][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:48 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000060000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2933.976739][T23118] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2934.008503][T23118] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xe000000) [ 2934.061948][T23118] binder: 23105:23118 transaction failed 29201/-28, size 0-16128 line 3148 17:07:48 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2934.122590][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x600) 17:07:48 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:48 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:48 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000070000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:48 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0xf000000) 17:07:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x700) [ 2934.582189][T23810] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2934.621611][T23810] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2934.649032][T23810] binder: 23808:23810 transaction failed 29201/-28, size 0-16128 line 3148 [ 2934.710370][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:49 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000a0000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x10000000) [ 2934.967088][T24226] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2934.980261][T24226] binder: 24214:24226 transaction failed 29201/-28, size 0-16128 line 3148 17:07:49 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x900) [ 2935.021183][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:49 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000200000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:49 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:49 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x11000000) 17:07:49 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xa00) [ 2935.473744][T24758] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2935.473754][T24758] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:50 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x12000000) 17:07:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000003f0000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:50 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2935.850511][T25280] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:50 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2935.912552][T25280] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2935.912569][T25280] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2935.931186][T25280] binder_transaction: 1 callbacks suppressed [ 2935.931205][T25280] binder: 25221:25280 transaction failed 29201/-28, size 0-16128 line 3148 [ 2935.976140][T17448] binder_release_work: 1 callbacks suppressed [ 2935.976148][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xb00) 17:07:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x13000000) 17:07:50 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000480000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2936.262409][T25609] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2936.312760][T25609] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2936.333461][T25609] binder: 25603:25609 transaction failed 29201/-28, size 0-16128 line 3148 [ 2936.349480][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:50 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:50 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xc00) 17:07:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000004c0000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x14000000) [ 2936.642255][T26073] input: syz1 as /devices/virtual/input/input76 17:07:51 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2936.696465][T26129] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2936.718028][T26129] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2936.760847][T26129] binder: 26063:26129 transaction failed 29201/-28, size 0-16128 line 3148 [ 2936.811758][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:51 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000600000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:51 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x15000000) [ 2937.017117][T26521] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2937.052037][T26534] input: syz1 as /devices/virtual/input/input77 [ 2937.060827][T26521] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xd00) [ 2937.110236][T26521] binder: 26507:26521 transaction failed 29201/-28, size 0-16128 line 3148 [ 2937.149199][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(0x0, 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000680000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:51 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2937.364192][T26784] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2937.408971][T26784] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2937.441646][T26784] binder: 26760:26784 transaction failed 29201/-28, size 0-16128 line 3148 [ 2937.450682][T26866] input: syz1 as /devices/virtual/input/input78 17:07:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x16000000) 17:07:51 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2937.492748][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:51 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2937.708702][T27228] input: syz1 as /devices/virtual/input/input79 17:07:52 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000006c0000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xe00) 17:07:52 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x17000000) 17:07:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2937.923391][T27392] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2937.973744][T27392] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2937.987848][T27437] input: syz1 as /devices/virtual/input/input80 [ 2938.054766][T27392] binder: 27389:27392 transaction failed 29201/-28, size 0-16128 line 3148 17:07:52 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2938.095863][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:52 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x18000000) 17:07:52 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000740000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2938.281191][T27907] input: syz1 as /devices/virtual/input/input81 17:07:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0xf00) [ 2938.426958][T27932] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2938.458327][T27932] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2938.506361][T27932] binder: 27923:27932 transaction failed 29201/-28, size 0-16128 line 3148 [ 2938.563016][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:53 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x19000000) 17:07:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1100) 17:07:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 17:07:53 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000007a0000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2938.845919][T28331] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2938.893785][T28358] input: syz1 as /devices/virtual/input/input82 [ 2938.907953][T28331] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:53 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2938.996784][T28331] binder: 28329:28331 transaction failed 29201/-28, size 0-16128 line 3148 [ 2939.054712][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1a000000) 17:07:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000fffffdfd0000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 17:07:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1200) 17:07:53 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2939.277885][T28838] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2939.318508][T28838] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2939.337568][T28854] input: syz1 as /devices/virtual/input/input83 17:07:53 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2939.451689][T28838] binder: 28806:28838 transaction failed 29201/-28, size 0-16128 line 3148 [ 2939.486929][T17448] binder: undelivered TRANSACTION_ERROR: 29201 17:07:53 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) 17:07:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000fdfdffff0000000000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1b000000) 17:07:54 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2939.703696][T29247] input: syz1 as /devices/virtual/input/input84 [ 2939.749192][T29271] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2939.779857][T29271] binder: 29246:29271 transaction failed 29201/-28, size 0-16128 line 3148 17:07:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1300) [ 2939.839140][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:54 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000240)='bpf\x00', 0x0, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x2b, &(0x7f00000000c0)="b54af53e309965f3e6cc5ee50f9114031aaadc62d88604f242e32bb9f0076d5dbe84085c326a4995c175d6911d02294c35f99603907a72d9bf2c484d4b8366697b22d4f04ba7d3d44dd9f93dc72728aff286ad965e88d1e1f0235e565956f39b4a9d40e387b2edd5e7f4e2c6bf84838e4d660d2d6dfc9298d8b98acb6fd9505b18934e42ce498fc8cc775b7e8cf7b756e3f3dd8967575e7616fb5993e90e900ea4127c68a890b16266df32b84530bdc4b23d1b26246eb76d852ab9e4df1a24", 0xbf) 17:07:54 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1c000000) 17:07:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840000000000700000000000000000000000000000000003f0000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:54 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:54 executing program 5: r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc06001c123f319bd070") unshare(0x8000400) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$l2tp(r0, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x32) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x4, 0x4}}, 0x26) getpeername$packet(r2, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000580)=0x14) 17:07:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1400) 17:07:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000100000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:54 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1d000000) 17:07:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123d319bd070") sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="021200001100000026bd7000fcdbdf2501001400790000000800120003000000000000003800000046003270b4a69956a98fe40000000000ac1414bb0000000000000000000400000000000000000000000000000000000004000400170000001f000000000700003f00000000000000030000000000120002000b00050000000100000000000000"], 0x88}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400000000000117, 0x0) 17:07:54 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000200000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:55 executing program 5: r0 = socket$kcm(0x2, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000001d40)={&(0x7f0000000740)=@in={0x2, 0x0, @dev}, 0x80, 0x0}, 0x1) 17:07:55 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1e000000) [ 2940.743572][T30464] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2940.743582][T30464] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:55 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) recvmsg(0xffffffffffffffff, 0x0, 0x2002) 17:07:55 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1500) 17:07:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000300000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2941.054790][T30755] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2941.081837][T30755] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2941.081854][T30755] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:55 executing program 5: openat$uinput(0xffffffffffffff9c, &(0x7f0000000440)='/dev/uinput\x00', 0x802, 0x0) syslog(0x3, &(0x7f0000000200)=""/147, 0x1e) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) fsetxattr$security_ima(r0, &(0x7f00000000c0)='security.ima\x00', &(0x7f0000000900)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYPTR64=&(0x7f0000000480)=ANY=[@ANYRESHEX=r1, @ANYPTR64, @ANYRES16=r0, @ANYPTR, @ANYRES16, @ANYRES16=r1, @ANYPTR64, @ANYRES64, @ANYRES64=r0], @ANYRESDEC=r1], @ANYPTR64, @ANYRESOCT=r1, @ANYRES16=0x0, @ANYRES64=r1], 0x5, 0x1) read(r0, &(0x7f0000000580)=""/250, 0xfffffffffffffe33) fsetxattr$trusted_overlay_origin(r1, 0x0, &(0x7f00000003c0)='y\x00', 0x2, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4b, &(0x7f0000000400), 0x0) getsockopt$sock_buf(r2, 0x1, 0x3b, &(0x7f0000000780)=""/92, &(0x7f0000000080)=0x5c) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000500)) r3 = socket$inet6(0xa, 0x2, 0x202000000000000) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0xfffffffffffffffc, @dev, 0x5}, 0x1c) socket$inet6(0xa, 0x3, 0x2) setsockopt$inet6_opts(r3, 0x29, 0x3b, &(0x7f0000000140)=@srh, 0x8) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x5) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x45) pipe(&(0x7f0000000380)={0xffffffffffffffff}) socket(0xa, 0x1, 0x6) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={'ifb0\x02\x00', @ifru_map}) socket$netlink(0x10, 0x3, 0x6) fstat(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_netfilter(r4, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x14000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000680)={0xd0, 0x9, 0x7, 0x1, 0x70bd25, 0x25dfdbfc, {0x7, 0x0, 0x2}, [@nested={0xb4, 0x59, [@generic="0e58c7603944f70d05ae094ef1a3f4b8c35679f52e203c20f8afd1afcee90ed208136fe50841eece96f2b0e8f9c76301bc532b41e47e1c9308f6dcbcc417bcaa354c4e2a6ba4cfb8b5f915418758f17377430e66fac65ed44bc3417ac95facd4f5df53131b63f4b82b3f834c538a53eee7d4ee1f33eb1fdefe3cddb13fc32ceaf53b6c99cc351c3df91ddbe62934769e2a248be66ad79bb22a9efeed2b2e8af9a7f6ca9a7e7f0b5098321b7ee6f8925a"]}, @typed={0x8, 0x13, @uid=r5}]}, 0xd0}, 0x1, 0x0, 0x0, 0x80}, 0x2400c010) [ 2941.117807][T30755] binder_transaction: 3 callbacks suppressed [ 2941.117823][T30755] binder: 30754:30755 transaction failed 29201/-28, size 0-16128 line 3148 17:07:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x1f000000) 17:07:55 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2941.214325][T13809] binder_release_work: 3 callbacks suppressed [ 2941.214331][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:55 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000400000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:55 executing program 5 (fault-call:4 fault-nth:0): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:55 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x21000000) [ 2941.524136][T31376] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2941.540116][T31375] input: syz1 as /devices/virtual/input/input85 17:07:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1600) [ 2941.604115][T31375] FAULT_INJECTION: forcing a failure. [ 2941.604115][T31375] name failslab, interval 1, probability 0, space 0, times 0 [ 2941.623025][T31376] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2941.682353][T31375] CPU: 0 PID: 31375 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2941.690391][T31375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2941.700460][T31375] Call Trace: [ 2941.703760][T31375] dump_stack+0x172/0x1f0 [ 2941.708093][T31375] should_fail.cold+0xa/0x15 [ 2941.712946][T31375] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2941.718747][T31375] ? ___might_sleep+0x163/0x280 [ 2941.723589][T31375] __should_failslab+0x121/0x190 [ 2941.728517][T31375] should_failslab+0x9/0x14 [ 2941.733006][T31375] __kmalloc_track_caller+0x2d8/0x740 [ 2941.738362][T31375] ? pointer+0xa30/0xa30 [ 2941.742593][T31375] ? __lock_acquire+0x548/0x3fb0 [ 2941.747597][T31375] ? kasprintf+0xbb/0xf0 [ 2941.751823][T31375] kvasprintf+0xc8/0x170 [ 2941.756051][T31375] ? bust_spinlocks+0xe0/0xe0 [ 2941.760716][T31375] ? debug_check_no_obj_freed+0x200/0x464 [ 2941.766423][T31375] kasprintf+0xbb/0xf0 [ 2941.770490][T31375] ? kvasprintf_const+0x190/0x190 [ 2941.775524][T31375] ? input_default_getkeycode+0x520/0x520 [ 2941.781312][T31375] input_devnode+0x4c/0x90 [ 2941.785716][T31375] device_get_devnode+0x175/0x2e0 [ 2941.790731][T31375] ? refcount_sub_and_test_checked+0x154/0x200 [ 2941.796870][T31375] devtmpfs_delete_node+0xaa/0x1a0 [ 2941.801968][T31375] ? devtmpfs_create_node+0x250/0x250 [ 2941.807327][T31375] ? __device_link_free_srcu+0x120/0x120 [ 2941.812943][T31375] ? refcount_dec_and_test_checked+0x1b/0x20 [ 2941.818905][T31375] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2941.825129][T31375] ? kobject_put+0x84/0xe0 [ 2941.829530][T31375] ? __device_link_free_srcu+0x120/0x120 [ 2941.835146][T31375] ? klist_children_put+0x4a/0x60 [ 2941.840157][T31375] ? klist_put+0xdc/0x180 [ 2941.844476][T31375] device_del+0x8b4/0xc40 [ 2941.848794][T31375] ? __device_links_no_driver+0x250/0x250 [ 2941.854498][T31375] ? mark_held_locks+0xa4/0xf0 [ 2941.859245][T31375] ? _raw_spin_unlock_irq+0x28/0x90 [ 2941.864435][T31375] ? __input_unregister_device+0x153/0x4a0 [ 2941.870222][T31375] ? _raw_spin_unlock_irq+0x28/0x90 [ 2941.875421][T31375] cdev_device_del+0x1a/0x80 [ 2941.879995][T31375] evdev_disconnect+0x42/0xb0 [ 2941.884657][T31375] __input_unregister_device+0x200/0x4a0 [ 2941.890282][T31375] input_unregister_device+0xc5/0x110 [ 2941.895640][T31375] uinput_destroy_device+0x1f4/0x250 [ 2941.900913][T31375] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2941.906801][T31375] ? tomoyo_domain+0xc5/0x160 [ 2941.911464][T31375] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 2941.917531][T31375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2941.923756][T31375] ? tomoyo_path_number_perm+0x263/0x520 [ 2941.929472][T31375] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2941.935301][T31375] ? __fget+0x35a/0x550 [ 2941.939444][T31375] uinput_ioctl+0x4a/0x60 [ 2941.943755][T31375] ? uinput_compat_ioctl+0x90/0x90 [ 2941.948853][T31375] do_vfs_ioctl+0xd6e/0x1390 [ 2941.953431][T31375] ? ioctl_preallocate+0x210/0x210 [ 2941.958522][T31375] ? smack_file_ioctl+0x196/0x310 [ 2941.963527][T31375] ? smack_inode_rename+0x2d0/0x2d0 [ 2941.968829][T31375] ? tomoyo_file_ioctl+0x23/0x30 [ 2941.973836][T31375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2941.980062][T31375] ? security_file_ioctl+0x93/0xc0 [ 2941.985178][T31375] ksys_ioctl+0xab/0xd0 [ 2941.989320][T31375] __x64_sys_ioctl+0x73/0xb0 [ 2941.993981][T31375] do_syscall_64+0x103/0x610 [ 2941.998558][T31375] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2942.004444][T31375] RIP: 0033:0x458c29 [ 2942.008323][T31375] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2942.027992][T31375] RSP: 002b:00007f839d63ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2942.036384][T31375] RAX: ffffffffffffffda RBX: 00007f839d63ec90 RCX: 0000000000458c29 [ 2942.044427][T31375] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 2942.052465][T31375] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2942.060516][T31375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f839d63f6d4 [ 2942.068575][T31375] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 17:07:56 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2942.088156][T31376] binder: 31369:31376 transaction failed 29201/-28, size 0-16128 line 3148 [ 2942.119467][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:07:56 executing program 5 (fault-call:4 fault-nth:1): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x23000000) 17:07:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000500000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2942.339309][T31819] input: syz1 as /devices/virtual/input/input86 [ 2942.364734][T31857] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:56 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2942.389779][T31857] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2942.413810][T31819] FAULT_INJECTION: forcing a failure. [ 2942.413810][T31819] name failslab, interval 1, probability 0, space 0, times 0 17:07:56 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2942.475479][T31819] CPU: 0 PID: 31819 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2942.483502][T31819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2942.483533][T31819] Call Trace: [ 2942.483557][T31819] dump_stack+0x172/0x1f0 [ 2942.483578][T31819] should_fail.cold+0xa/0x15 [ 2942.483597][T31819] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2942.483617][T31819] ? ___might_sleep+0x163/0x280 [ 2942.483642][T31819] __should_failslab+0x121/0x190 17:07:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1700) [ 2942.483658][T31819] should_failslab+0x9/0x14 [ 2942.483675][T31819] kmem_cache_alloc_trace+0x2d1/0x760 [ 2942.483690][T31819] ? mutex_trylock+0x1e0/0x1e0 [ 2942.483702][T31819] ? kasan_check_write+0x14/0x20 [ 2942.483723][T31819] kobject_uevent_env+0x2fb/0x1030 [ 2942.497163][T31819] ? wait_for_completion+0x440/0x440 [ 2942.497195][T31819] kobject_uevent+0x20/0x26 [ 2942.497218][T31819] device_del+0x758/0xc40 [ 2942.502982][T31857] binder: 31855:31857 transaction failed 29201/-28, size 0-16128 line 3148 [ 2942.506373][T31819] ? __device_links_no_driver+0x250/0x250 [ 2942.506391][T31819] ? _raw_spin_unlock_irq+0x28/0x90 [ 2942.506412][T31819] ? __input_unregister_device+0x153/0x4a0 [ 2942.521979][T31819] ? _raw_spin_unlock_irq+0x28/0x90 [ 2942.522001][T31819] cdev_device_del+0x1a/0x80 [ 2942.522017][T31819] evdev_disconnect+0x42/0xb0 [ 2942.522036][T31819] __input_unregister_device+0x200/0x4a0 [ 2942.531918][T31819] input_unregister_device+0xc5/0x110 [ 2942.531936][T31819] uinput_destroy_device+0x1f4/0x250 [ 2942.531956][T31819] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2942.531969][T31819] ? tomoyo_domain+0xc5/0x160 [ 2942.531987][T31819] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 2942.569648][T31819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2942.569663][T31819] ? tomoyo_path_number_perm+0x263/0x520 [ 2942.569684][T31819] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2942.600963][T31819] ? __fget+0x35a/0x550 [ 2942.600987][T31819] uinput_ioctl+0x4a/0x60 [ 2942.601004][T31819] ? uinput_compat_ioctl+0x90/0x90 [ 2942.623989][T31819] do_vfs_ioctl+0xd6e/0x1390 [ 2942.624013][T31819] ? ioctl_preallocate+0x210/0x210 [ 2942.624026][T31819] ? smack_file_ioctl+0x196/0x310 [ 2942.624037][T31819] ? smack_inode_rename+0x2d0/0x2d0 [ 2942.624065][T31819] ? tomoyo_file_ioctl+0x23/0x30 [ 2942.624085][T31819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2942.634989][T31819] ? security_file_ioctl+0x93/0xc0 [ 2942.680903][T31819] ksys_ioctl+0xab/0xd0 [ 2942.680925][T31819] __x64_sys_ioctl+0x73/0xb0 [ 2942.680942][T31819] do_syscall_64+0x103/0x610 [ 2942.680963][T31819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2942.691057][T31819] RIP: 0033:0x458c29 [ 2942.691072][T31819] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2942.691081][T31819] RSP: 002b:00007f839d63ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2942.691096][T31819] RAX: ffffffffffffffda RBX: 00007f839d63ec90 RCX: 0000000000458c29 [ 2942.691105][T31819] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 2942.691121][T31819] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2942.721622][T31819] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f839d63f6d4 [ 2942.721633][T31819] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 [ 2942.730485][ T3258] binder: undelivered TRANSACTION_ERROR: 29201 17:07:57 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x25000000) 17:07:57 executing program 5 (fault-call:4 fault-nth:2): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000600000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2943.030405][T32359] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2943.060733][T32382] input: syz1 as /devices/virtual/input/input87 [ 2943.075940][T32359] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2943.095186][T32382] FAULT_INJECTION: forcing a failure. [ 2943.095186][T32382] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2943.108506][T32382] CPU: 1 PID: 32382 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2943.116473][T32382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2943.126516][T32382] Call Trace: [ 2943.129888][T32382] dump_stack+0x172/0x1f0 [ 2943.134208][T32382] should_fail.cold+0xa/0x15 [ 2943.138784][T32382] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2943.144573][T32382] ? __lock_acquire+0x548/0x3fb0 [ 2943.149493][T32382] ? trace_hardirqs_on+0x67/0x230 [ 2943.154513][T32382] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2943.160837][T32382] should_fail_alloc_page+0x50/0x60 [ 2943.166017][T32382] __alloc_pages_nodemask+0x1a1/0x7e0 [ 2943.171388][T32382] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2943.177092][T32382] ? find_held_lock+0x35/0x130 [ 2943.181845][T32382] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2943.187646][T32382] cache_grow_begin+0x9c/0x860 [ 2943.192420][T32382] ? kobject_uevent_env+0x2fb/0x1030 [ 2943.197687][T32382] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2943.203914][T32382] kmem_cache_alloc_trace+0x67f/0x760 [ 2943.209279][T32382] ? mutex_trylock+0x1e0/0x1e0 [ 2943.214025][T32382] ? kasan_check_write+0x14/0x20 [ 2943.218951][T32382] kobject_uevent_env+0x2fb/0x1030 [ 2943.224045][T32382] ? wait_for_completion+0x440/0x440 [ 2943.229335][T32382] kobject_uevent+0x20/0x26 [ 2943.233825][T32382] device_del+0x758/0xc40 [ 2943.238236][T32382] ? __device_links_no_driver+0x250/0x250 [ 2943.244213][T32382] ? _raw_spin_unlock_irq+0x28/0x90 [ 2943.249572][T32382] ? __input_unregister_device+0x153/0x4a0 [ 2943.255360][T32382] ? _raw_spin_unlock_irq+0x28/0x90 [ 2943.260547][T32382] cdev_device_del+0x1a/0x80 [ 2943.265207][T32382] evdev_disconnect+0x42/0xb0 [ 2943.269871][T32382] __input_unregister_device+0x200/0x4a0 [ 2943.275488][T32382] input_unregister_device+0xc5/0x110 [ 2943.280843][T32382] uinput_destroy_device+0x1f4/0x250 [ 2943.286129][T32382] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2943.292019][T32382] ? tomoyo_domain+0xc5/0x160 [ 2943.296777][T32382] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 2943.302827][T32382] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2943.309142][T32382] ? tomoyo_path_number_perm+0x263/0x520 [ 2943.315281][T32382] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2943.321359][T32382] ? __fget+0x35a/0x550 [ 2943.325511][T32382] uinput_ioctl+0x4a/0x60 [ 2943.329832][T32382] ? uinput_compat_ioctl+0x90/0x90 [ 2943.335045][T32382] do_vfs_ioctl+0xd6e/0x1390 [ 2943.339628][T32382] ? ioctl_preallocate+0x210/0x210 [ 2943.344720][T32382] ? smack_file_ioctl+0x196/0x310 [ 2943.349725][T32382] ? smack_inode_rename+0x2d0/0x2d0 [ 2943.354920][T32382] ? tomoyo_file_ioctl+0x23/0x30 [ 2943.359842][T32382] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2943.366075][T32382] ? security_file_ioctl+0x93/0xc0 [ 2943.371193][T32382] ksys_ioctl+0xab/0xd0 [ 2943.375333][T32382] __x64_sys_ioctl+0x73/0xb0 [ 2943.379918][T32382] do_syscall_64+0x103/0x610 [ 2943.384494][T32382] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2943.390364][T32382] RIP: 0033:0x458c29 [ 2943.394243][T32382] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2943.414093][T32382] RSP: 002b:00007f839d63ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2943.422494][T32382] RAX: ffffffffffffffda RBX: 00007f839d63ec90 RCX: 0000000000458c29 [ 2943.430463][T32382] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 2943.439691][T32382] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2943.447652][T32382] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f839d63f6d4 [ 2943.455608][T32382] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 [ 2943.465309][T32359] binder: 32344:32359 transaction failed 29201/-28, size 0-16128 line 3148 17:07:57 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1800) [ 2943.495718][ T3258] binder: undelivered TRANSACTION_ERROR: 29201 17:07:57 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:07:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000700000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:58 executing program 5 (fault-call:4 fault-nth:3): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x26000000) [ 2943.758544][T32741] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2943.788349][T32741] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:58 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2943.808849][T32741] binder: 32717:32741 transaction failed 29201/-28, size 0-16128 line 3148 [ 2943.852706][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2943.859122][ T312] input: syz1 as /devices/virtual/input/input88 [ 2943.943178][ T312] FAULT_INJECTION: forcing a failure. [ 2943.943178][ T312] name failslab, interval 1, probability 0, space 0, times 0 [ 2944.018900][ T312] CPU: 1 PID: 312 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2944.026755][ T312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2944.036817][ T312] Call Trace: [ 2944.040123][ T312] dump_stack+0x172/0x1f0 [ 2944.044445][ T312] should_fail.cold+0xa/0x15 [ 2944.049023][ T312] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2944.054842][ T312] ? ___might_sleep+0x163/0x280 [ 2944.059691][ T312] __should_failslab+0x121/0x190 [ 2944.064618][ T312] should_failslab+0x9/0x14 [ 2944.069102][ T312] __kmalloc_track_caller+0x2d8/0x740 [ 2944.074476][ T312] ? pointer+0xa30/0xa30 [ 2944.078703][ T312] ? kasprintf+0xbb/0xf0 [ 2944.082929][ T312] kvasprintf+0xc8/0x170 [ 2944.087168][ T312] ? bust_spinlocks+0xe0/0xe0 [ 2944.091832][ T312] ? pointer+0xa30/0xa30 [ 2944.096147][ T312] kasprintf+0xbb/0xf0 [ 2944.100197][ T312] ? kvasprintf_const+0x190/0x190 [ 2944.105210][ T312] ? cleanup_uevent_env+0x50/0x50 [ 2944.110221][ T312] ? input_default_getkeycode+0x520/0x520 [ 2944.116020][ T312] input_devnode+0x4c/0x90 [ 2944.120512][ T312] device_get_devnode+0x175/0x2e0 [ 2944.125522][ T312] dev_uevent+0x3e8/0x580 [ 2944.129833][ T312] ? device_get_devnode+0x2e0/0x2e0 [ 2944.135014][ T312] ? kobject_uevent_env+0x2fb/0x1030 [ 2944.140287][ T312] ? rcu_read_lock_sched_held+0x110/0x130 [ 2944.145997][ T312] ? device_get_devnode+0x2e0/0x2e0 [ 2944.151178][ T312] kobject_uevent_env+0x487/0x1030 [ 2944.156279][ T312] ? wait_for_completion+0x440/0x440 [ 2944.161553][ T312] kobject_uevent+0x20/0x26 [ 2944.166047][ T312] device_del+0x758/0xc40 [ 2944.170364][ T312] ? __device_links_no_driver+0x250/0x250 [ 2944.176070][ T312] ? _raw_spin_unlock_irq+0x28/0x90 [ 2944.181252][ T312] ? __input_unregister_device+0x153/0x4a0 [ 2944.187051][ T312] ? _raw_spin_unlock_irq+0x28/0x90 [ 2944.192239][ T312] cdev_device_del+0x1a/0x80 [ 2944.196839][ T312] evdev_disconnect+0x42/0xb0 [ 2944.201505][ T312] __input_unregister_device+0x200/0x4a0 [ 2944.207215][ T312] input_unregister_device+0xc5/0x110 [ 2944.212573][ T312] uinput_destroy_device+0x1f4/0x250 [ 2944.217848][ T312] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2944.223812][ T312] ? tomoyo_domain+0xc5/0x160 [ 2944.228475][ T312] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 2944.234526][ T312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2944.240748][ T312] ? tomoyo_path_number_perm+0x263/0x520 [ 2944.246366][ T312] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2944.252165][ T312] ? __fget+0x35a/0x550 [ 2944.256322][ T312] uinput_ioctl+0x4a/0x60 [ 2944.260632][ T312] ? uinput_compat_ioctl+0x90/0x90 [ 2944.265733][ T312] do_vfs_ioctl+0xd6e/0x1390 [ 2944.270310][ T312] ? ioctl_preallocate+0x210/0x210 [ 2944.275403][ T312] ? smack_file_ioctl+0x196/0x310 [ 2944.280408][ T312] ? smack_inode_rename+0x2d0/0x2d0 [ 2944.285690][ T312] ? tomoyo_file_ioctl+0x23/0x30 [ 2944.290614][ T312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2944.296840][ T312] ? security_file_ioctl+0x93/0xc0 [ 2944.301937][ T312] ksys_ioctl+0xab/0xd0 [ 2944.306092][ T312] __x64_sys_ioctl+0x73/0xb0 [ 2944.310672][ T312] do_syscall_64+0x103/0x610 [ 2944.315339][ T312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2944.321222][ T312] RIP: 0033:0x458c29 [ 2944.325103][ T312] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2944.344686][ T312] RSP: 002b:00007f839d63ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2944.353166][ T312] RAX: ffffffffffffffda RBX: 00007f839d63ec90 RCX: 0000000000458c29 [ 2944.361117][ T312] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 17:07:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000000a00000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:58 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2944.369083][ T312] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2944.377122][ T312] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f839d63f6d4 [ 2944.385079][ T312] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 17:07:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1900) 17:07:58 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2944.482286][ T590] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2944.515212][ T590] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:07:59 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x27000000) [ 2944.613292][ T590] binder: 589:590 transaction failed 29201/-28, size 0-16128 line 3148 17:07:59 executing program 5 (fault-call:4 fault-nth:4): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2944.675343][ T3258] binder: undelivered TRANSACTION_ERROR: 29201 17:07:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000002000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2944.773334][ T1024] input: syz1 as /devices/virtual/input/input89 [ 2944.807912][ T1024] FAULT_INJECTION: forcing a failure. [ 2944.807912][ T1024] name failslab, interval 1, probability 0, space 0, times 0 [ 2944.842050][ T1024] CPU: 0 PID: 1024 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2944.850002][ T1024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2944.860074][ T1024] Call Trace: [ 2944.863399][ T1024] dump_stack+0x172/0x1f0 [ 2944.867765][ T1024] should_fail.cold+0xa/0x15 [ 2944.872373][ T1024] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2944.878211][ T1024] ? ___might_sleep+0x163/0x280 [ 2944.883099][ T1024] __should_failslab+0x121/0x190 [ 2944.888053][ T1024] should_failslab+0x9/0x14 [ 2944.892690][ T1024] kmem_cache_alloc_node+0x264/0x710 [ 2944.897983][ T1024] ? find_held_lock+0x35/0x130 [ 2944.898008][ T1024] __alloc_skb+0xd5/0x5e0 [ 2944.898026][ T1024] ? skb_trim+0x190/0x190 [ 2944.898044][ T1024] ? kasan_check_read+0x11/0x20 [ 2944.898064][ T1024] alloc_uevent_skb+0x83/0x1e2 [ 2944.921132][ T1024] kobject_uevent_env+0xa63/0x1030 [ 2944.926346][ T1024] ? wait_for_completion+0x440/0x440 [ 2944.931629][ T1024] kobject_uevent+0x20/0x26 [ 2944.936124][ T1024] device_del+0x758/0xc40 [ 2944.940446][ T1024] ? __device_links_no_driver+0x250/0x250 [ 2944.946180][ T1024] ? _raw_spin_unlock_irq+0x28/0x90 [ 2944.951388][ T1024] ? __input_unregister_device+0x153/0x4a0 [ 2944.957292][ T1024] ? _raw_spin_unlock_irq+0x28/0x90 [ 2944.962488][ T1024] cdev_device_del+0x1a/0x80 [ 2944.967103][ T1024] evdev_disconnect+0x42/0xb0 [ 2944.971817][ T1024] __input_unregister_device+0x200/0x4a0 [ 2944.977905][ T1024] input_unregister_device+0xc5/0x110 [ 2944.983545][ T1024] uinput_destroy_device+0x1f4/0x250 [ 2944.988857][ T1024] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2944.994888][ T1024] ? tomoyo_domain+0xc5/0x160 [ 2944.999624][ T1024] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 2945.006030][ T1024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2945.012266][ T1024] ? tomoyo_path_number_perm+0x263/0x520 [ 2945.017891][ T1024] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2945.023796][ T1024] ? __fget+0x35a/0x550 [ 2945.027944][ T1024] uinput_ioctl+0x4a/0x60 [ 2945.032275][ T1024] ? uinput_compat_ioctl+0x90/0x90 [ 2945.037374][ T1024] do_vfs_ioctl+0xd6e/0x1390 [ 2945.041977][ T1024] ? ioctl_preallocate+0x210/0x210 [ 2945.047166][ T1024] ? smack_file_ioctl+0x196/0x310 [ 2945.052173][ T1024] ? smack_inode_rename+0x2d0/0x2d0 [ 2945.057473][ T1024] ? tomoyo_file_ioctl+0x23/0x30 [ 2945.062446][ T1024] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2945.068679][ T1024] ? security_file_ioctl+0x93/0xc0 [ 2945.073803][ T1024] ksys_ioctl+0xab/0xd0 [ 2945.077949][ T1024] __x64_sys_ioctl+0x73/0xb0 [ 2945.082544][ T1024] do_syscall_64+0x103/0x610 [ 2945.087227][ T1024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2945.093112][ T1024] RIP: 0033:0x458c29 [ 2945.097082][ T1024] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2945.116930][ T1024] RSP: 002b:00007f839d63ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2945.125342][ T1024] RAX: ffffffffffffffda RBX: 00007f839d63ec90 RCX: 0000000000458c29 [ 2945.133306][ T1024] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 17:07:59 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:07:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1a00) [ 2945.141261][ T1024] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2945.149227][ T1024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f839d63f6d4 [ 2945.157196][ T1024] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 17:07:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000003f00000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:07:59 executing program 5 (fault-call:4 fault-nth:5): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:07:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x29000000) [ 2945.352253][ T1392] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space 17:07:59 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2945.398113][ T1392] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2945.415532][ T1392] binder: 1364:1392 transaction failed 29201/-28, size 0-16128 line 3148 [ 2945.424949][ T1441] input: syz1 as /devices/virtual/input/input90 17:07:59 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2945.493127][ T3258] binder: undelivered TRANSACTION_ERROR: 29201 [ 2945.518778][ T1441] FAULT_INJECTION: forcing a failure. [ 2945.518778][ T1441] name failslab, interval 1, probability 0, space 0, times 0 [ 2945.571982][ T1441] CPU: 1 PID: 1441 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2945.579941][ T1441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2945.590276][ T1441] Call Trace: [ 2945.593589][ T1441] dump_stack+0x172/0x1f0 [ 2945.597924][ T1441] should_fail.cold+0xa/0x15 [ 2945.603946][ T1441] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2945.609784][ T1441] ? ___might_sleep+0x163/0x280 [ 2945.614660][ T1441] __should_failslab+0x121/0x190 [ 2945.619791][ T1441] should_failslab+0x9/0x14 [ 2945.624316][ T1441] kmem_cache_alloc_node+0x264/0x710 [ 2945.629630][ T1441] ? find_held_lock+0x35/0x130 [ 2945.634521][ T1441] __alloc_skb+0xd5/0x5e0 [ 2945.638878][ T1441] ? skb_trim+0x190/0x190 [ 2945.643241][ T1441] ? kasan_check_read+0x11/0x20 [ 2945.648115][ T1441] alloc_uevent_skb+0x83/0x1e2 [ 2945.652936][ T1441] kobject_uevent_env+0xa63/0x1030 [ 2945.658067][ T1441] ? wait_for_completion+0x440/0x440 [ 2945.663372][ T1441] kobject_uevent+0x20/0x26 [ 2945.667899][ T1441] device_del+0x758/0xc40 17:08:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000004800000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2945.672297][ T1441] ? __device_links_no_driver+0x250/0x250 [ 2945.678037][ T1441] ? _raw_spin_unlock_irq+0x28/0x90 [ 2945.683247][ T1441] ? __input_unregister_device+0x153/0x4a0 [ 2945.689062][ T1441] ? _raw_spin_unlock_irq+0x28/0x90 [ 2945.694279][ T1441] cdev_device_del+0x1a/0x80 [ 2945.698888][ T1441] evdev_disconnect+0x42/0xb0 [ 2945.703593][ T1441] __input_unregister_device+0x200/0x4a0 [ 2945.708728][ T1868] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2945.709251][ T1441] input_unregister_device+0xc5/0x110 [ 2945.709274][ T1441] uinput_destroy_device+0x1f4/0x250 [ 2945.723207][ T1868] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2945.723740][ T1441] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2945.723756][ T1441] ? tomoyo_domain+0xc5/0x160 [ 2945.723776][ T1441] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 2945.729282][ T1868] binder: 1867:1868 transaction failed 29201/-28, size 0-16128 line 3148 [ 2945.739107][ T1441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 17:08:00 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 2945.739121][ T1441] ? tomoyo_path_number_perm+0x263/0x520 [ 2945.739139][ T1441] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2945.739165][ T1441] ? __fget+0x35a/0x550 [ 2945.739183][ T1441] uinput_ioctl+0x4a/0x60 [ 2945.739194][ T1441] ? uinput_compat_ioctl+0x90/0x90 [ 2945.739209][ T1441] do_vfs_ioctl+0xd6e/0x1390 [ 2945.739227][ T1441] ? ioctl_preallocate+0x210/0x210 [ 2945.739237][ T1441] ? smack_file_ioctl+0x196/0x310 [ 2945.739256][ T1441] ? smack_inode_rename+0x2d0/0x2d0 [ 2945.748398][ T3258] binder: undelivered TRANSACTION_ERROR: 29201 17:08:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000004c00000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2945.749938][ T1441] ? tomoyo_file_ioctl+0x23/0x30 [ 2945.749956][ T1441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2945.749971][ T1441] ? security_file_ioctl+0x93/0xc0 [ 2945.749992][ T1441] ksys_ioctl+0xab/0xd0 [ 2945.842488][ T1441] __x64_sys_ioctl+0x73/0xb0 [ 2945.847095][ T1441] do_syscall_64+0x103/0x610 [ 2945.851709][ T1441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2945.857616][ T1441] RIP: 0033:0x458c29 17:08:00 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\f\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2945.861524][ T1441] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2945.865238][ T1975] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2945.881158][ T1441] RSP: 002b:00007f839d63ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2945.881174][ T1441] RAX: ffffffffffffffda RBX: 00007f839d63ec90 RCX: 0000000000458c29 [ 2945.881181][ T1441] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 2945.881188][ T1441] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2945.881195][ T1441] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f839d63f6d4 [ 2945.881203][ T1441] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 [ 2945.920556][ T1975] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2945.947378][ T1975] binder: 1974:1975 transaction failed 29201/-28, size 0-16128 line 3148 17:08:00 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1b00) 17:08:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2b000000) [ 2946.005564][T13809] binder: undelivered TRANSACTION_ERROR: 29201 17:08:00 executing program 5 (fault-call:4 fault-nth:6): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 17:08:00 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) 17:08:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000006000000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2946.164787][ T2193] input: syz1 as /devices/virtual/input/input91 [ 2946.242464][ T2224] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2946.251448][ T2224] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2946.261979][ T2224] binder: 2215:2224 transaction failed 29201/-28, size 0-16128 line 3148 [ 2946.273144][T13809] binder: undelivered TRANSACTION_ERROR: 29201 [ 2946.292015][ T2240] FAULT_INJECTION: forcing a failure. [ 2946.292015][ T2240] name failslab, interval 1, probability 0, space 0, times 0 [ 2946.340859][ T2240] CPU: 0 PID: 2240 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2946.348794][ T2240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2946.348807][ T2240] Call Trace: [ 2946.362185][ T2240] dump_stack+0x172/0x1f0 [ 2946.366538][ T2240] should_fail.cold+0xa/0x15 [ 2946.371158][ T2240] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2946.377078][ T2240] ? ___might_sleep+0x163/0x280 [ 2946.381951][ T2240] __should_failslab+0x121/0x190 [ 2946.386909][ T2240] should_failslab+0x9/0x14 [ 2946.391435][ T2240] kmem_cache_alloc+0x2b2/0x6f0 [ 2946.396312][ T2240] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 2946.402128][ T2240] ? lock_downgrade+0x880/0x880 [ 2946.402156][ T2240] skb_clone+0x150/0x3b0 [ 2946.402176][ T2240] netlink_broadcast_filtered+0x870/0xb20 [ 2946.402198][ T2240] netlink_broadcast+0x3a/0x50 [ 2946.402218][ T2240] kobject_uevent_env+0xa94/0x1030 [ 2946.402241][ T2240] ? wait_for_completion+0x440/0x440 [ 2946.432442][ T2240] kobject_uevent+0x20/0x26 [ 2946.436947][ T2240] device_del+0x758/0xc40 [ 2946.441450][ T2240] ? __device_links_no_driver+0x250/0x250 [ 2946.447450][ T2240] ? _raw_spin_unlock_irq+0x28/0x90 [ 2946.452881][ T2240] ? __input_unregister_device+0x153/0x4a0 [ 2946.458704][ T2240] ? _raw_spin_unlock_irq+0x28/0x90 [ 2946.463923][ T2240] cdev_device_del+0x1a/0x80 [ 2946.469328][ T2240] evdev_disconnect+0x42/0xb0 [ 2946.474028][ T2240] __input_unregister_device+0x200/0x4a0 [ 2946.481248][ T2240] input_unregister_device+0xc5/0x110 17:08:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000006800000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:08:00 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2946.486644][ T2240] uinput_destroy_device+0x1f4/0x250 [ 2946.492119][ T2240] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2946.498446][ T2240] ? tomoyo_domain+0xc5/0x160 [ 2946.498468][ T2240] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 2946.498487][ T2240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2946.498504][ T2240] ? tomoyo_path_number_perm+0x263/0x520 [ 2946.509954][ T2240] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2946.509984][ T2240] ? __fget+0x35a/0x550 [ 2946.510008][ T2240] uinput_ioctl+0x4a/0x60 [ 2946.538125][ T2240] ? uinput_compat_ioctl+0x90/0x90 [ 2946.543266][ T2240] do_vfs_ioctl+0xd6e/0x1390 [ 2946.547892][ T2240] ? ioctl_preallocate+0x210/0x210 [ 2946.553020][ T2240] ? smack_file_ioctl+0x196/0x310 [ 2946.558075][ T2240] ? smack_inode_rename+0x2d0/0x2d0 [ 2946.563314][ T2240] ? tomoyo_file_ioctl+0x23/0x30 [ 2946.568279][ T2240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2946.574541][ T2240] ? security_file_ioctl+0x93/0xc0 [ 2946.579668][ T2240] ksys_ioctl+0xab/0xd0 [ 2946.583857][ T2240] __x64_sys_ioctl+0x73/0xb0 17:08:00 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2946.588471][ T2240] do_syscall_64+0x103/0x610 [ 2946.593084][ T2240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2946.598994][ T2240] RIP: 0033:0x458c29 [ 2946.602902][ T2240] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2946.622605][ T2240] RSP: 002b:00007f839d61dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2946.631032][ T2240] RAX: ffffffffffffffda RBX: 00007f839d61dc90 RCX: 0000000000458c29 17:08:01 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:08:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2d000000) [ 2946.639016][ T2240] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 [ 2946.647004][ T2240] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 2946.654986][ T2240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f839d61e6d4 [ 2946.662970][ T2240] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 17:08:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000006c00000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:08:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1c00) [ 2946.761980][ T2924] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2946.773444][ T2924] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) 17:08:01 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2946.814165][ T2924] binder: 2922:2924 transaction failed 29201/-28, size 0-16128 line 3148 17:08:01 executing program 5 (fault-call:4 fault-nth:7): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000140)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x4, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 2946.858328][ T3258] binder: undelivered TRANSACTION_ERROR: 29201 [ 2946.930765][ T3203] input: syz1 as /devices/virtual/input/input92 17:08:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000040)=ANY=[@ANYBLOB="f9f760"], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff86) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x2e000000) 17:08:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000007400000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) 17:08:01 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2947.012803][ T3203] FAULT_INJECTION: forcing a failure. [ 2947.012803][ T3203] name failslab, interval 1, probability 0, space 0, times 0 [ 2947.059094][ T3203] CPU: 1 PID: 3203 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2947.067035][ T3203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2947.077096][ T3203] Call Trace: [ 2947.077122][ T3203] dump_stack+0x172/0x1f0 [ 2947.077142][ T3203] should_fail.cold+0xa/0x15 [ 2947.077161][ T3203] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2947.077180][ T3203] ? ___might_sleep+0x163/0x280 [ 2947.077198][ T3203] __should_failslab+0x121/0x190 [ 2947.077213][ T3203] should_failslab+0x9/0x14 [ 2947.077229][ T3203] kmem_cache_alloc_trace+0x2d1/0x760 [ 2947.077244][ T3203] ? kasan_check_write+0x14/0x20 [ 2947.077274][ T3203] kobject_uevent_env+0x2fb/0x1030 [ 2947.082164][ T3400] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2947.084897][ T3203] ? wait_for_completion+0x440/0x440 [ 2947.084932][ T3203] kobject_uevent+0x20/0x26 [ 2947.101877][ T3400] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2947.105077][ T3203] device_del+0x758/0xc40 [ 2947.105100][ T3203] ? __device_links_no_driver+0x250/0x250 [ 2947.109939][ T3400] binder: 3394:3400 transaction failed 29201/-28, size 0-16128 line 3148 [ 2947.114944][ T3203] ? trace_hardirqs_on+0x67/0x230 [ 2947.114968][ T3203] __input_unregister_device+0x3a4/0x4a0 [ 2947.114984][ T3203] input_unregister_device+0xc5/0x110 [ 2947.115000][ T3203] uinput_destroy_device+0x1f4/0x250 [ 2947.115018][ T3203] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2947.115031][ T3203] ? tomoyo_domain+0xc5/0x160 [ 2947.115044][ T3203] ? uinput_request_submit.part.0+0x2d0/0x2d0 [ 2947.115065][ T3203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2947.128224][ T3258] binder: undelivered TRANSACTION_ERROR: 29201 [ 2947.133916][ T3203] ? tomoyo_path_number_perm+0x263/0x520 [ 2947.133934][ T3203] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2947.133958][ T3203] ? __fget+0x35a/0x550 [ 2947.133978][ T3203] uinput_ioctl+0x4a/0x60 [ 2947.133990][ T3203] ? uinput_compat_ioctl+0x90/0x90 [ 2947.134010][ T3203] do_vfs_ioctl+0xd6e/0x1390 [ 2947.153840][ T3203] ? ioctl_preallocate+0x210/0x210 [ 2947.153860][ T3203] ? smack_file_ioctl+0x196/0x310 [ 2947.210185][ T3203] ? smack_inode_rename+0x2d0/0x2d0 [ 2947.210216][ T3203] ? tomoyo_file_ioctl+0x23/0x30 [ 2947.257416][ T3203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2947.257434][ T3203] ? security_file_ioctl+0x93/0xc0 [ 2947.257454][ T3203] ksys_ioctl+0xab/0xd0 [ 2947.267750][ T3203] __x64_sys_ioctl+0x73/0xb0 [ 2947.267780][ T3203] do_syscall_64+0x103/0x610 [ 2947.297472][ T3203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2947.303378][ T3203] RIP: 0033:0x458c29 17:08:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x2e, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1163484000000000070000000000000000000000000000000000007a00000000000000000000000000000000003f"], 0x0, 0x0, 0x0}) [ 2947.307277][ T3203] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2947.314018][ T3622] binder_alloc: 13297: binder_alloc_buf size 16128 failed, no address space [ 2947.327061][ T3203] RSP: 002b:00007f839d63ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2947.327077][ T3203] RAX: ffffffffffffffda RBX: 00007f839d63ec90 RCX: 0000000000458c29 [ 2947.327083][ T3203] RDX: 0000000000000000 RSI: 0000000000005502 RDI: 0000000000000003 17:08:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_S390_UCAS_UNMAP(0xffffffffffffffff, 0x4018ae51, &(0x7f0000000040)={0x7, 0x0, 0x7e}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(0xffffffffffffffff, 0x4010ae94, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x1d00) [ 2947.327090][ T3203] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2947.327098][ T3203] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f839d63f6d4 [ 2947.327106][ T3203] R13: 00000000004c349c R14: 00000000004d6950 R15: 0000000000000005 [ 2947.373358][ T3622] binder_alloc: allocated: 1360 (num: 168 largest: 16), free: 10928 (num: 1 largest: 10928) [ 2947.406089][ T3622] binder: 3621:3622 transaction failed 29201/-28, size 0-16128 line 3148 [ 2947.423351][ T3114] ================================================================== [ 2947.432093][ T3114] BUG: KASAN: use-after-free in string+0x208/0x230 [ 2947.439340][ T3258] binder: undelivered TRANSACTION_ERROR: 29201 [ 2947.439971][ T3114] Read of size 1 at addr ffff8880908b3080 by task syz-executor.5/3114 [ 2947.454253][ T3114] [ 2947.456584][ T3114] CPU: 1 PID: 3114 Comm: syz-executor.5 Not tainted 5.1.0-rc4+ #67 [ 2947.464623][ T3114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2947.474670][ T3114] Call Trace: [ 2947.478038][ T3114] dump_stack+0x172/0x1f0 [ 2947.482450][ T3114] ? string+0x208/0x230 [ 2947.486601][ T3114] print_address_description.cold+0x7c/0x20d [ 2947.493082][ T3114] ? string+0x208/0x230 [ 2947.497305][ T3114] ? string+0x208/0x230 [ 2947.501443][ T3114] kasan_report.cold+0x1b/0x40 [ 2947.506200][ T3114] ? string+0x208/0x230 [ 2947.510342][ T3114] __asan_report_load1_noabort+0x14/0x20 [ 2947.516049][ T3114] string+0x208/0x230 [ 2947.520017][ T3114] ? widen_string+0x2e0/0x2e0 [ 2947.524679][ T3114] ? console_unlock+0x68b/0xed0 [ 2947.529513][ T3114] ? find_held_lock+0x35/0x130 [ 2947.534362][ T3114] vsnprintf+0xbfc/0x1af0 [ 2947.538723][ T3114] ? pointer+0xa30/0xa30 [ 2947.542959][ T3114] ? string+0x1cc/0x230 [ 2947.547100][ T3114] add_uevent_var+0x14d/0x310 [ 2947.552028][ T3114] ? cleanup_uevent_env+0x50/0x50 [ 2947.557122][ T3114] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2947.563441][ T3114] ? input_dev_uevent+0x110/0x890 [ 2947.568458][ T3114] input_dev_uevent+0x163/0x890 [ 2947.573292][ T3114] ? input_add_uevent_bm_var+0x150/0x150 [ 2947.578905][ T3114] dev_uevent+0x312/0x580 [ 2947.583218][ T3114] ? device_get_devnode+0x2e0/0x2e0 [ 2947.588488][ T3114] ? kobject_uevent_env+0x2fb/0x1030 [ 2947.593760][ T3114] ? rcu_read_lock_sched_held+0x110/0x130 [ 2947.599476][ T3114] ? kobject_uevent_env+0x37d/0x1030 [ 2947.606375][ T3114] ? device_get_devnode+0x2e0/0x2e0 [ 2947.611564][ T3114] kobject_uevent_env+0x487/0x1030 [ 2947.616658][ T3114] ? release_nodes+0x548/0x9c0 [ 2947.621504][ T3114] kobject_uevent+0x20/0x26 [ 2947.625996][ T3114] kobject_put.cold+0x177/0x2ec [ 2947.630832][ T3114] ? evdev_handle_set_keycode_v2+0x140/0x140 [ 2947.636892][ T3114] put_device+0x20/0x30 [ 2947.641031][ T3114] evdev_free+0x51/0x70 [ 2947.645171][ T3114] device_release+0x7d/0x210 [ 2947.649751][ T3114] kobject_put.cold+0x28f/0x2ec [ 2947.654763][ T3114] cdev_default_release+0x41/0x50 [ 2947.659769][ T3114] kobject_put.cold+0x28f/0x2ec [ 2947.664602][ T3114] cdev_put.part.0+0x39/0x50 [ 2947.669258][ T3114] cdev_put+0x20/0x30 [ 2947.673219][ T3114] __fput+0x6df/0x8d0 [ 2947.677196][ T3114] ____fput+0x16/0x20 [ 2947.681161][ T3114] task_work_run+0x14a/0x1c0 [ 2947.685747][ T3114] exit_to_usermode_loop+0x273/0x2c0 [ 2947.691016][ T3114] do_syscall_64+0x52d/0x610 [ 2947.695597][ T3114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2947.701465][ T3114] RIP: 0033:0x4129e1 [ 2947.705354][ T3114] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2947.725180][ T3114] RSP: 002b:00007ffe1f49efe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 2947.733569][ T3114] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004129e1 [ 2947.741535][ T3114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 2947.749486][ T3114] RBP: 000000000073c900 R08: 0000000055aee9e6 R09: 0000000055aee9ea [ 2947.757451][ T3114] R10: 00007ffe1f49f0b0 R11: 0000000000000293 R12: 0000000000000001 [ 2947.765409][ T3114] R13: 000000000073c900 R14: 00000000002cf7a5 R15: 000000000073bf0c [ 2947.773610][ T3114] [ 2947.775931][ T3114] Allocated by task 3203: [ 2947.780248][ T3114] save_stack+0x45/0xd0 [ 2947.784387][ T3114] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2947.789999][ T3114] kasan_kmalloc+0x9/0x10 [ 2947.794309][ T3114] __kmalloc_track_caller+0x158/0x740 [ 2947.799747][ T3114] kstrndup+0x5f/0xf0 [ 2947.803724][ T3114] uinput_dev_setup+0x1d4/0x310 [ 2947.808558][ T3114] uinput_ioctl_handler.isra.0+0x12b8/0x1cc0 [ 2947.814525][ T3114] uinput_ioctl+0x4a/0x60 [ 2947.819117][ T3114] do_vfs_ioctl+0xd6e/0x1390 [ 2947.823686][ T3114] ksys_ioctl+0xab/0xd0 [ 2947.827830][ T3114] __x64_sys_ioctl+0x73/0xb0 [ 2947.832409][ T3114] do_syscall_64+0x103/0x610 [ 2947.836980][ T3114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2947.842933][ T3114] [ 2947.845242][ T3114] Freed by task 3203: [ 2947.849217][ T3114] save_stack+0x45/0xd0 [ 2947.853356][ T3114] __kasan_slab_free+0x102/0x150 [ 2947.858270][ T3114] kasan_slab_free+0xe/0x10 [ 2947.862761][ T3114] kfree+0xcf/0x230 [ 2947.866553][ T3114] uinput_destroy_device+0xf8/0x250 [ 2947.871738][ T3114] uinput_ioctl_handler.isra.0+0x886/0x1cc0 [ 2947.877606][ T3114] uinput_ioctl+0x4a/0x60 [ 2947.882027][ T3114] do_vfs_ioctl+0xd6e/0x1390 [ 2947.886599][ T3114] ksys_ioctl+0xab/0xd0 [ 2947.890933][ T3114] __x64_sys_ioctl+0x73/0xb0 [ 2947.895512][ T3114] do_syscall_64+0x103/0x610 [ 2947.900085][ T3114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2947.905952][ T3114] [ 2947.908264][ T3114] The buggy address belongs to the object at ffff8880908b3080 [ 2947.908264][ T3114] which belongs to the cache kmalloc-32 of size 32 [ 2947.922127][ T3114] The buggy address is located 0 bytes inside of [ 2947.922127][ T3114] 32-byte region [ffff8880908b3080, ffff8880908b30a0) [ 2947.935198][ T3114] The buggy address belongs to the page: [ 2947.940897][ T3114] page:ffffea0002422cc0 count:1 mapcount:0 mapping:ffff88812c3f01c0 index:0xffff8880908b3fc1 [ 2947.951030][ T3114] flags: 0x1fffc0000000200(slab) [ 2947.957343][ T3114] raw: 01fffc0000000200 ffffea0002942808 ffffea00027b5dc8 ffff88812c3f01c0 [ 2947.966603][ T3114] raw: ffff8880908b3fc1 ffff8880908b3000 000000010000003f 0000000000000000 [ 2947.975199][ T3114] page dumped because: kasan: bad access detected [ 2947.981761][ T3114] [ 2947.984075][ T3114] Memory state around the buggy address: [ 2947.989697][ T3114] ffff8880908b2f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2947.998365][ T3114] ffff8880908b3000: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 2948.006414][ T3114] >ffff8880908b3080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 2948.014450][ T3114] ^ [ 2948.018510][ T3114] ffff8880908b3100: fb fb fb fb fc fc fc fc 06 fc fc fc fc fc fc fc [ 2948.026555][ T3114] ffff8880908b3180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 2948.034809][ T3114] ================================================================== [ 2948.042855][ T3114] Disabling lock debugging due to kernel taint 17:08:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr\x00', 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r0, &(0x7f0000000140)={0x0, 0x15, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0xf7e9}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x84331583af}, 0x100) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 17:08:02 executing program 4: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x80000080000002, 0x0) prctl$PR_CAPBSET_DROP(0x18, 0x0) write$UHID_CREATE(r0, &(0x7f0000001080)={0x0, 'syz1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00', 'syz1\x00', 'syz0\x00', 0x0}, 0x120) [ 2948.123499][ T3114] Kernel panic - not syncing: panic_on_warn set ... [ 2948.130139][ T3114] CPU: 0 PID: 3114 Comm: syz-executor.5 Tainted: G B 5.1.0-rc4+ #67 [ 2948.139855][ T3114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2948.141379][ T3697] kobject: 'kvm' (00000000c94d3663): kobject_uevent_env [ 2948.149912][ T3114] Call Trace: [ 2948.149933][ T3114] dump_stack+0x172/0x1f0 [ 2948.149951][ T3114] panic+0x2cb/0x65c [ 2948.149964][ T3114] ? __warn_printk+0xf3/0xf3 [ 2948.149982][ T3114] ? string+0x208/0x230 [ 2948.157048][ T3697] kobject: 'kvm' (00000000c94d3663): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2948.160163][ T3114] ? preempt_schedule+0x4b/0x60 [ 2948.160177][ T3114] ? ___preempt_schedule+0x16/0x18 [ 2948.160194][ T3114] ? trace_hardirqs_on+0x5e/0x230 [ 2948.201923][ T3114] ? string+0x208/0x230 [ 2948.206059][ T3114] end_report+0x47/0x4f [ 2948.210286][ T3114] ? string+0x208/0x230 [ 2948.214419][ T3114] kasan_report.cold+0xe/0x40 [ 2948.219076][ T3114] ? string+0x208/0x230 [ 2948.223212][ T3114] __asan_report_load1_noabort+0x14/0x20 [ 2948.228824][ T3114] string+0x208/0x230 [ 2948.232787][ T3114] ? widen_string+0x2e0/0x2e0 [ 2948.237618][ T3114] ? console_unlock+0x68b/0xed0 [ 2948.242471][ T3114] ? find_held_lock+0x35/0x130 [ 2948.247228][ T3114] vsnprintf+0xbfc/0x1af0 [ 2948.251541][ T3114] ? pointer+0xa30/0xa30 [ 2948.255765][ T3114] ? string+0x1cc/0x230 [ 2948.260004][ T3114] add_uevent_var+0x14d/0x310 [ 2948.264675][ T3114] ? cleanup_uevent_env+0x50/0x50 [ 2948.269751][ T3114] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2948.275976][ T3114] ? input_dev_uevent+0x110/0x890 [ 2948.281092][ T3114] input_dev_uevent+0x163/0x890 [ 2948.285925][ T3114] ? input_add_uevent_bm_var+0x150/0x150 [ 2948.291538][ T3114] dev_uevent+0x312/0x580 [ 2948.296210][ T3114] ? device_get_devnode+0x2e0/0x2e0 [ 2948.301474][ T3114] ? kobject_uevent_env+0x2fb/0x1030 [ 2948.306746][ T3114] ? rcu_read_lock_sched_held+0x110/0x130 [ 2948.312532][ T3114] ? kobject_uevent_env+0x37d/0x1030 [ 2948.317804][ T3114] ? device_get_devnode+0x2e0/0x2e0 [ 2948.323165][ T3114] kobject_uevent_env+0x487/0x1030 [ 2948.328255][ T3114] ? release_nodes+0x548/0x9c0 [ 2948.333003][ T3114] kobject_uevent+0x20/0x26 [ 2948.337485][ T3114] kobject_put.cold+0x177/0x2ec [ 2948.342425][ T3114] ? evdev_handle_set_keycode_v2+0x140/0x140 [ 2948.348386][ T3114] put_device+0x20/0x30 [ 2948.352537][ T3114] evdev_free+0x51/0x70 [ 2948.356685][ T3114] device_release+0x7d/0x210 [ 2948.361254][ T3114] kobject_put.cold+0x28f/0x2ec [ 2948.366101][ T3114] cdev_default_release+0x41/0x50 [ 2948.371106][ T3114] kobject_put.cold+0x28f/0x2ec [ 2948.375948][ T3114] cdev_put.part.0+0x39/0x50 [ 2948.380518][ T3114] cdev_put+0x20/0x30 [ 2948.384485][ T3114] __fput+0x6df/0x8d0 [ 2948.388470][ T3114] ____fput+0x16/0x20 [ 2948.392517][ T3114] task_work_run+0x14a/0x1c0 [ 2948.397090][ T3114] exit_to_usermode_loop+0x273/0x2c0 [ 2948.402546][ T3114] do_syscall_64+0x52d/0x610 [ 2948.407294][ T3114] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2948.413165][ T3114] RIP: 0033:0x4129e1 [ 2948.417044][ T3114] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2948.436712][ T3114] RSP: 002b:00007ffe1f49efe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 2948.445197][ T3114] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004129e1 [ 2948.453158][ T3114] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 2948.461105][ T3114] RBP: 000000000073c900 R08: 0000000055aee9e6 R09: 0000000055aee9ea [ 2948.469142][ T3114] R10: 00007ffe1f49f0b0 R11: 0000000000000293 R12: 0000000000000001 [ 2948.477094][ T3114] R13: 000000000073c900 R14: 00000000002cf7a5 R15: 000000000073bf0c [ 2948.486189][ T3114] Kernel Offset: disabled [ 2948.490528][ T3114] Rebooting in 86400 seconds..