_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 591.269047] binder: 4538:4540 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 591.269054] binder: 4538:4540 BC_INCREFS_DONE u0000000000000000 no match [ 591.269058] binder: 4538:4540 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER ** 12 printk messages dropped ** [ 591.274636] binder: 4536:4539 Release 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:27 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 69 printk messages dropped ** [ 591.356425] binder_alloc: 4553: binder_alloc_buf, no vma 2018/03/30 09:51:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x0, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x114, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248a"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 14 printk messages dropped ** [ 591.361559] binder_alloc: 4553: binder_alloc_buf, no vma 2018/03/30 09:51:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 47 printk messages dropped ** [ 591.492297] binder: BINDER_SET_CONTEXT_MGR already set 2018/03/30 09:51:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 34 printk messages dropped ** [ 591.495788] binder: 4598:4605 transaction failed 29189/-3, size 0-0 line 3134 ** 24 printk messages dropped ** [ 591.507135] binder_alloc: 4592: binder_alloc_buf, no vma 2018/03/30 09:51:28 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0x84, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x114, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248a"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 1 printk messages dropped ** [ 591.528518] binder: 4593:4617 Acquire 1 refcount change on invalid ref 0 ret -22 [ 591.539565] binder: 4607:4622 Acquire 1 refcount change on invalid ref 0 ret -22 [ 591.541515] binder: 4598:4625 Acquire 1 refcount change on invalid ref 0 ret -22 ** 86 printk messages dropped ** [ 591.684651] binder: 4639:4650 transaction failed 29189/-3, size 0-8 line 3134 2018/03/30 09:51:28 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 4 printk messages dropped ** [ 591.686921] binder: BINDER_SET_CONTEXT_MGR already set [ 591.686927] binder: 4639:4650 ioctl 40046207 0 returned -16 ** 9 printk messages dropped ** [ 591.687952] binder: 4643:4652 transaction failed 29189/-3, size 0-0 line 3134 ** 11 printk messages dropped ** [ 591.789245] binder: 4681:4683 BC_INCREFS_DONE u0000000000000000 no match 2018/03/30 09:51:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x114, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248a"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0x84, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 591.789249] binder: 4681:4683 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 2018/03/30 09:51:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 591.789260] binder: 4681:4683 Release 1 refcount change on invalid ref 0 ret -22 ** 86 printk messages dropped ** [ 591.861282] binder: 4691:4708 Acquire 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:28 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x118, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f2533"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0x84, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 7 printk messages dropped ** [ 591.861963] binder: 4700:4707 IncRefs 0 refcount change on invalid ref 4 ret -22 2018/03/30 09:51:28 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 64 printk messages dropped ** [ 591.977262] binder: BINDER_SET_CONTEXT_MGR already set 2018/03/30 09:51:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc4, 0x0, &(0x7f0000000940)=[@register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 32 printk messages dropped ** [ 591.992381] binder_alloc: 4723: binder_alloc_buf, no vma ** 8 printk messages dropped ** [ 592.061631] binder: 4738:4763 Acquire 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x118, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f2533"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc4, 0x0, &(0x7f0000000940)=[@register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 26 printk messages dropped ** [ 592.100082] binder: 4775:4781 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER ** 33 printk messages dropped ** [ 592.139589] binder: 4784:4786 BC_FREE_BUFFER u0000000000000000 no match 2018/03/30 09:51:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x118, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f2533"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc4, 0x0, &(0x7f0000000940)=[@register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 58 printk messages dropped ** [ 592.249136] binder: 4805:4809 Release 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:29 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 91 printk messages dropped ** [ 592.389108] binder: 4849:4858 IncRefs 0 refcount change on invalid ref 4 ret -22 2018/03/30 09:51:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11a, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 1 printk messages dropped ** [ 592.389212] binder: 4849:4858 transaction failed 29189/-3, size 0-8 line 3134 2018/03/30 09:51:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 90 printk messages dropped ** [ 592.530456] binder: 4890:4894 BC_FREE_BUFFER u0000000000000000 no match 2018/03/30 09:51:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11a, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 38 printk messages dropped ** [ 592.656067] binder: 4917:4925 BC_FREE_BUFFER u0000000000000000 no match 2018/03/30 09:51:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x0, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 58 printk messages dropped ** [ 592.664069] binder_alloc: 4914: binder_alloc_buf, no vma ** 34 printk messages dropped ** [ 592.793102] binder: BINDER_SET_CONTEXT_MGR already set 2018/03/30 09:51:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11a, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x0, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 592.793108] binder: 4955:4959 ioctl 40046207 0 returned -16 [ 592.793409] binder: 4955:4959 BC_FREE_BUFFER u0000000000000000 no match ** 78 printk messages dropped ** [ 592.822034] binder: 4969:4975 IncRefs 0 refcount change on invalid ref 4 ret -22 2018/03/30 09:51:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11b, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b5"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 13 printk messages dropped ** [ 592.910050] binder: 4997:4998 Release 1 refcount change on invalid ref 0 ret -22 [ 592.910120] binder_alloc: 4997: binder_alloc_buf, no vma [ 592.910165] binder: 4997:4998 transaction failed 29189/-3, size 0-0 line 3134 [ 592.910887] binder_alloc: 4997: binder_alloc_buf, no vma 2018/03/30 09:51:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x0, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 592.910924] binder: 4997:4998 transaction failed 29189/-3, size 0-0 line 3134 ** 31 printk messages dropped ** [ 592.948679] binder: 5004:5010 transaction failed 29189/-3, size 0-8 line 3134 [ 592.950632] binder: BINDER_SET_CONTEXT_MGR already set 2018/03/30 09:51:29 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11b, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b5"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 592.950639] binder: 5002:5013 ioctl 40046207 0 returned -16 ** 30 printk messages dropped ** [ 592.957823] binder: 5008:5014 Release 1 refcount change on invalid ref 0 ret -22 ** 60 printk messages dropped ** [ 593.157339] binder: 5060:5062 BC_INCREFS_DONE u0000000000000000 node 35678 cookie mismatch 0000000000000001 != 0000000000000000 2018/03/30 09:51:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11b, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b5"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0x84, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 11 printk messages dropped ** [ 593.161580] binder: 5061:5066 Release 1 refcount change on invalid ref 0 ret -22 [ 593.161589] binder: 5061:5066 IncRefs 0 refcount change on invalid ref 4 ret -22 ** 10 printk messages dropped ** [ 593.166779] binder: 5063:5069 BC_INCREFS_DONE u0000000000000000 no match [ 593.166787] binder: 5063:5069 Release 1 refcount change on invalid ref 0 ret -22 [ 593.166796] binder: 5063:5069 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 593.166863] binder_alloc: 5060: binder_alloc_buf, no vma ** 9 printk messages dropped ** [ 593.172838] binder: 5065:5070 Release 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:30 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 593.172907] binder_alloc: 5060: binder_alloc_buf, no vma [ 593.172950] binder: 5065:5070 transaction failed 29189/-3, size 0-0 line 3134 ** 7 printk messages dropped ** [ 593.173259] binder: 5067:5072 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 593.173325] binder_alloc: 5060: binder_alloc_buf, no vma 2018/03/30 09:51:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 21 printk messages dropped ** [ 593.178672] binder: 5059:5074 Release 1 refcount change on invalid ref 0 ret -22 ** 1 printk messages dropped ** [ 593.178744] binder_alloc: 5060: binder_alloc_buf, no vma [ 593.178783] binder: 5059:5074 transaction failed 29189/-3, size 0-0 line 3134 [ 593.180490] binder_alloc: 5060: binder_alloc_buf, no vma [ 593.180573] binder: 5064:5071 transaction failed 29189/-3, size 0-0 line 3134 ** 38 printk messages dropped ** [ 593.311220] binder_alloc: 5102: binder_alloc_buf, no vma [ 593.311259] binder: 5106:5108 transaction failed 29189/-3, size 0-8 line 3134 2018/03/30 09:51:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0), 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xbc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 1 printk messages dropped ** [ 593.313463] binder: 5107:5112 ioctl 40046207 0 returned -16 [ 593.313557] binder: 5107:5112 BC_FREE_BUFFER u0000000000000000 no match [ 593.313563] binder: 5107:5112 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 2018/03/30 09:51:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0x84, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xbc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0), 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 29 printk messages dropped ** [ 593.412928] binder: BINDER_SET_CONTEXT_MGR already set ** 2 printk messages dropped ** [ 593.413274] binder: 5123:5132 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 2018/03/30 09:51:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0x84, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 77 printk messages dropped ** [ 593.521684] binder: 5166:5174 IncRefs 0 refcount change on invalid ref 4 ret -22 2018/03/30 09:51:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x0, 0x0, &(0x7f00000006c0)}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0), 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x0, 0x48, &(0x7f0000000880), &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xbc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 28 printk messages dropped ** [ 593.558488] binder: BINDER_SET_CONTEXT_MGR already set ** 56 printk messages dropped ** [ 593.709468] binder: 5211:5216 ioctl 40046207 0 returned -16 2018/03/30 09:51:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x0, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x0, 0x48, &(0x7f0000000880), &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, 0x0, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x0, 0x0, &(0x7f00000006c0)}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 11 printk messages dropped ** [ 593.711532] binder_alloc: 5212: binder_alloc_buf, no vma 2018/03/30 09:51:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, 0x0, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 81 printk messages dropped ** [ 593.805453] binder: 5252:5253 IncRefs 0 refcount change on invalid ref 4 ret -22 2018/03/30 09:51:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x0, 0x0, &(0x7f00000006c0)}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 2 printk messages dropped ** [ 593.807217] binder_alloc: 5252: binder_alloc_buf, no vma ** 53 printk messages dropped ** [ 593.877165] binder: 5268:5271 Release 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x0, 0x48, &(0x7f0000000880), &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, 0x0, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x8e, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d840"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 16 printk messages dropped ** [ 594.001908] binder: 5292:5297 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER ** 8 printk messages dropped ** [ 594.004207] binder: 5288:5295 BC_INCREFS_DONE u0000000000000000 node 35771 cookie mismatch 0000000000000001 != 0000000000000000 2018/03/30 09:51:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 50 printk messages dropped ** [ 594.013258] binder: 5296:5304 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 2018/03/30 09:51:31 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 31 printk messages dropped ** [ 594.121564] binder_alloc: 5329: binder_alloc_buf, no vma [ 594.121603] binder: 5329:5335 transaction failed 29189/-3, size 0-0 line 3134 2018/03/30 09:51:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, 0xffffffffffffffff, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x8e, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d840"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 594.123418] binder: BINDER_SET_CONTEXT_MGR already set ** 9 printk messages dropped ** [ 594.125351] binder: 5330:5338 transaction failed 29189/-3, size 0-0 line 3134 2018/03/30 09:51:31 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 25 printk messages dropped ** [ 594.145911] binder_alloc: 5329: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 594.146501] binder: 5333:5342 Release 1 refcount change on invalid ref 0 ret -22 ** 37 printk messages dropped ** [ 594.243603] binder: 5370:5372 IncRefs 0 refcount change on invalid ref 4 ret -22 2018/03/30 09:51:31 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 21 printk messages dropped ** [ 594.329996] binder: 5380:5391 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 2018/03/30 09:51:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x8e, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d840"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, 0xffffffffffffffff, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 1 printk messages dropped ** [ 594.330017] binder: 5380:5391 IncRefs 0 refcount change on invalid ref 4 ret -22 ** 8 printk messages dropped ** [ 594.330360] binder: 5383:5388 Release 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:31 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 85 printk messages dropped ** [ 594.441881] binder: 5420:5424 Release 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, 0xffffffffffffffff, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0xd5, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c0215180"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(0xffffffffffffffff, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 594.441890] binder: 5420:5424 IncRefs 0 refcount change on invalid ref 4 ret -22 ** 43 printk messages dropped ** [ 594.459831] binder_alloc: 5420: binder_alloc_buf, no vma ** 25 printk messages dropped ** [ 594.478849] binder: 5431:5440 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER ** 25 printk messages dropped ** [ 594.569562] binder: 5460:5462 Release 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:31 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0xd5, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c0215180"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 594.569570] binder: 5460:5462 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 594.569639] binder_alloc: 5441: binder_alloc_buf, no vma [ 594.569680] binder: 5460:5462 transaction failed 29189/-3, size 0-0 line 3134 [ 594.570319] binder_alloc: 5441: binder_alloc_buf, no vma 2018/03/30 09:51:31 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x0, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 594.570358] binder: 5460:5462 transaction failed 29189/-3, size 0-0 line 3134 ** 72 printk messages dropped ** [ 594.713593] binder: BINDER_SET_CONTEXT_MGR already set 2018/03/30 09:51:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0xd5, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c0215180"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xcc, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 15 printk messages dropped ** [ 594.714610] binder: BINDER_SET_CONTEXT_MGR already set ** 1 printk messages dropped ** [ 594.714728] binder: 5499:5508 BC_FREE_BUFFER u0000000000000000 no match 2018/03/30 09:51:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x0, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 32 printk messages dropped ** [ 594.721829] binder_alloc: 5500: binder_alloc_buf, no vma ** 26 printk messages dropped ** [ 594.733623] binder: 5503:5512 transaction failed 29189/-3, size 0-0 line 3134 ** 11 printk messages dropped ** [ 594.831338] binder: 5539:5540 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER ** 8 printk messages dropped ** [ 594.878386] binder: 5545:5551 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER ** 1 printk messages dropped ** [ 594.878403] binder: 5545:5551 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER 2018/03/30 09:51:32 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 594.878412] binder: 5545:5551 Release 1 refcount change on invalid ref 0 ret -22 ** 6 printk messages dropped ** [ 594.880141] binder: 5543:5554 BC_FREE_BUFFER u0000000000000000 no match [ 594.880146] binder: 5543:5554 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 594.880152] binder: 5543:5554 BC_INCREFS_DONE u0000000000000000 no match [ 594.880157] binder: 5543:5554 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 594.880165] binder: 5543:5554 Release 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0xf9, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933a"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) [ 594.880172] binder: 5543:5554 IncRefs 0 refcount change on invalid ref 4 ret -22 2018/03/30 09:51:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x0, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 77 printk messages dropped ** [ 594.925280] binder: 5550:5578 Acquire 1 refcount change on invalid ref 0 ret -22 2018/03/30 09:51:32 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xbc, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f33"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x0, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0xf9, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933a"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x0]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xc8, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000840)}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x0) ioctl$TIOCEXCL(r4, 0x540c) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x0, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r4, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) 2018/03/30 09:51:32 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x40, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000240)=0xc) sched_getparam(0x0, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x0, 0x0, &(0x7f0000005fd4), 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r5 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 12 printk messages dropped ** [ 594.997233] binder: 5589:5593 BC_FREE_BUFFER u0000000000000000 no match 2018/03/30 09:51:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x0]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x0, 0x28, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x125, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e666cbc49a9186dbf51"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r3, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(r0) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x3, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da6300"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 81 printk messages dropped ** [ 595.097407] binder: BINDER_SET_CONTEXT_MGR already set 2018/03/30 09:51:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000002000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000540)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004000)={0x4, 0x0, &(0x7f0000000040)=[@enter_looper={0x630c}], 0x0, 0x0, &(0x7f00004c1000)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x91110, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007fd0)={0xd0, 0x0, &(0x7f0000000940)=[@free_buffer={0x40086303, r2}, @register_looper={0x630b}, @increfs_done={0x40106308, r2, 0x1}, @register_looper={0x630b}, @release={0x40046306}, @increfs={0x40046304, 0x4}, @transaction_sg={0x40486311, {{0x0, 0x0, 0x3, 0x0, 0x11, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000800), &(0x7f0000000840)=[0x18]}, 0x2}}, @transaction_sg={0x40486311, {{0x1, 0x0, 0x4, 0x0, 0x10, 0x0, 0x0, 0x18, 0x48, &(0x7f0000000880)=[@fd={0x66642a85, 0x0, r1, 0x0, 0x4}], &(0x7f00000008c0)=[0x78, 0x0, 0x40, 0x38, 0x0, 0x0, 0x48, 0x20, 0x0]}, 0x100000001}}], 0x11c, 0x0, &(0x7f00000006c0)="62164b44a5c310affb2298c023c7036e8992da1c2038bdbe7ad4795c99f0d533d015400419dae89cc59e3878ffffff00000000f7d7000003000000070718d1fc0e41a052600c825d8d8b11060e52e6a1e69bfd89d9fe6582b7fdd29cafbc51c05fc2aacd5467c07946d5a4c3ea5e09b9ef452210351bd5ecca26454fd4cca347b39778117873baf21602b024d84001f260af9cf9b53ffe1582e09e41d0c77c14e22e31df57228836e8c4636fca5afc7e7df80609889918650c9551474615628e91269af1e3c4d1a1273072b77805e1dc33c021518051c3254358835efed2febfba3bb8e609e52f7d052451d226c60d39961e01ced58f3c933ac6ec95c8d15de1e827ef7616fe2eaf62016a0f6c6161a872f6248aea8f25335ea5b50e"}) setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000001c0)=0x8001, 0x2) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f00000004c0)='/dev/binder#\x00', 0x2) ioctl$TIOCEXCL(r4, 0x540c) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000cf7ff4)) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x12, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0xb8e1) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f0000000240)=0xc) sched_getparam(r5, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x14, 0x0, &(0x7f0000005fd4)=[@acquire_done={0x40486311}], 0x0, 0x0, &(0x7f0000260000)}) clock_gettime(0x0, &(0x7f00000000c0)) open(&(0x7f00000002c0)='./file0\x00', 0x400, 0x4) fcntl$F_GET_FILE_RW_HINT(0xffffffffffffffff, 0x40d, &(0x7f0000000340)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000004f98)=ANY=[@ANYBLOB], 0xfa, 0x0, &(0x7f00000003c0)="ec53064fa2349636ba02a2cc7b5bbd0c2c06d059db33978707adffab7df3b51fe3e2846b11c332d14066234eb2acf0967d83d00028883c1ef4a487432aa5b1ca8fb2fe93eed979717d17211c44fe837590c1b2eda5fbcb4624c29831ca41fa4226497a30f85448fad172a905722d57c68b264ccc028bdd8b0739a8612e5f1d7972754018cc9d1897bbac6f7618b89f7175f3df848ce1a172169e26d74c7abfa5873d56471e8d22c1cc312214a92d5019233b6ab9e35520103bef3f330d1c29c39d146fff081fff3ed8e564693e9e2032c98b7ae99c82f4968cc0e254ad1d5efab053cbe3cba87e5647214ca0a80af69d0598b3d90e2aa32e9124"}) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r6 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000500)='./file0\x00', 0x4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x40046305}], 0x0, 0x0, &(0x7f0000012fc7)}) close(0xffffffffffffffff) pread64(r0, &(0x7f0000000080)=""/4, 0x4, 0x0) getsockopt(0xffffffffffffffff, 0x3, 0x5, &(0x7f0000000100)=""/31, &(0x7f0000000140)=0x1f) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x4, 0x0, &(0x7f000000cf68)=ANY=[@ANYBLOB="da630000"], 0x1, 0x0, &(0x7f0000008f37)="c2"}) ** 13 printk messages dropped ** [ 595.125768] binder: 5619:5626 BC_FREE_BUFFER u0000000000000000 no match ** 13 printk messages dropped ** [ 595.131457] binder: 5624:5630 BC_INCREFS_DONE u0000000000000000 no match ** 11 printk messages dropped ** [ 595.138751] binder: 5628:5632 ERROR: BC_REGISTER_LOOPER called without request ** 161 printk messages dropped ** [ 595.469989] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.470027] binder: 5711:5712 transaction failed 29189/-3, size 0-0 line 3134 [ 595.472898] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.472937] binder: 5711:5712 transaction failed 29189/-3, size 0-0 line 3134 [ 595.484219] binder: BINDER_SET_CONTEXT_MGR already set [ 595.484224] binder: 5714:5718 ioctl 40046207 0 returned -16 [ 595.484318] binder: 5714:5718 BC_FREE_BUFFER u0000000000000000 no match [ 595.484324] binder: 5714:5718 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.484341] binder: 5714:5718 BC_INCREFS_DONE u0000000000000000 no match [ 595.484346] binder: 5714:5718 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.484358] binder: 5714:5718 Release 1 refcount change on invalid ref 0 ret -22 [ 595.484368] binder: 5714:5718 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.484434] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.484475] binder: 5714:5718 transaction failed 29189/-3, size 0-8 line 3134 [ 595.485748] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.485782] binder: 5714:5718 transaction failed 29189/-3, size 0-0 line 3134 [ 595.490177] binder: BINDER_SET_CONTEXT_MGR already set [ 595.490184] binder: 5715:5721 ioctl 40046207 0 returned -16 [ 595.490232] binder: BINDER_SET_CONTEXT_MGR already set [ 595.490237] binder: 5713:5720 ioctl 40046207 0 returned -16 [ 595.490376] binder: 5713:5720 BC_FREE_BUFFER u0000000000000000 no match [ 595.490381] binder: 5713:5720 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.490389] binder: 5713:5720 BC_INCREFS_DONE u0000000000000000 no match [ 595.490394] binder: 5713:5720 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.490403] binder: 5713:5720 Release 1 refcount change on invalid ref 0 ret -22 [ 595.490412] binder: 5713:5720 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.490478] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.490520] binder: 5713:5720 transaction failed 29189/-3, size 0-8 line 3134 [ 595.490620] binder: 5715:5721 BC_FREE_BUFFER u0000000000000000 no match [ 595.490627] binder: 5715:5721 BC_INCREFS_DONE u0000000000000000 no match [ 595.490632] binder: 5715:5721 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.490639] binder: 5715:5721 Release 1 refcount change on invalid ref 0 ret -22 [ 595.490648] binder: 5715:5721 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.490710] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.490748] binder: 5715:5721 transaction failed 29189/-3, size 0-8 line 3134 [ 595.490986] binder: BINDER_SET_CONTEXT_MGR already set [ 595.490992] binder: 5716:5719 ioctl 40046207 0 returned -16 [ 595.491094] binder: 5716:5719 BC_FREE_BUFFER u0000000000000000 no match [ 595.491099] binder: 5716:5719 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.491106] binder: 5716:5719 BC_INCREFS_DONE u0000000000000000 no match [ 595.491111] binder: 5716:5719 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.491120] binder: 5716:5719 Release 1 refcount change on invalid ref 0 ret -22 [ 595.491128] binder: 5716:5719 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.491186] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.491219] binder: 5716:5719 transaction failed 29189/-3, size 0-0 line 3134 [ 595.492981] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.493022] binder: 5716:5719 transaction failed 29189/-3, size 0-0 line 3134 [ 595.494051] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.494093] binder: 5715:5721 transaction failed 29189/-3, size 0-0 line 3134 [ 595.494448] binder_alloc: 5711: binder_alloc_buf, no vma [ 595.494488] binder: 5713:5720 transaction failed 29189/-3, size 0-0 line 3134 [ 595.494984] binder: BINDER_SET_CONTEXT_MGR already set [ 595.494990] binder: 5715:5721 ioctl 40046207 0 returned -16 [ 595.498031] binder: 5711:5726 Acquire 1 refcount change on invalid ref 0 ret -22 [ 595.519734] binder: 5713:5729 Acquire 1 refcount change on invalid ref 0 ret -22 [ 595.528861] binder: 5716:5731 Acquire 1 refcount change on invalid ref 0 ret -22 [ 595.569108] binder: 5737:5740 BC_FREE_BUFFER u0000000000000000 no match [ 595.569114] binder: 5737:5740 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.569125] binder: 5737:5740 BC_INCREFS_DONE u0000000000000000 node 35970 cookie mismatch 0000000000000001 != 0000000000000000 [ 595.569132] binder: 5737:5740 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.569142] binder: 5737:5740 Release 1 refcount change on invalid ref 0 ret -22 [ 595.569152] binder: 5737:5740 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.569218] binder_alloc: 5737: binder_alloc_buf, no vma [ 595.569258] binder: 5737:5740 transaction failed 29189/-3, size 0-8 line 3134 [ 595.576325] binder_alloc: 5737: binder_alloc_buf, no vma [ 595.576363] binder: 5737:5740 transaction failed 29189/-3, size 0-0 line 3134 [ 595.579685] binder: BINDER_SET_CONTEXT_MGR already set [ 595.579692] binder: 5732:5739 ioctl 40046207 0 returned -16 [ 595.579802] binder: 5732:5739 BC_FREE_BUFFER u0000000000000000 no match [ 595.579807] binder: 5732:5739 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.579814] binder: 5732:5739 BC_INCREFS_DONE u0000000000000000 no match [ 595.579818] binder: 5732:5739 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.579827] binder: 5732:5739 Release 1 refcount change on invalid ref 0 ret -22 [ 595.579891] binder_alloc: 5737: binder_alloc_buf, no vma [ 595.579930] binder: 5732:5739 transaction failed 29189/-3, size 0-0 line 3134 [ 595.580393] binder: BINDER_SET_CONTEXT_MGR already set [ 595.580398] binder: 5738:5742 ioctl 40046207 0 returned -16 [ 595.580601] binder: 5738:5742 BC_FREE_BUFFER u0000000000000000 no match [ 595.580606] binder: 5738:5742 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.580612] binder: 5738:5742 BC_INCREFS_DONE u0000000000000000 no match [ 595.580617] binder: 5738:5742 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.580626] binder: 5738:5742 Release 1 refcount change on invalid ref 0 ret -22 [ 595.580634] binder: 5738:5742 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.580695] binder_alloc: 5737: binder_alloc_buf, no vma [ 595.580733] binder: 5738:5742 transaction failed 29189/-3, size 0-8 line 3134 [ 595.582636] binder_alloc: 5737: binder_alloc_buf, no vma [ 595.582673] binder: 5732:5739 transaction failed 29189/-3, size 0-0 line 3134 [ 595.605086] binder: 5732:5741 Acquire 1 refcount change on invalid ref 0 ret -22 [ 595.630960] binder: 5747:5750 BC_FREE_BUFFER u0000000000000000 no match [ 595.630967] binder: 5747:5750 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.630981] binder: 5747:5750 BC_INCREFS_DONE u0000000000000000 node 35977 cookie mismatch 0000000000000001 != 0000000000000000 [ 595.630988] binder: 5747:5750 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.630998] binder: 5747:5750 Release 1 refcount change on invalid ref 0 ret -22 [ 595.631007] binder: 5747:5750 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.631072] binder_alloc: 5747: binder_alloc_buf, no vma [ 595.631112] binder: 5747:5750 transaction failed 29189/-3, size 0-8 line 3134 [ 595.632432] binder_alloc: 5747: binder_alloc_buf, no vma [ 595.632471] binder: 5747:5750 transaction failed 29189/-3, size 0-0 line 3134 [ 595.672568] binder: BINDER_SET_CONTEXT_MGR already set [ 595.672575] binder: 5757:5759 ioctl 40046207 0 returned -16 [ 595.672690] binder: 5757:5759 BC_FREE_BUFFER u0000000000000000 no match [ 595.672695] binder: 5757:5759 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.672700] binder: 5757:5759 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.672710] binder: 5757:5759 Release 1 refcount change on invalid ref 0 ret -22 [ 595.672719] binder: 5757:5759 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.672788] binder_alloc: 5747: binder_alloc_buf, no vma [ 595.672833] binder: 5757:5759 transaction failed 29189/-3, size 0-8 line 3134 [ 595.673092] binder: BINDER_SET_CONTEXT_MGR already set [ 595.673099] binder: 5752:5758 ioctl 40046207 0 returned -16 [ 595.675436] binder: 5752:5758 BC_FREE_BUFFER u0000000000000000 no match [ 595.675441] binder: 5752:5758 ERROR: BC_REGISTER_LOOPER called without request [ 595.675449] binder: 5752:5758 BC_INCREFS_DONE u0000000000000000 no match [ 595.675454] binder: 5752:5758 ERROR: BC_REGISTER_LOOPER called without request [ 595.675465] binder: 5752:5758 Release 1 refcount change on invalid ref 0 ret -22 [ 595.675474] binder: 5752:5758 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.675541] binder_alloc: 5747: binder_alloc_buf, no vma [ 595.675583] binder: 5752:5758 transaction failed 29189/-3, size 0-0 line 3134 [ 595.675750] binder_alloc: 5747: binder_alloc_buf, no vma [ 595.675786] binder: 5757:5759 transaction failed 29189/-3, size 0-0 line 3134 [ 595.676342] binder: BINDER_SET_CONTEXT_MGR already set [ 595.676348] binder: 5757:5759 ioctl 40046207 0 returned -16 [ 595.686945] binder_alloc: 5747: binder_alloc_buf, no vma [ 595.686985] binder: 5752:5758 transaction failed 29189/-3, size 0-0 line 3134 [ 595.794529] binder: 5752:5758 Acquire 1 refcount change on invalid ref 0 ret -22 [ 595.813619] binder: undelivered TRANSACTION_ERROR: 29189 [ 595.822632] binder: 5760:5763 transaction failed 29189/-22, size 0-0 line 3011 [ 595.827084] binder: 5770:5771 BC_FREE_BUFFER u0000000000000000 no match [ 595.827089] binder: 5770:5771 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.827101] binder: 5770:5771 BC_INCREFS_DONE u0000000000000000 node 35986 cookie mismatch 0000000000000001 != 0000000000000000 [ 595.827107] binder: 5770:5771 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.827118] binder: 5770:5771 Release 1 refcount change on invalid ref 0 ret -22 [ 595.827127] binder: 5770:5771 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.827195] binder_alloc: 5770: binder_alloc_buf, no vma [ 595.827235] binder: 5770:5771 transaction failed 29189/-3, size 0-8 line 3134 [ 595.832712] binder_alloc: 5770: binder_alloc_buf, no vma [ 595.832752] binder: 5770:5771 transaction failed 29189/-3, size 0-0 line 3134 [ 595.852043] binder: 5760:5767 Acquire 1 refcount change on invalid ref 0 ret -22 [ 595.933615] binder: 5779:5780 BC_FREE_BUFFER u0000000000000000 no match [ 595.933621] binder: 5779:5780 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.933633] binder: 5779:5780 BC_INCREFS_DONE u0000000000000000 node 35990 cookie mismatch 0000000000000001 != 0000000000000000 [ 595.933640] binder: 5779:5780 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 595.933650] binder: 5779:5780 Release 1 refcount change on invalid ref 0 ret -22 [ 595.933657] binder: 5779:5780 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 595.933715] binder_alloc: 5779: binder_alloc_buf, no vma [ 595.933748] binder: 5779:5780 transaction failed 29189/-3, size 0-8 line 3134 [ 595.938991] binder_alloc: 5779: binder_alloc_buf, no vma [ 595.939031] binder: 5779:5780 transaction failed 29189/-3, size 0-0 line 3134 [ 596.176697] binder: 5783:5784 BC_FREE_BUFFER u0000000000000000 no match [ 596.176703] binder: 5783:5784 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.176712] binder: 5783:5784 BC_INCREFS_DONE u0000000000000000 no match [ 596.176716] binder: 5783:5784 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.176728] binder: 5783:5784 Release 1 refcount change on invalid ref 0 ret -22 [ 596.176736] binder: 5783:5784 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.176748] binder: 5783:5784 transaction failed 29189/-22, size 0-0 line 3011 [ 596.177261] binder: 5783:5784 transaction failed 29189/-22, size 0-0 line 3011 [ 596.206043] binder: 5787:5789 BC_FREE_BUFFER u0000000000000000 no match [ 596.206049] binder: 5787:5789 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.206059] binder: 5787:5789 BC_INCREFS_DONE u0000000000000000 node 35996 cookie mismatch 0000000000000001 != 0000000000000000 [ 596.206066] binder: 5787:5789 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.206076] binder: 5787:5789 Release 1 refcount change on invalid ref 0 ret -22 [ 596.206086] binder: 5787:5789 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.206148] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.206186] binder: 5787:5789 transaction failed 29189/-3, size 0-8 line 3134 [ 596.206363] binder: 5783:5792 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.208522] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.208564] binder: 5787:5789 transaction failed 29189/-3, size 0-0 line 3134 [ 596.209004] binder: BINDER_SET_CONTEXT_MGR already set [ 596.209012] binder: 5788:5791 ioctl 40046207 0 returned -16 [ 596.209142] binder: BINDER_SET_CONTEXT_MGR already set [ 596.209148] binder: 5786:5794 ioctl 40046207 0 returned -16 [ 596.209708] binder: 5788:5791 BC_FREE_BUFFER u0000000000000000 no match [ 596.209716] binder: 5788:5791 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.209762] binder: 5788:5791 BC_INCREFS_DONE u0000000000000000 no match [ 596.209766] binder: 5788:5791 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.209775] binder: 5788:5791 Release 1 refcount change on invalid ref 0 ret -22 [ 596.209783] binder: 5788:5791 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.209888] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.209926] binder: 5788:5791 transaction failed 29189/-3, size 0-8 line 3134 [ 596.210049] binder: 5786:5794 BC_FREE_BUFFER u0000000000000000 no match [ 596.210053] binder: 5786:5794 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.210060] binder: 5786:5794 BC_INCREFS_DONE u0000000000000000 no match [ 596.210065] binder: 5786:5794 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.210073] binder: 5786:5794 Release 1 refcount change on invalid ref 0 ret -22 [ 596.210081] binder: 5786:5794 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.210146] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.210186] binder: 5786:5794 transaction failed 29189/-3, size 0-8 line 3134 [ 596.213370] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.213408] binder: 5786:5794 transaction failed 29189/-3, size 0-0 line 3134 [ 596.217130] binder: BINDER_SET_CONTEXT_MGR already set [ 596.217137] binder: 5790:5796 ioctl 40046207 0 returned -16 [ 596.217247] binder: 5790:5796 BC_FREE_BUFFER u0000000000000000 no match [ 596.217252] binder: 5790:5796 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.217259] binder: 5790:5796 BC_INCREFS_DONE u0000000000000000 no match [ 596.217263] binder: 5790:5796 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.217272] binder: 5790:5796 Release 1 refcount change on invalid ref 0 ret -22 [ 596.217279] binder: 5790:5796 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.217361] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.217400] binder: 5790:5796 transaction failed 29189/-3, size 0-8 line 3134 [ 596.220797] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.220838] binder: 5790:5796 transaction failed 29189/-3, size 0-0 line 3134 [ 596.227602] binder: BINDER_SET_CONTEXT_MGR already set [ 596.227609] binder: 5793:5798 ioctl 40046207 0 returned -16 [ 596.227701] binder: 5793:5798 BC_FREE_BUFFER u0000000000000000 no match [ 596.227706] binder: 5793:5798 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.227713] binder: 5793:5798 BC_INCREFS_DONE u0000000000000000 no match [ 596.227717] binder: 5793:5798 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.227727] binder: 5793:5798 Release 1 refcount change on invalid ref 0 ret -22 [ 596.227792] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.227840] binder: 5793:5798 transaction failed 29189/-3, size 0-0 line 3134 [ 596.230671] binder_alloc: 5787: binder_alloc_buf, no vma [ 596.230760] binder: 5793:5798 transaction failed 29189/-3, size 0-0 line 3134 [ 596.236574] binder: 5787:5801 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.265057] binder: 5793:5809 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.293870] binder: 5788:5813 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.363322] binder: 5816:5821 BC_FREE_BUFFER u0000000000000000 no match [ 596.363329] binder: 5816:5821 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.363333] binder: 5816:5821 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.363344] binder: 5816:5821 Release 1 refcount change on invalid ref 0 ret -22 [ 596.363353] binder: 5816:5821 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.363421] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.363466] binder: 5816:5821 transaction failed 29189/-3, size 0-8 line 3134 [ 596.366364] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.366405] binder: 5816:5821 transaction failed 29189/-3, size 0-0 line 3134 [ 596.366705] binder: BINDER_SET_CONTEXT_MGR already set [ 596.366716] binder: 5817:5826 ioctl 40046207 0 returned -16 [ 596.367267] binder: 5817:5826 BC_FREE_BUFFER u0000000000000000 no match [ 596.367272] binder: 5817:5826 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.367280] binder: 5817:5826 BC_INCREFS_DONE u0000000000000000 no match [ 596.367285] binder: 5817:5826 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.367297] binder: 5817:5826 Release 1 refcount change on invalid ref 0 ret -22 [ 596.367308] binder: 5817:5826 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.367376] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.367416] binder: 5817:5826 transaction failed 29189/-3, size 0-8 line 3134 [ 596.369828] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.369866] binder: 5817:5826 transaction failed 29189/-3, size 0-0 line 3134 [ 596.370083] binder: BINDER_SET_CONTEXT_MGR already set [ 596.370090] binder: 5816:5821 ioctl 40046207 0 returned -16 [ 596.370435] binder: BINDER_SET_CONTEXT_MGR already set [ 596.370440] binder: 5818:5823 ioctl 40046207 0 returned -16 [ 596.370496] binder: 5815:5825 BC_FREE_BUFFER u0000000000000000 no match [ 596.370501] binder: 5815:5825 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.370509] binder: 5815:5825 BC_INCREFS_DONE u0000000000000000 no match [ 596.370514] binder: 5815:5825 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.370522] binder: 5815:5825 Release 1 refcount change on invalid ref 0 ret -22 [ 596.370531] binder: 5815:5825 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.370600] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.370642] binder: 5815:5825 transaction failed 29189/-3, size 0-0 line 3134 [ 596.370932] binder: 5818:5823 BC_FREE_BUFFER u0000000000000000 no match [ 596.370937] binder: 5818:5823 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.370944] binder: 5818:5823 BC_INCREFS_DONE u0000000000000000 no match [ 596.370948] binder: 5818:5823 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.370957] binder: 5818:5823 Release 1 refcount change on invalid ref 0 ret -22 [ 596.370963] binder: 5818:5823 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.371028] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.371068] binder: 5818:5823 transaction failed 29189/-3, size 0-8 line 3134 [ 596.372238] binder: BINDER_SET_CONTEXT_MGR already set [ 596.372244] binder: 5820:5828 ioctl 40046207 0 returned -16 [ 596.372502] binder: 5820:5828 BC_FREE_BUFFER u0000000000000000 no match [ 596.372506] binder: 5820:5828 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.372513] binder: 5820:5828 BC_INCREFS_DONE u0000000000000000 no match [ 596.372518] binder: 5820:5828 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.372527] binder: 5820:5828 Release 1 refcount change on invalid ref 0 ret -22 [ 596.372588] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.372625] binder: 5820:5828 transaction failed 29189/-3, size 0-0 line 3134 [ 596.373469] binder: BINDER_SET_CONTEXT_MGR already set [ 596.373475] binder: 5819:5829 ioctl 40046207 0 returned -16 [ 596.373737] binder: 5819:5829 BC_FREE_BUFFER u0000000000000000 no match [ 596.373742] binder: 5819:5829 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.373748] binder: 5819:5829 BC_INCREFS_DONE u0000000000000000 no match [ 596.373752] binder: 5819:5829 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.373760] binder: 5819:5829 Release 1 refcount change on invalid ref 0 ret -22 [ 596.373767] binder: 5819:5829 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.373831] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.373867] binder: 5819:5829 transaction failed 29189/-3, size 0-8 line 3134 [ 596.374980] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.375014] binder: 5820:5828 transaction failed 29189/-3, size 0-0 line 3134 [ 596.376580] binder: BINDER_SET_CONTEXT_MGR already set [ 596.376586] binder: 5824:5830 ioctl 40046207 0 returned -16 [ 596.377075] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.377116] binder: 5818:5823 transaction failed 29189/-3, size 0-0 line 3134 [ 596.377136] binder: 5824:5830 BC_FREE_BUFFER u0000000000000000 no match [ 596.377141] binder: 5824:5830 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.377148] binder: 5824:5830 BC_INCREFS_DONE u0000000000000000 no match [ 596.377153] binder: 5824:5830 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.377164] binder: 5824:5830 Release 1 refcount change on invalid ref 0 ret -22 [ 596.377173] binder: 5824:5830 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.377240] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.377281] binder: 5824:5830 transaction failed 29189/-3, size 0-0 line 3134 [ 596.377353] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.377529] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.377566] binder: 5819:5829 transaction failed 29189/-3, size 0-0 line 3134 [ 596.377759] binder: 5815:5825 transaction failed 29189/-3, size 0-0 line 3134 [ 596.379026] binder: BINDER_SET_CONTEXT_MGR already set [ 596.379033] binder: 5822:5827 ioctl 40046207 0 returned -16 [ 596.379525] binder: 5822:5827 BC_FREE_BUFFER u0000000000000000 no match [ 596.379530] binder: 5822:5827 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.379537] binder: 5822:5827 BC_INCREFS_DONE u0000000000000000 no match [ 596.379542] binder: 5822:5827 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.379551] binder: 5822:5827 Release 1 refcount change on invalid ref 0 ret -22 [ 596.379559] binder: 5822:5827 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.379793] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.379833] binder: 5822:5827 transaction failed 29189/-3, size 0-8 line 3134 [ 596.381634] binder_alloc: 5816: binder_alloc_buf, no vma [ 596.381673] binder: 5824:5830 transaction failed 29189/-3, size 0-0 line 3134 [ 596.412343] binder: 5815:5841 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.414090] binder: 5817:5839 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.414213] binder: 5820:5840 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.467127] binder: 5822:5854 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.509198] binder: 5856:5861 BC_FREE_BUFFER u0000000000000000 no match [ 596.509204] binder: 5856:5861 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.509208] binder: 5856:5861 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.509220] binder: 5856:5861 Release 1 refcount change on invalid ref 0 ret -22 [ 596.509237] binder: 5856:5861 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.510302] binder: BINDER_SET_CONTEXT_MGR already set [ 596.510308] binder: 5860:5865 ioctl 40046207 0 returned -16 [ 596.510401] binder: 5860:5865 BC_FREE_BUFFER u0000000000000000 no match [ 596.510406] binder: 5860:5865 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.510414] binder: 5860:5865 BC_INCREFS_DONE u0000000000000000 no match [ 596.510418] binder: 5860:5865 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.510428] binder: 5860:5865 Release 1 refcount change on invalid ref 0 ret -22 [ 596.510436] binder: 5860:5865 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.510483] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.510499] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.510523] binder: 5856:5861 transaction failed 29189/-3, size 0-8 line 3134 [ 596.510534] binder: 5860:5865 transaction failed 29189/-3, size 0-0 line 3134 [ 596.511766] binder: BINDER_SET_CONTEXT_MGR already set [ 596.511774] binder: 5857:5863 ioctl 40046207 0 returned -16 [ 596.512345] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.512382] binder: 5860:5865 transaction failed 29189/-3, size 0-0 line 3134 [ 596.512690] binder: 5857:5863 BC_FREE_BUFFER u0000000000000000 no match [ 596.512695] binder: 5857:5863 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.512702] binder: 5857:5863 BC_INCREFS_DONE u0000000000000000 no match [ 596.512707] binder: 5857:5863 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.512715] binder: 5857:5863 Release 1 refcount change on invalid ref 0 ret -22 [ 596.512779] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.512818] binder: 5857:5863 transaction failed 29189/-3, size 0-0 line 3134 [ 596.513104] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.513143] binder: 5856:5861 transaction failed 29189/-3, size 0-0 line 3134 [ 596.513883] binder: BINDER_SET_CONTEXT_MGR already set [ 596.513890] binder: 5856:5861 ioctl 40046207 0 returned -16 [ 596.514777] binder: BINDER_SET_CONTEXT_MGR already set [ 596.514783] binder: 5862:5866 ioctl 40046207 0 returned -16 [ 596.514870] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.514886] binder: 5862:5866 BC_FREE_BUFFER u0000000000000000 no match [ 596.514891] binder: 5862:5866 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.514900] binder: 5862:5866 BC_INCREFS_DONE u0000000000000000 no match [ 596.514905] binder: 5862:5866 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.514911] binder: 5857:5863 transaction failed 29189/-3, size 0-0 line 3134 [ 596.514917] binder: 5862:5866 Release 1 refcount change on invalid ref 0 ret -22 [ 596.514926] binder: 5862:5866 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.514989] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.515025] binder: 5862:5866 transaction failed 29189/-3, size 0-8 line 3134 [ 596.519657] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.519691] binder: 5862:5866 transaction failed 29189/-3, size 0-0 line 3134 [ 596.521104] binder: 5858:5864 BC_FREE_BUFFER u0000000000000000 no match [ 596.521109] binder: 5858:5864 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.521117] binder: 5858:5864 BC_INCREFS_DONE u0000000000000000 no match [ 596.521121] binder: 5858:5864 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.521132] binder: 5858:5864 Release 1 refcount change on invalid ref 0 ret -22 [ 596.521140] binder: 5858:5864 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.521209] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.521247] binder: 5858:5864 transaction failed 29189/-3, size 0-0 line 3134 [ 596.523687] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.523725] binder: 5858:5864 transaction failed 29189/-3, size 0-0 line 3134 [ 596.526530] binder: BINDER_SET_CONTEXT_MGR already set [ 596.526536] binder: 5867:5871 ioctl 40046207 0 returned -16 [ 596.526618] binder: 5867:5871 BC_FREE_BUFFER u0000000000000000 no match [ 596.526622] binder: 5867:5871 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.526629] binder: 5867:5871 BC_INCREFS_DONE u0000000000000000 no match [ 596.526632] binder: 5867:5871 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.526641] binder: 5867:5871 Release 1 refcount change on invalid ref 0 ret -22 [ 596.526648] binder: 5867:5871 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.526706] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.526741] binder: 5867:5871 transaction failed 29189/-3, size 0-8 line 3134 [ 596.536539] binder_alloc: 5856: binder_alloc_buf, no vma [ 596.536578] binder: 5867:5871 transaction failed 29189/-3, size 0-0 line 3134 [ 596.546002] binder: 5862:5879 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.547070] binder: 5857:5876 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.553263] binder: 5858:5883 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.646575] binder: 5888:5889 BC_FREE_BUFFER u0000000000000000 no match [ 596.646581] binder: 5888:5889 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.646592] binder: 5888:5889 BC_INCREFS_DONE u0000000000000000 node 36042 cookie mismatch 0000000000000001 != 0000000000000000 [ 596.646597] binder: 5888:5889 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.646608] binder: 5888:5889 Release 1 refcount change on invalid ref 0 ret -22 [ 596.646618] binder: 5888:5889 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.646679] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.646718] binder: 5888:5889 transaction failed 29189/-3, size 0-8 line 3134 [ 596.649084] binder: BINDER_SET_CONTEXT_MGR already set [ 596.649091] binder: 5890:5892 ioctl 40046207 0 returned -16 [ 596.649183] binder: 5890:5892 BC_FREE_BUFFER u0000000000000000 no match [ 596.649188] binder: 5890:5892 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.649195] binder: 5890:5892 BC_INCREFS_DONE u0000000000000000 no match [ 596.649200] binder: 5890:5892 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.649210] binder: 5890:5892 Release 1 refcount change on invalid ref 0 ret -22 [ 596.649218] binder: 5890:5892 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.649287] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.649328] binder: 5890:5892 transaction failed 29189/-3, size 0-8 line 3134 [ 596.652039] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.652079] binder: 5890:5892 transaction failed 29189/-3, size 0-0 line 3134 [ 596.652490] binder: BINDER_SET_CONTEXT_MGR already set [ 596.652497] binder: 5890:5892 ioctl 40046207 0 returned -16 [ 596.670799] binder: BINDER_SET_CONTEXT_MGR already set [ 596.670807] binder: 5891:5897 ioctl 40046207 0 returned -16 [ 596.670902] binder: 5891:5897 BC_FREE_BUFFER u0000000000000000 no match [ 596.670907] binder: 5891:5897 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.670916] binder: 5891:5897 BC_INCREFS_DONE u0000000000000000 no match [ 596.670921] binder: 5891:5897 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.670932] binder: 5891:5897 Release 1 refcount change on invalid ref 0 ret -22 [ 596.670940] binder: 5891:5897 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.671014] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.671865] binder: 5891:5897 transaction failed 29189/-3, size 0-8 line 3134 [ 596.674535] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.674577] binder: 5891:5897 transaction failed 29189/-3, size 0-0 line 3134 [ 596.676435] binder: BINDER_SET_CONTEXT_MGR already set [ 596.676442] binder: 5893:5898 ioctl 40046207 0 returned -16 [ 596.676538] binder: BINDER_SET_CONTEXT_MGR already set [ 596.676543] binder: 5895:5903 ioctl 40046207 0 returned -16 [ 596.676728] binder: 5893:5898 BC_FREE_BUFFER u0000000000000000 no match [ 596.676733] binder: 5893:5898 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.676741] binder: 5893:5898 BC_INCREFS_DONE u0000000000000000 no match [ 596.676745] binder: 5893:5898 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.676757] binder: 5893:5898 Release 1 refcount change on invalid ref 0 ret -22 [ 596.676764] binder: 5893:5898 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.676835] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.676877] binder: 5893:5898 transaction failed 29189/-3, size 0-8 line 3134 [ 596.676900] binder: 5895:5903 BC_FREE_BUFFER u0000000000000000 no match [ 596.676905] binder: 5895:5903 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.676912] binder: 5895:5903 BC_INCREFS_DONE u0000000000000000 no match [ 596.676916] binder: 5895:5903 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.676925] binder: 5895:5903 Release 1 refcount change on invalid ref 0 ret -22 [ 596.676934] binder: 5895:5903 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.676996] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.677036] binder: 5895:5903 transaction failed 29189/-3, size 0-0 line 3134 [ 596.677306] binder: BINDER_SET_CONTEXT_MGR already set [ 596.677312] binder: 5896:5904 ioctl 40046207 0 returned -16 [ 596.677400] binder: 5896:5904 BC_FREE_BUFFER u0000000000000000 no match [ 596.677404] binder: 5896:5904 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.677410] binder: 5896:5904 BC_INCREFS_DONE u0000000000000000 no match [ 596.677414] binder: 5896:5904 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.677422] binder: 5896:5904 Release 1 refcount change on invalid ref 0 ret -22 [ 596.677429] binder: 5896:5904 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.677488] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.677524] binder: 5896:5904 transaction failed 29189/-3, size 0-8 line 3134 [ 596.679563] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.679602] binder: 5895:5903 transaction failed 29189/-3, size 0-0 line 3134 [ 596.680852] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.680890] binder: 5896:5904 transaction failed 29189/-3, size 0-0 line 3134 [ 596.681010] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.681048] binder: 5893:5898 transaction failed 29189/-3, size 0-0 line 3134 [ 596.687602] binder: BINDER_SET_CONTEXT_MGR already set [ 596.687608] binder: 5894:5902 ioctl 40046207 0 returned -16 [ 596.689043] binder: 5894:5902 BC_FREE_BUFFER u0000000000000000 no match [ 596.689049] binder: 5894:5902 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.689058] binder: 5894:5902 BC_INCREFS_DONE u0000000000000000 no match [ 596.689063] binder: 5894:5902 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.689072] binder: 5894:5902 Release 1 refcount change on invalid ref 0 ret -22 [ 596.689140] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.689182] binder: 5894:5902 transaction failed 29189/-3, size 0-0 line 3134 [ 596.689987] binder: BINDER_SET_CONTEXT_MGR already set [ 596.689994] binder: 5899:5906 ioctl 40046207 0 returned -16 [ 596.690944] binder: 5899:5906 BC_FREE_BUFFER u0000000000000000 no match [ 596.690950] binder: 5899:5906 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.690958] binder: 5899:5906 BC_INCREFS_DONE u0000000000000000 no match [ 596.690963] binder: 5899:5906 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.690973] binder: 5899:5906 Release 1 refcount change on invalid ref 0 ret -22 [ 596.690980] binder: 5899:5906 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.691048] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.691085] binder: 5899:5906 transaction failed 29189/-3, size 0-0 line 3134 [ 596.691458] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.691494] binder: 5894:5902 transaction failed 29189/-3, size 0-0 line 3134 [ 596.694206] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.694245] binder: 5899:5906 transaction failed 29189/-3, size 0-0 line 3134 [ 596.719186] binder: 5893:5916 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.726211] binder: 5894:5921 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.726539] binder: 5899:5922 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.730735] binder: 5888:5917 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.776835] binder: BINDER_SET_CONTEXT_MGR already set [ 596.776842] binder: 5927:5934 ioctl 40046207 0 returned -16 [ 596.776959] binder: 5927:5934 BC_FREE_BUFFER u0000000000000000 no match [ 596.776964] binder: 5927:5934 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.776972] binder: 5927:5934 BC_INCREFS_DONE u0000000000000000 no match [ 596.776977] binder: 5927:5934 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.776987] binder: 5927:5934 Release 1 refcount change on invalid ref 0 ret -22 [ 596.776996] binder: 5927:5934 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.777066] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.777107] binder: 5927:5934 transaction failed 29189/-3, size 0-8 line 3134 [ 596.779120] binder_alloc: 5888: binder_alloc_buf, no vma [ 596.779159] binder: 5927:5934 transaction failed 29189/-3, size 0-0 line 3134 [ 596.833151] binder: 5939:5947 BC_FREE_BUFFER u0000000000000000 no match [ 596.833157] binder: 5939:5947 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.833168] binder: 5939:5947 BC_INCREFS_DONE u0000000000000000 node 36064 cookie mismatch 0000000000000001 != 0000000000000000 [ 596.833175] binder: 5939:5947 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.833184] binder: 5939:5947 Release 1 refcount change on invalid ref 0 ret -22 [ 596.833195] binder: 5939:5947 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.833263] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.833312] binder: 5939:5947 transaction failed 29189/-3, size 0-0 line 3134 [ 596.833494] binder: BINDER_SET_CONTEXT_MGR already set [ 596.833501] binder: 5946:5949 ioctl 40046207 0 returned -16 [ 596.833654] binder: 5946:5949 BC_FREE_BUFFER u0000000000000000 no match [ 596.833659] binder: 5946:5949 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.833666] binder: 5946:5949 BC_INCREFS_DONE u0000000000000000 no match [ 596.833671] binder: 5946:5949 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.833680] binder: 5946:5949 Release 1 refcount change on invalid ref 0 ret -22 [ 596.833687] binder: 5946:5949 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.833749] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.834010] binder: 5946:5949 transaction failed 29189/-3, size 0-8 line 3134 [ 596.834338] binder: BINDER_SET_CONTEXT_MGR already set [ 596.834345] binder: 5935:5936 ioctl 40046207 0 returned -16 [ 596.834446] binder: 5935:5936 BC_FREE_BUFFER u0000000000000000 no match [ 596.834451] binder: 5935:5936 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.834458] binder: 5935:5936 BC_INCREFS_DONE u0000000000000000 no match [ 596.834463] binder: 5935:5936 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.834474] binder: 5935:5936 Release 1 refcount change on invalid ref 0 ret -22 [ 596.834483] binder: 5935:5936 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.834627] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.834668] binder: 5935:5936 transaction failed 29189/-3, size 0-8 line 3134 [ 596.836069] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.836104] binder: 5935:5936 transaction failed 29189/-3, size 0-0 line 3134 [ 596.839908] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.839947] binder: 5939:5947 transaction failed 29189/-3, size 0-0 line 3134 [ 596.840325] binder: BINDER_SET_CONTEXT_MGR already set [ 596.840332] binder: 5944:5948 ioctl 40046207 0 returned -16 [ 596.841480] binder: 5944:5948 BC_FREE_BUFFER u0000000000000000 no match [ 596.841486] binder: 5944:5948 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.841494] binder: 5944:5948 BC_INCREFS_DONE u0000000000000000 no match [ 596.841500] binder: 5944:5948 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.841509] binder: 5944:5948 Release 1 refcount change on invalid ref 0 ret -22 [ 596.841517] binder: 5944:5948 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.841584] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.841697] binder: 5944:5948 transaction failed 29189/-3, size 0-8 line 3134 [ 596.846904] binder: BINDER_SET_CONTEXT_MGR already set [ 596.846911] binder: 5940:5952 ioctl 40046207 0 returned -16 [ 596.847112] binder: 5940:5952 BC_FREE_BUFFER u0000000000000000 no match [ 596.847117] binder: 5940:5952 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.847125] binder: 5940:5952 BC_INCREFS_DONE u0000000000000000 no match [ 596.847130] binder: 5940:5952 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.847138] binder: 5940:5952 Release 1 refcount change on invalid ref 0 ret -22 [ 596.847146] binder: 5940:5952 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.847211] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.847250] binder: 5940:5952 transaction failed 29189/-3, size 0-8 line 3134 [ 596.848619] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.848657] binder: 5940:5952 transaction failed 29189/-3, size 0-0 line 3134 [ 596.852786] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.852825] binder: 5944:5948 transaction failed 29189/-3, size 0-0 line 3134 [ 596.853374] binder: BINDER_SET_CONTEXT_MGR already set [ 596.853381] binder: 5942:5954 ioctl 40046207 0 returned -16 [ 596.853622] binder: 5942:5954 BC_FREE_BUFFER u0000000000000000 no match [ 596.853627] binder: 5942:5954 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.853635] binder: 5942:5954 BC_INCREFS_DONE u0000000000000000 no match [ 596.853639] binder: 5942:5954 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.853648] binder: 5942:5954 Release 1 refcount change on invalid ref 0 ret -22 [ 596.853713] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.853752] binder: 5942:5954 transaction failed 29189/-3, size 0-0 line 3134 [ 596.854499] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.854534] binder: 5942:5954 transaction failed 29189/-3, size 0-0 line 3134 [ 596.855665] binder: BINDER_SET_CONTEXT_MGR already set [ 596.855673] binder: 5945:5950 ioctl 40046207 0 returned -16 [ 596.855888] binder: 5945:5950 BC_FREE_BUFFER u0000000000000000 no match [ 596.855893] binder: 5945:5950 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.855900] binder: 5945:5950 BC_INCREFS_DONE u0000000000000000 no match [ 596.855905] binder: 5945:5950 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.855914] binder: 5945:5950 Release 1 refcount change on invalid ref 0 ret -22 [ 596.855921] binder: 5945:5950 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.855981] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.856020] binder: 5945:5950 transaction failed 29189/-3, size 0-8 line 3134 [ 596.857427] binder_alloc: 5939: binder_alloc_buf, no vma [ 596.857466] binder: 5945:5950 transaction failed 29189/-3, size 0-0 line 3134 [ 596.869004] binder: 5935:5941 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.869949] binder: 5939:5961 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.882991] binder: 5942:5970 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.932769] binder: 5946:5972 Acquire 1 refcount change on invalid ref 0 ret -22 [ 596.988120] binder: 5978:5983 BC_FREE_BUFFER u0000000000000000 no match [ 596.988126] binder: 5978:5983 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.988140] binder: 5978:5983 BC_INCREFS_DONE u0000000000000000 node 36080 cookie mismatch 0000000000000001 != 0000000000000000 [ 596.988148] binder: 5978:5983 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.988157] binder: 5978:5983 Release 1 refcount change on invalid ref 0 ret -22 [ 596.988165] binder: 5978:5983 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.988231] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.988275] binder: 5978:5983 transaction failed 29189/-3, size 0-8 line 3134 [ 596.989529] binder: BINDER_SET_CONTEXT_MGR already set [ 596.989536] binder: 5979:5986 ioctl 40046207 0 returned -16 [ 596.989550] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.989590] binder: 5978:5983 transaction failed 29189/-3, size 0-0 line 3134 [ 596.989631] binder: 5979:5986 BC_FREE_BUFFER u0000000000000000 no match [ 596.989635] binder: 5979:5986 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.989642] binder: 5979:5986 BC_INCREFS_DONE u0000000000000000 no match [ 596.989647] binder: 5979:5986 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.989657] binder: 5979:5986 Release 1 refcount change on invalid ref 0 ret -22 [ 596.989663] binder: 5979:5986 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.989729] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.989766] binder: 5979:5986 transaction failed 29189/-3, size 0-8 line 3134 [ 596.991221] binder: BINDER_SET_CONTEXT_MGR already set [ 596.991228] binder: 5978:5983 ioctl 40046207 0 returned -16 [ 596.993091] binder: BINDER_SET_CONTEXT_MGR already set [ 596.993098] binder: 5982:5989 ioctl 40046207 0 returned -16 [ 596.993226] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.993266] binder: 5979:5986 transaction failed 29189/-3, size 0-0 line 3134 [ 596.993380] binder: 5982:5989 BC_FREE_BUFFER u0000000000000000 no match [ 596.993385] binder: 5982:5989 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.993392] binder: 5982:5989 BC_INCREFS_DONE u0000000000000000 no match [ 596.993396] binder: 5982:5989 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.993405] binder: 5982:5989 Release 1 refcount change on invalid ref 0 ret -22 [ 596.993412] binder: 5982:5989 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.993468] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.993502] binder: 5982:5989 transaction failed 29189/-3, size 0-8 line 3134 [ 596.993918] binder: BINDER_SET_CONTEXT_MGR already set [ 596.993925] binder: 5980:5984 ioctl 40046207 0 returned -16 [ 596.994192] binder: 5980:5984 BC_FREE_BUFFER u0000000000000000 no match [ 596.994198] binder: 5980:5984 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.994205] binder: 5980:5984 BC_INCREFS_DONE u0000000000000000 no match [ 596.994209] binder: 5980:5984 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.994218] binder: 5980:5984 Release 1 refcount change on invalid ref 0 ret -22 [ 596.994226] binder: 5980:5984 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.994290] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.994330] binder: 5980:5984 transaction failed 29189/-3, size 0-0 line 3134 [ 596.995595] binder: BINDER_SET_CONTEXT_MGR already set [ 596.995602] binder: 5981:5990 ioctl 40046207 0 returned -16 [ 596.996276] binder: 5981:5990 BC_FREE_BUFFER u0000000000000000 no match [ 596.996281] binder: 5981:5990 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.996289] binder: 5981:5990 BC_INCREFS_DONE u0000000000000000 no match [ 596.996294] binder: 5981:5990 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 596.996304] binder: 5981:5990 Release 1 refcount change on invalid ref 0 ret -22 [ 596.996312] binder: 5981:5990 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 596.996716] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.996754] binder: 5981:5990 transaction failed 29189/-3, size 0-8 line 3134 [ 596.997439] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.997472] binder: 5982:5989 transaction failed 29189/-3, size 0-0 line 3134 [ 596.998847] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.998887] binder: 5980:5984 transaction failed 29189/-3, size 0-0 line 3134 [ 596.999038] binder_alloc: 5978: binder_alloc_buf, no vma [ 596.999077] binder: 5981:5990 transaction failed 29189/-3, size 0-0 line 3134 [ 597.004726] binder: BINDER_SET_CONTEXT_MGR already set [ 597.004733] binder: 5985:5992 ioctl 40046207 0 returned -16 [ 597.004821] binder: 5985:5992 BC_FREE_BUFFER u0000000000000000 no match [ 597.004826] binder: 5985:5992 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.004832] binder: 5985:5992 BC_INCREFS_DONE u0000000000000000 no match [ 597.004836] binder: 5985:5992 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.004845] binder: 5985:5992 Release 1 refcount change on invalid ref 0 ret -22 [ 597.004852] binder: 5985:5992 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.004915] binder_alloc: 5978: binder_alloc_buf, no vma [ 597.004953] binder: 5985:5992 transaction failed 29189/-3, size 0-8 line 3134 [ 597.007086] binder_alloc: 5978: binder_alloc_buf, no vma [ 597.007123] binder: 5985:5992 transaction failed 29189/-3, size 0-0 line 3134 [ 597.009290] binder: BINDER_SET_CONTEXT_MGR already set [ 597.009296] binder: 5987:5994 ioctl 40046207 0 returned -16 [ 597.010010] binder: 5987:5994 BC_FREE_BUFFER u0000000000000000 no match [ 597.010016] binder: 5987:5994 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.010024] binder: 5987:5994 BC_INCREFS_DONE u0000000000000000 no match [ 597.010028] binder: 5987:5994 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.010035] binder: 5987:5994 Release 1 refcount change on invalid ref 0 ret -22 [ 597.010042] binder: 5987:5994 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.010107] binder_alloc: 5978: binder_alloc_buf, no vma [ 597.010148] binder: 5987:5994 transaction failed 29189/-3, size 0-8 line 3134 [ 597.016298] binder: BINDER_SET_CONTEXT_MGR already set [ 597.016305] binder: 5988:5995 ioctl 40046207 0 returned -16 [ 597.016462] binder: 5988:5995 BC_FREE_BUFFER u0000000000000000 no match [ 597.016467] binder: 5988:5995 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.016474] binder: 5988:5995 BC_INCREFS_DONE u0000000000000000 no match [ 597.016480] binder: 5988:5995 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.016492] binder: 5988:5995 Release 1 refcount change on invalid ref 0 ret -22 [ 597.016723] binder_alloc: 5978: binder_alloc_buf, no vma [ 597.016815] binder: 5988:5995 transaction failed 29189/-3, size 0-0 line 3134 [ 597.023477] binder_alloc: 5978: binder_alloc_buf, no vma [ 597.023516] binder: 5988:5995 transaction failed 29189/-3, size 0-0 line 3134 [ 597.025496] binder: 5979:6001 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.036703] binder: 5980:6007 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.080213] binder: 5988:6013 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.107863] binder: 5987:6016 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.109979] binder: 6018:6020 BC_FREE_BUFFER u0000000000000000 no match [ 597.109985] binder: 6018:6020 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.109994] binder: 6018:6020 BC_INCREFS_DONE node 36098 has no pending increfs request [ 597.110000] binder: 6018:6020 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.110011] binder: 6018:6020 Release 1 refcount change on invalid ref 0 ret -22 [ 597.110021] binder: 6018:6020 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.110088] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.110130] binder: 6018:6020 transaction failed 29189/-3, size 0-8 line 3134 [ 597.116587] binder: BINDER_SET_CONTEXT_MGR already set [ 597.116595] binder: 6019:6021 ioctl 40046207 0 returned -16 [ 597.116686] binder: 6019:6021 BC_FREE_BUFFER u0000000000000000 no match [ 597.116692] binder: 6019:6021 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.116699] binder: 6019:6021 BC_INCREFS_DONE u0000000000000000 no match [ 597.116704] binder: 6019:6021 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.116714] binder: 6019:6021 Release 1 refcount change on invalid ref 0 ret -22 [ 597.116722] binder: 6019:6021 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.116790] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.116832] binder: 6019:6021 transaction failed 29189/-3, size 0-8 line 3134 [ 597.117092] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.117130] binder: 6018:6020 transaction failed 29189/-3, size 0-0 line 3134 [ 597.121484] binder: BINDER_SET_CONTEXT_MGR already set [ 597.121491] binder: 6018:6020 ioctl 40046207 0 returned -16 [ 597.133201] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.133241] binder: 6019:6021 transaction failed 29189/-3, size 0-0 line 3134 [ 597.139762] binder: BINDER_SET_CONTEXT_MGR already set [ 597.139776] binder: 6025:6027 ioctl 40046207 0 returned -16 [ 597.139862] binder: 6025:6027 BC_FREE_BUFFER u0000000000000000 no match [ 597.139867] binder: 6025:6027 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.139875] binder: 6025:6027 BC_INCREFS_DONE u0000000000000000 no match [ 597.139878] binder: 6025:6027 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.139888] binder: 6025:6027 Release 1 refcount change on invalid ref 0 ret -22 [ 597.139896] binder: 6025:6027 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.139954] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.139987] binder: 6025:6027 transaction failed 29189/-3, size 0-8 line 3134 [ 597.141512] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.141551] binder: 6025:6027 transaction failed 29189/-3, size 0-0 line 3134 [ 597.142044] binder: BINDER_SET_CONTEXT_MGR already set [ 597.142051] binder: 6024:6029 ioctl 40046207 0 returned -16 [ 597.148486] binder: BINDER_SET_CONTEXT_MGR already set [ 597.148493] binder: 6023:6031 ioctl 40046207 0 returned -16 [ 597.148612] binder: 6023:6031 BC_FREE_BUFFER u0000000000000000 no match [ 597.148617] binder: 6023:6031 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.148624] binder: 6023:6031 BC_INCREFS_DONE u0000000000000000 no match [ 597.148628] binder: 6023:6031 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.148639] binder: 6023:6031 Release 1 refcount change on invalid ref 0 ret -22 [ 597.148648] binder: 6023:6031 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.148711] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.148749] binder: 6023:6031 transaction failed 29189/-3, size 0-8 line 3134 [ 597.150605] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.150688] binder: 6023:6031 transaction failed 29189/-3, size 0-0 line 3134 [ 597.152797] binder: 6024:6029 BC_FREE_BUFFER u0000000000000000 no match [ 597.152803] binder: 6024:6029 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.152813] binder: 6024:6029 BC_INCREFS_DONE u0000000000000000 no match [ 597.152818] binder: 6024:6029 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.152828] binder: 6024:6029 Release 1 refcount change on invalid ref 0 ret -22 [ 597.152835] binder: 6024:6029 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.152903] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.152944] binder: 6024:6029 transaction failed 29189/-3, size 0-8 line 3134 [ 597.159548] binder_alloc: 6018: binder_alloc_buf, no vma [ 597.159587] binder: 6024:6029 transaction failed 29189/-3, size 0-0 line 3134 [ 597.185884] binder: 6032:6040 BC_FREE_BUFFER u0000000000000000 no match [ 597.185890] binder: 6032:6040 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.185902] binder: 6032:6040 BC_INCREFS_DONE u0000000000000000 node 36111 cookie mismatch 0000000000000001 != 0000000000000000 [ 597.185910] binder: 6032:6040 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.185920] binder: 6032:6040 Release 1 refcount change on invalid ref 0 ret -22 [ 597.185931] binder: 6032:6040 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.185998] binder_alloc: 6032: binder_alloc_buf, no vma [ 597.186037] binder: 6032:6040 transaction failed 29189/-3, size 0-0 line 3134 [ 597.189569] binder_alloc: 6032: binder_alloc_buf, no vma [ 597.189607] binder: 6032:6040 transaction failed 29189/-3, size 0-0 line 3134 [ 597.190530] binder: 6024:6049 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.202543] binder: BINDER_SET_CONTEXT_MGR already set [ 597.202550] binder: 6039:6045 ioctl 40046207 0 returned -16 [ 597.202660] binder: 6039:6045 BC_FREE_BUFFER u0000000000000000 no match [ 597.202665] binder: 6039:6045 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.202672] binder: 6039:6045 BC_INCREFS_DONE u0000000000000000 no match [ 597.202681] binder: 6039:6045 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.202782] binder: 6039:6045 Release 1 refcount change on invalid ref 0 ret -22 [ 597.202790] binder: 6039:6045 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.202854] binder_alloc: 6032: binder_alloc_buf, no vma [ 597.202894] binder: 6039:6045 transaction failed 29189/-3, size 0-8 line 3134 [ 597.213107] binder: BINDER_SET_CONTEXT_MGR already set [ 597.213115] binder: 6035:6047 ioctl 40046207 0 returned -16 [ 597.214289] binder: 6035:6047 BC_FREE_BUFFER u0000000000000000 no match [ 597.214295] binder: 6035:6047 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.214303] binder: 6035:6047 BC_INCREFS_DONE u0000000000000000 no match [ 597.214308] binder: 6035:6047 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.214318] binder: 6035:6047 Release 1 refcount change on invalid ref 0 ret -22 [ 597.214389] binder_alloc: 6032: binder_alloc_buf, no vma [ 597.214430] binder: 6035:6047 transaction failed 29189/-3, size 0-0 line 3134 [ 597.227611] binder_alloc: 6032: binder_alloc_buf, no vma [ 597.227651] binder: 6035:6047 transaction failed 29189/-3, size 0-0 line 3134 [ 597.230897] binder: 6032:6053 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.252814] binder: 6035:6052 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.282905] binder: 6039:6060 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.368333] binder: 6061:6063 BC_FREE_BUFFER u0000000000000000 no match [ 597.368338] binder: 6061:6063 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.368350] binder: 6061:6063 BC_INCREFS_DONE u0000000000000000 node 36117 cookie mismatch 0000000000000001 != 0000000000000000 [ 597.368357] binder: 6061:6063 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.368368] binder: 6061:6063 Release 1 refcount change on invalid ref 0 ret -22 [ 597.368378] binder: 6061:6063 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.368445] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.368485] binder: 6061:6063 transaction failed 29189/-3, size 0-8 line 3134 [ 597.370049] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.370083] binder: BINDER_SET_CONTEXT_MGR already set [ 597.370093] binder: 6061:6063 transaction failed 29189/-3, size 0-0 line 3134 [ 597.370098] binder: 6062:6065 ioctl 40046207 0 returned -16 [ 597.370194] binder: 6062:6065 BC_FREE_BUFFER u0000000000000000 no match [ 597.370198] binder: 6062:6065 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.370205] binder: 6062:6065 BC_INCREFS_DONE u0000000000000000 no match [ 597.370210] binder: 6062:6065 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.370220] binder: 6062:6065 Release 1 refcount change on invalid ref 0 ret -22 [ 597.370228] binder: 6062:6065 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.370440] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.370478] binder: 6062:6065 transaction failed 29189/-3, size 0-8 line 3134 [ 597.372849] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.372887] binder: 6062:6065 transaction failed 29189/-3, size 0-0 line 3134 [ 597.386993] binder: BINDER_SET_CONTEXT_MGR already set [ 597.387000] binder: 6064:6068 ioctl 40046207 0 returned -16 [ 597.387118] binder: 6064:6068 BC_FREE_BUFFER u0000000000000000 no match [ 597.387124] binder: 6064:6068 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.387131] binder: 6064:6068 BC_INCREFS_DONE u0000000000000000 no match [ 597.387136] binder: 6064:6068 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.387146] binder: 6064:6068 Release 1 refcount change on invalid ref 0 ret -22 [ 597.387155] binder: 6064:6068 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.387226] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.387325] binder: 6064:6068 transaction failed 29189/-3, size 0-8 line 3134 [ 597.389409] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.389450] binder: 6064:6068 transaction failed 29189/-3, size 0-0 line 3134 [ 597.390251] binder: BINDER_SET_CONTEXT_MGR already set [ 597.390257] binder: 6067:6070 ioctl 40046207 0 returned -16 [ 597.390571] binder: 6067:6070 BC_FREE_BUFFER u0000000000000000 no match [ 597.390576] binder: 6067:6070 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.390584] binder: 6067:6070 BC_INCREFS_DONE u0000000000000000 no match [ 597.390588] binder: 6067:6070 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.390597] binder: 6067:6070 Release 1 refcount change on invalid ref 0 ret -22 [ 597.390604] binder: 6067:6070 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.390668] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.390708] binder: 6067:6070 transaction failed 29189/-3, size 0-8 line 3134 [ 597.391696] binder: BINDER_SET_CONTEXT_MGR already set [ 597.391703] binder: 6066:6073 ioctl 40046207 0 returned -16 [ 597.392708] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.392746] binder: 6067:6070 transaction failed 29189/-3, size 0-0 line 3134 [ 597.392823] binder: 6066:6073 BC_FREE_BUFFER u0000000000000000 no match [ 597.392828] binder: 6066:6073 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.392836] binder: 6066:6073 BC_INCREFS_DONE u0000000000000000 no match [ 597.392840] binder: 6066:6073 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.392848] binder: 6066:6073 Release 1 refcount change on invalid ref 0 ret -22 [ 597.392857] binder: 6066:6073 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.392921] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.392963] binder: 6066:6073 transaction failed 29189/-3, size 0-8 line 3134 [ 597.396771] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.396853] binder: 6066:6073 transaction failed 29189/-3, size 0-0 line 3134 [ 597.401659] binder: BINDER_SET_CONTEXT_MGR already set [ 597.401666] binder: 6071:6078 ioctl 40046207 0 returned -16 [ 597.401787] binder: 6071:6078 BC_FREE_BUFFER u0000000000000000 no match [ 597.401791] binder: 6071:6078 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.401799] binder: 6071:6078 BC_INCREFS_DONE u0000000000000000 no match [ 597.401804] binder: 6071:6078 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.401814] binder: 6071:6078 Release 1 refcount change on invalid ref 0 ret -22 [ 597.401823] binder: 6071:6078 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.401888] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.401926] binder: 6071:6078 transaction failed 29189/-3, size 0-0 line 3134 [ 597.403782] binder: BINDER_SET_CONTEXT_MGR already set [ 597.403789] binder: 6066:6073 ioctl 40046207 0 returned -16 [ 597.404027] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.404065] binder: 6071:6078 transaction failed 29189/-3, size 0-0 line 3134 [ 597.404958] binder: BINDER_SET_CONTEXT_MGR already set [ 597.404965] binder: 6075:6081 ioctl 40046207 0 returned -16 [ 597.405180] binder: 6075:6081 BC_FREE_BUFFER u0000000000000000 no match [ 597.405184] binder: 6075:6081 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.405192] binder: 6075:6081 BC_INCREFS_DONE u0000000000000000 no match [ 597.405196] binder: 6075:6081 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.405205] binder: 6075:6081 Release 1 refcount change on invalid ref 0 ret -22 [ 597.405269] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.405312] binder: 6075:6081 transaction failed 29189/-3, size 0-0 line 3134 [ 597.409352] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.409392] binder: 6075:6081 transaction failed 29189/-3, size 0-0 line 3134 [ 597.415737] binder: BINDER_SET_CONTEXT_MGR already set [ 597.415743] binder: 6072:6083 ioctl 40046207 0 returned -16 [ 597.416114] binder: 6072:6083 BC_FREE_BUFFER u0000000000000000 no match [ 597.416119] binder: 6072:6083 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.416126] binder: 6072:6083 BC_INCREFS_DONE u0000000000000000 no match [ 597.416130] binder: 6072:6083 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.416140] binder: 6072:6083 Release 1 refcount change on invalid ref 0 ret -22 [ 597.416147] binder: 6072:6083 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.416209] binder_alloc: 6061: binder_alloc_buf, no vma [ 597.416248] binder: 6072:6083 transaction failed 29189/-3, size 0-8 line 3134 [ 597.420970] binder: 6064:6087 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.457401] binder: 6071:6092 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.457586] binder: 6075:6093 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.484806] binder: 6096:6103 BC_FREE_BUFFER u0000000000000000 no match [ 597.484814] binder: 6096:6103 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.484824] binder: 6096:6103 BC_INCREFS_DONE u0000000000000000 node 36136 cookie mismatch 0000000000000001 != 0000000000000000 [ 597.484829] binder: 6096:6103 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.484839] binder: 6096:6103 Release 1 refcount change on invalid ref 0 ret -22 [ 597.484848] binder: 6096:6103 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.484915] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.484952] binder: 6096:6103 transaction failed 29189/-3, size 0-8 line 3134 [ 597.488986] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.489025] binder: 6096:6103 transaction failed 29189/-3, size 0-0 line 3134 [ 597.489119] binder: 6072:6094 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.522766] binder: BINDER_SET_CONTEXT_MGR already set [ 597.522773] binder: 6104:6108 ioctl 40046207 0 returned -16 [ 597.522873] binder: 6104:6108 BC_FREE_BUFFER u0000000000000000 no match [ 597.522878] binder: 6104:6108 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.522886] binder: 6104:6108 BC_INCREFS_DONE u0000000000000000 no match [ 597.522890] binder: 6104:6108 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.522901] binder: 6104:6108 Release 1 refcount change on invalid ref 0 ret -22 [ 597.522910] binder: 6104:6108 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.522981] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.523022] binder: 6104:6108 transaction failed 29189/-3, size 0-8 line 3134 [ 597.528783] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.528824] binder: 6104:6108 transaction failed 29189/-3, size 0-0 line 3134 [ 597.532448] binder: BINDER_SET_CONTEXT_MGR already set [ 597.532455] binder: 6102:6113 ioctl 40046207 0 returned -16 [ 597.532595] binder: 6102:6113 BC_FREE_BUFFER u0000000000000000 no match [ 597.532600] binder: 6102:6113 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.532608] binder: 6102:6113 BC_INCREFS_DONE u0000000000000000 no match [ 597.532613] binder: 6102:6113 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.532623] binder: 6102:6113 Release 1 refcount change on invalid ref 0 ret -22 [ 597.532632] binder: 6102:6113 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.535798] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.535837] binder: 6102:6113 transaction failed 29189/-3, size 0-8 line 3134 [ 597.541210] binder: BINDER_SET_CONTEXT_MGR already set [ 597.541218] binder: 6107:6110 ioctl 40046207 0 returned -16 [ 597.541358] binder: 6107:6110 BC_FREE_BUFFER u0000000000000000 no match [ 597.541363] binder: 6107:6110 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.541371] binder: 6107:6110 BC_INCREFS_DONE u0000000000000000 no match [ 597.541376] binder: 6107:6110 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.541389] binder: 6107:6110 Release 1 refcount change on invalid ref 0 ret -22 [ 597.541398] binder: 6107:6110 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.541466] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.541506] binder: 6107:6110 transaction failed 29189/-3, size 0-8 line 3134 [ 597.543051] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.543090] binder: 6107:6110 transaction failed 29189/-3, size 0-0 line 3134 [ 597.545876] binder: BINDER_SET_CONTEXT_MGR already set [ 597.545883] binder: 6107:6110 ioctl 40046207 0 returned -16 [ 597.546053] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.546090] binder: 6102:6113 transaction failed 29189/-3, size 0-0 line 3134 [ 597.546483] binder: BINDER_SET_CONTEXT_MGR already set [ 597.546489] binder: 6114:6121 ioctl 40046207 0 returned -16 [ 597.546611] binder: 6114:6121 BC_FREE_BUFFER u0000000000000000 no match [ 597.546616] binder: 6114:6121 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.546624] binder: 6114:6121 BC_INCREFS_DONE u0000000000000000 no match [ 597.546629] binder: 6114:6121 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.546638] binder: 6114:6121 Release 1 refcount change on invalid ref 0 ret -22 [ 597.546647] binder: 6114:6121 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.546713] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.546760] binder: 6114:6121 transaction failed 29189/-3, size 0-0 line 3134 [ 597.547682] binder_alloc: 6096: binder_alloc_buf, no vma [ 597.547720] binder: 6114:6121 transaction failed 29189/-3, size 0-0 line 3134 [ 597.570326] binder: 6116:6124 BC_FREE_BUFFER u0000000000000000 no match [ 597.570332] binder: 6116:6124 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.570343] binder: 6116:6124 BC_INCREFS_DONE u0000000000000000 node 36150 cookie mismatch 0000000000000001 != 0000000000000000 [ 597.570349] binder: 6116:6124 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.570357] binder: 6116:6124 Release 1 refcount change on invalid ref 0 ret -22 [ 597.570427] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.570468] binder: 6116:6124 transaction failed 29189/-3, size 0-0 line 3134 [ 597.572008] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.572045] binder: 6116:6124 transaction failed 29189/-3, size 0-0 line 3134 [ 597.580149] binder: BINDER_SET_CONTEXT_MGR already set [ 597.580155] binder: 6120:6127 ioctl 40046207 0 returned -16 [ 597.580784] binder: 6120:6127 BC_FREE_BUFFER u0000000000000000 no match [ 597.580792] binder: 6120:6127 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.580986] binder: 6120:6127 BC_INCREFS_DONE u0000000000000000 no match [ 597.580991] binder: 6120:6127 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.581002] binder: 6120:6127 Release 1 refcount change on invalid ref 0 ret -22 [ 597.581011] binder: 6120:6127 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.581083] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.581126] binder: 6120:6127 transaction failed 29189/-3, size 0-8 line 3134 [ 597.584869] binder: BINDER_SET_CONTEXT_MGR already set [ 597.584876] binder: 6119:6128 ioctl 40046207 0 returned -16 [ 597.584971] binder: 6119:6128 BC_FREE_BUFFER u0000000000000000 no match [ 597.584976] binder: 6119:6128 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.584983] binder: 6119:6128 BC_INCREFS_DONE u0000000000000000 no match [ 597.584987] binder: 6119:6128 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.584996] binder: 6119:6128 Release 1 refcount change on invalid ref 0 ret -22 [ 597.585005] binder: 6119:6128 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.585067] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.585170] binder: 6119:6128 transaction failed 29189/-3, size 0-8 line 3134 [ 597.605474] binder: 6114:6131 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.608970] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.609013] binder: 6119:6128 transaction failed 29189/-3, size 0-0 line 3134 [ 597.611744] binder: 6116:6138 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.618786] binder: BINDER_SET_CONTEXT_MGR already set [ 597.618793] binder: 6132:6141 ioctl 40046207 0 returned -16 [ 597.618903] binder: 6132:6141 BC_FREE_BUFFER u0000000000000000 no match [ 597.618908] binder: 6132:6141 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.618915] binder: 6132:6141 BC_INCREFS_DONE u0000000000000000 no match [ 597.618919] binder: 6132:6141 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.618929] binder: 6132:6141 Release 1 refcount change on invalid ref 0 ret -22 [ 597.618937] binder: 6132:6141 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.619000] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.619040] binder: 6132:6141 transaction failed 29189/-3, size 0-8 line 3134 [ 597.624072] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.624110] binder: 6132:6141 transaction failed 29189/-3, size 0-0 line 3134 [ 597.632947] binder: BINDER_SET_CONTEXT_MGR already set [ 597.632954] binder: 6142:6144 ioctl 40046207 0 returned -16 [ 597.633069] binder: 6142:6144 BC_FREE_BUFFER u0000000000000000 no match [ 597.633074] binder: 6142:6144 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.633082] binder: 6142:6144 BC_INCREFS_DONE u0000000000000000 no match [ 597.633094] binder: 6142:6144 Release 1 refcount change on invalid ref 0 ret -22 [ 597.633101] binder: 6142:6144 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.633169] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.633209] binder: 6142:6144 transaction failed 29189/-3, size 0-8 line 3134 [ 597.634476] binder_alloc: 6116: binder_alloc_buf, no vma [ 597.634511] binder: 6142:6144 transaction failed 29189/-3, size 0-0 line 3134 [ 597.634898] binder: BINDER_SET_CONTEXT_MGR already set [ 597.634904] binder: 6142:6144 ioctl 40046207 0 returned -16 [ 597.658981] binder: 6119:6146 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.661630] binder: 6120:6152 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.742259] binder: BINDER_SET_CONTEXT_MGR already set [ 597.742524] binder: 6163:6168 BC_FREE_BUFFER u0000000000000000 no match [ 597.742529] binder: 6163:6168 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.742541] binder: 6163:6168 BC_INCREFS_DONE u0000000000000000 node 36161 cookie mismatch 0000000000000001 != 0000000000000000 [ 597.742548] binder: 6163:6168 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.742558] binder: 6163:6168 Release 1 refcount change on invalid ref 0 ret -22 [ 597.742569] binder: 6163:6168 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.742594] binder: 6157:6161 ioctl 40046207 0 returned -16 [ 597.742706] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.742747] binder: 6163:6168 transaction failed 29189/-3, size 0-8 line 3134 [ 597.743767] binder: 6157:6161 BC_FREE_BUFFER u0000000000000000 no match [ 597.743771] binder: 6157:6161 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.743778] binder: 6157:6161 BC_INCREFS_DONE u0000000000000000 no match [ 597.743783] binder: 6157:6161 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.743791] binder: 6157:6161 Release 1 refcount change on invalid ref 0 ret -22 [ 597.743798] binder: 6157:6161 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.743860] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.743897] binder: 6157:6161 transaction failed 29189/-3, size 0-8 line 3134 [ 597.745948] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.745984] binder: 6157:6161 transaction failed 29189/-3, size 0-0 line 3134 [ 597.748641] binder: BINDER_SET_CONTEXT_MGR already set [ 597.748648] binder: 6162:6164 ioctl 40046207 0 returned -16 [ 597.748769] binder: 6162:6164 BC_FREE_BUFFER u0000000000000000 no match [ 597.748774] binder: 6162:6164 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.748781] binder: 6162:6164 BC_INCREFS_DONE u0000000000000000 no match [ 597.748789] binder: 6162:6164 Release 1 refcount change on invalid ref 0 ret -22 [ 597.748796] binder: 6162:6164 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.748863] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.748903] binder: 6162:6164 transaction failed 29189/-3, size 0-8 line 3134 [ 597.749343] binder: BINDER_SET_CONTEXT_MGR already set [ 597.749349] binder: 6160:6166 ioctl 40046207 0 returned -16 [ 597.750056] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.750097] binder: 6163:6168 transaction failed 29189/-3, size 0-0 line 3134 [ 597.750133] binder: 6160:6166 BC_FREE_BUFFER u0000000000000000 no match [ 597.750138] binder: 6160:6166 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.750145] binder: 6160:6166 BC_INCREFS_DONE u0000000000000000 no match [ 597.750151] binder: 6160:6166 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.750161] binder: 6160:6166 Release 1 refcount change on invalid ref 0 ret -22 [ 597.750171] binder: 6160:6166 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.750221] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.750235] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.750259] binder: 6162:6164 transaction failed 29189/-3, size 0-0 line 3134 [ 597.750281] binder: 6160:6166 transaction failed 29189/-3, size 0-0 line 3134 [ 597.752175] binder: BINDER_SET_CONTEXT_MGR already set [ 597.752184] binder: 6162:6164 ioctl 40046207 0 returned -16 [ 597.753719] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.753760] binder: 6160:6166 transaction failed 29189/-3, size 0-0 line 3134 [ 597.754008] binder: BINDER_SET_CONTEXT_MGR already set [ 597.754015] binder: 6165:6169 ioctl 40046207 0 returned -16 [ 597.754280] binder: 6165:6169 BC_FREE_BUFFER u0000000000000000 no match [ 597.754285] binder: 6165:6169 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.754293] binder: 6165:6169 BC_INCREFS_DONE u0000000000000000 no match [ 597.754297] binder: 6165:6169 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.754306] binder: 6165:6169 Release 1 refcount change on invalid ref 0 ret -22 [ 597.754315] binder: 6165:6169 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.754380] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.754416] binder: 6165:6169 transaction failed 29189/-3, size 0-8 line 3134 [ 597.756051] binder: BINDER_SET_CONTEXT_MGR already set [ 597.756057] binder: 6158:6170 ioctl 40046207 0 returned -16 [ 597.756369] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.756408] binder: 6165:6169 transaction failed 29189/-3, size 0-0 line 3134 [ 597.756653] binder: 6158:6170 BC_FREE_BUFFER u0000000000000000 no match [ 597.756658] binder: 6158:6170 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.756665] binder: 6158:6170 BC_INCREFS_DONE u0000000000000000 no match [ 597.756669] binder: 6158:6170 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.756678] binder: 6158:6170 Release 1 refcount change on invalid ref 0 ret -22 [ 597.756686] binder: 6158:6170 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.756752] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.756793] binder: 6158:6170 transaction failed 29189/-3, size 0-8 line 3134 [ 597.757425] binder: BINDER_SET_CONTEXT_MGR already set [ 597.757431] binder: 6167:6173 ioctl 40046207 0 returned -16 [ 597.757543] binder: 6167:6173 BC_FREE_BUFFER u0000000000000000 no match [ 597.757548] binder: 6167:6173 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.757555] binder: 6167:6173 BC_INCREFS_DONE u0000000000000000 no match [ 597.757560] binder: 6167:6173 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.757570] binder: 6167:6173 Release 1 refcount change on invalid ref 0 ret -22 [ 597.757579] binder: 6167:6173 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.757647] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.757686] binder: 6167:6173 transaction failed 29189/-3, size 0-8 line 3134 [ 597.757769] binder: BINDER_SET_CONTEXT_MGR already set [ 597.757776] binder: 6159:6171 ioctl 40046207 0 returned -16 [ 597.758003] binder: 6159:6171 BC_FREE_BUFFER u0000000000000000 no match [ 597.758007] binder: 6159:6171 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.758015] binder: 6159:6171 BC_INCREFS_DONE u0000000000000000 no match [ 597.758019] binder: 6159:6171 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.758028] binder: 6159:6171 Release 1 refcount change on invalid ref 0 ret -22 [ 597.758095] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.758135] binder: 6159:6171 transaction failed 29189/-3, size 0-0 line 3134 [ 597.761105] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.761144] binder: 6158:6170 transaction failed 29189/-3, size 0-0 line 3134 [ 597.762531] binder_alloc: 6163: binder_alloc_buf, no vma [ 597.762571] binder: 6159:6171 transaction failed 29189/-3, size 0-0 line 3134 [ 597.793013] binder: 6160:6186 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.793400] binder: 6165:6188 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.794744] binder: 6159:6185 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.831788] binder: 6167:6195 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.885651] binder: 6198:6200 BC_FREE_BUFFER u0000000000000000 no match [ 597.885656] binder: 6198:6200 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.885665] binder: 6198:6200 BC_INCREFS_DONE u0000000000000000 node 36180 cookie mismatch 0000000000000001 != 0000000000000000 [ 597.885671] binder: 6198:6200 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.885680] binder: 6198:6200 Release 1 refcount change on invalid ref 0 ret -22 [ 597.885689] binder: 6198:6200 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.885748] binder_alloc: 6198: binder_alloc_buf, no vma [ 597.885784] binder: 6198:6200 transaction failed 29189/-3, size 0-8 line 3134 [ 597.886947] binder_alloc: 6198: binder_alloc_buf, no vma [ 597.886985] binder: 6198:6200 transaction failed 29189/-3, size 0-0 line 3134 [ 597.901935] binder: BINDER_SET_CONTEXT_MGR already set [ 597.901942] binder: 6199:6201 ioctl 40046207 0 returned -16 [ 597.902030] binder: 6199:6201 BC_FREE_BUFFER u0000000000000000 no match [ 597.902036] binder: 6199:6201 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.902043] binder: 6199:6201 BC_INCREFS_DONE u0000000000000000 no match [ 597.902048] binder: 6199:6201 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.902059] binder: 6199:6201 Release 1 refcount change on invalid ref 0 ret -22 [ 597.902068] binder: 6199:6201 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.902136] binder_alloc: 6198: binder_alloc_buf, no vma [ 597.902177] binder: 6199:6201 transaction failed 29189/-3, size 0-0 line 3134 [ 597.902769] binder_alloc: 6198: binder_alloc_buf, no vma [ 597.902802] binder: 6199:6201 transaction failed 29189/-3, size 0-0 line 3134 [ 597.927422] binder: 6199:6207 Acquire 1 refcount change on invalid ref 0 ret -22 [ 597.986053] binder: 6210:6214 BC_FREE_BUFFER u0000000000000000 no match [ 597.986059] binder: 6210:6214 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.986073] binder: 6210:6214 BC_INCREFS_DONE u0000000000000000 node 36186 cookie mismatch 0000000000000001 != 0000000000000000 [ 597.986078] binder: 6210:6214 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.986086] binder: 6210:6214 Release 1 refcount change on invalid ref 0 ret -22 [ 597.986096] binder: 6210:6214 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.986154] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.986191] binder: 6210:6214 transaction failed 29189/-3, size 0-8 line 3134 [ 597.986644] binder: BINDER_SET_CONTEXT_MGR already set [ 597.986651] binder: 6209:6215 ioctl 40046207 0 returned -16 [ 597.986830] binder: BINDER_SET_CONTEXT_MGR already set [ 597.986837] binder: 6208:6218 ioctl 40046207 0 returned -16 [ 597.986984] binder: 6208:6218 BC_FREE_BUFFER u0000000000000000 no match [ 597.986989] binder: 6208:6218 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.986997] binder: 6208:6218 BC_INCREFS_DONE u0000000000000000 no match [ 597.987002] binder: 6208:6218 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.987012] binder: 6208:6218 Release 1 refcount change on invalid ref 0 ret -22 [ 597.987016] binder: 6209:6215 BC_FREE_BUFFER u0000000000000000 no match [ 597.987022] binder: 6208:6218 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.987025] binder: 6209:6215 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.987032] binder: 6209:6215 BC_INCREFS_DONE u0000000000000000 no match [ 597.987036] binder: 6209:6215 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.987044] binder: 6209:6215 Release 1 refcount change on invalid ref 0 ret -22 [ 597.987051] binder: 6209:6215 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.987091] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.987114] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.987131] binder: 6208:6218 transaction failed 29189/-3, size 0-8 line 3134 [ 597.987152] binder: 6209:6215 transaction failed 29189/-3, size 0-8 line 3134 [ 597.991245] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.991428] binder: 6209:6215 transaction failed 29189/-3, size 0-0 line 3134 [ 597.991861] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.991901] binder: 6208:6218 transaction failed 29189/-3, size 0-0 line 3134 [ 597.994519] binder: BINDER_SET_CONTEXT_MGR already set [ 597.994525] binder: 6212:6219 ioctl 40046207 0 returned -16 [ 597.994603] binder: 6212:6219 BC_FREE_BUFFER u0000000000000000 no match [ 597.994607] binder: 6212:6219 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.994614] binder: 6212:6219 BC_INCREFS_DONE u0000000000000000 no match [ 597.994618] binder: 6212:6219 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.994625] binder: 6212:6219 Release 1 refcount change on invalid ref 0 ret -22 [ 597.994633] binder: 6212:6219 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.994753] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.994792] binder: 6212:6219 transaction failed 29189/-3, size 0-0 line 3134 [ 597.995328] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.995752] binder: 6212:6219 transaction failed 29189/-3, size 0-0 line 3134 [ 597.996192] binder: BINDER_SET_CONTEXT_MGR already set [ 597.996197] binder: 6213:6221 ioctl 40046207 0 returned -16 [ 597.996275] binder: 6213:6221 BC_FREE_BUFFER u0000000000000000 no match [ 597.996279] binder: 6213:6221 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.996285] binder: 6213:6221 BC_INCREFS_DONE u0000000000000000 no match [ 597.996288] binder: 6213:6221 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.996296] binder: 6213:6221 Release 1 refcount change on invalid ref 0 ret -22 [ 597.996360] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.996471] binder: 6213:6221 transaction failed 29189/-3, size 0-0 line 3134 [ 597.997067] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.997071] binder: BINDER_SET_CONTEXT_MGR already set [ 597.997077] binder: 6211:6220 ioctl 40046207 0 returned -16 [ 597.997107] binder: 6213:6221 transaction failed 29189/-3, size 0-0 line 3134 [ 597.997169] binder: 6211:6220 BC_FREE_BUFFER u0000000000000000 no match [ 597.997174] binder: 6211:6220 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.997182] binder: 6211:6220 BC_INCREFS_DONE u0000000000000000 no match [ 597.997186] binder: 6211:6220 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.997194] binder: 6211:6220 Release 1 refcount change on invalid ref 0 ret -22 [ 597.997201] binder: 6211:6220 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.997273] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.997314] binder: 6211:6220 transaction failed 29189/-3, size 0-8 line 3134 [ 597.998154] binder: BINDER_SET_CONTEXT_MGR already set [ 597.998161] binder: 6217:6222 ioctl 40046207 0 returned -16 [ 597.998290] binder: 6217:6222 BC_FREE_BUFFER u0000000000000000 no match [ 597.998295] binder: 6217:6222 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.998302] binder: 6217:6222 BC_INCREFS_DONE u0000000000000000 no match [ 597.998307] binder: 6217:6222 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 597.998316] binder: 6217:6222 Release 1 refcount change on invalid ref 0 ret -22 [ 597.998325] binder: 6217:6222 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 597.998382] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.998417] binder: 6217:6222 transaction failed 29189/-3, size 0-8 line 3134 [ 597.999333] binder_alloc: 6210: binder_alloc_buf, no vma [ 597.999368] binder: 6211:6220 transaction failed 29189/-3, size 0-0 line 3134 [ 598.001169] binder_alloc: 6210: binder_alloc_buf, no vma [ 598.001208] binder: 6217:6222 transaction failed 29189/-3, size 0-0 line 3134 [ 598.002272] binder: BINDER_SET_CONTEXT_MGR already set [ 598.002279] binder: 6216:6223 ioctl 40046207 0 returned -16 [ 598.002506] binder: 6216:6223 BC_FREE_BUFFER u0000000000000000 no match [ 598.002511] binder: 6216:6223 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.002518] binder: 6216:6223 BC_INCREFS_DONE u0000000000000000 no match [ 598.002527] binder: 6216:6223 Release 1 refcount change on invalid ref 0 ret -22 [ 598.002535] binder: 6216:6223 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.002603] binder_alloc: 6210: binder_alloc_buf, no vma [ 598.002638] binder: 6216:6223 transaction failed 29189/-3, size 0-8 line 3134 [ 598.004772] binder_alloc: 6210: binder_alloc_buf, no vma [ 598.004809] binder: 6216:6223 transaction failed 29189/-3, size 0-0 line 3134 [ 598.005930] binder: BINDER_SET_CONTEXT_MGR already set [ 598.005936] binder: 6216:6223 ioctl 40046207 0 returned -16 [ 598.030590] binder: 6213:6235 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.031968] binder: 6208:6233 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.032165] binder: 6212:6236 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.064497] binder: 6210:6247 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.114563] binder: BINDER_SET_CONTEXT_MGR already set [ 598.114571] binder: 6249:6251 ioctl 40046207 0 returned -16 [ 598.114664] binder: 6249:6251 BC_FREE_BUFFER u0000000000000000 no match [ 598.114669] binder: 6249:6251 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.114677] binder: 6249:6251 BC_INCREFS_DONE u0000000000000000 no match [ 598.114681] binder: 6249:6251 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.114691] binder: 6249:6251 Release 1 refcount change on invalid ref 0 ret -22 [ 598.114699] binder: 6249:6251 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.114765] binder_alloc: 6210: binder_alloc_buf, no vma [ 598.114805] binder: 6249:6251 transaction failed 29189/-3, size 0-8 line 3134 [ 598.116013] binder_alloc: 6210: binder_alloc_buf, no vma [ 598.116050] binder: 6249:6251 transaction failed 29189/-3, size 0-0 line 3134 [ 598.120607] binder: BINDER_SET_CONTEXT_MGR already set [ 598.120614] binder: 6250:6252 ioctl 40046207 0 returned -16 [ 598.120707] binder: 6250:6252 BC_FREE_BUFFER u0000000000000000 no match [ 598.120712] binder: 6250:6252 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.120719] binder: 6250:6252 BC_INCREFS_DONE u0000000000000000 no match [ 598.120723] binder: 6250:6252 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.120733] binder: 6250:6252 Release 1 refcount change on invalid ref 0 ret -22 [ 598.120800] binder_alloc: 6210: binder_alloc_buf, no vma [ 598.120841] binder: 6250:6252 transaction failed 29189/-3, size 0-0 line 3134 [ 598.121460] binder_alloc: 6210: binder_alloc_buf, no vma [ 598.121496] binder: 6250:6252 transaction failed 29189/-3, size 0-0 line 3134 [ 598.149692] binder: BINDER_SET_CONTEXT_MGR already set [ 598.149700] binder: 6258:6264 ioctl 40046207 0 returned -16 [ 598.149835] binder: BINDER_SET_CONTEXT_MGR already set [ 598.149915] binder: 6255:6262 ioctl 40046207 0 returned -16 [ 598.150022] binder: 6258:6264 BC_FREE_BUFFER u0000000000000000 no match [ 598.150027] binder: 6258:6264 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.150035] binder: 6258:6264 BC_INCREFS_DONE u0000000000000000 no match [ 598.150040] binder: 6258:6264 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.150048] binder: 6258:6264 Release 1 refcount change on invalid ref 0 ret -22 [ 598.150054] binder: 6258:6264 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.150116] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.150154] binder: 6258:6264 transaction failed 29189/-3, size 0-8 line 3134 [ 598.150577] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.150614] binder: 6257:6263 transaction failed 29189/-3, size 0-0 line 3134 [ 598.150749] binder: 6255:6262 BC_FREE_BUFFER u0000000000000000 no match [ 598.150755] binder: 6255:6262 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.150762] binder: 6255:6262 BC_INCREFS_DONE u0000000000000000 no match [ 598.150767] binder: 6255:6262 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.150776] binder: 6255:6262 Release 1 refcount change on invalid ref 0 ret -22 [ 598.150783] binder: 6255:6262 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.150849] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.150891] binder: 6255:6262 transaction failed 29189/-3, size 0-8 line 3134 [ 598.151028] binder: BINDER_SET_CONTEXT_MGR already set [ 598.151034] binder: 6254:6265 ioctl 40046207 0 returned -16 [ 598.152522] binder: 6254:6265 BC_FREE_BUFFER u0000000000000000 no match [ 598.152527] binder: 6254:6265 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.152533] binder: 6254:6265 BC_INCREFS_DONE u0000000000000000 no match [ 598.152538] binder: 6254:6265 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.152546] binder: 6254:6265 Release 1 refcount change on invalid ref 0 ret -22 [ 598.152554] binder: 6254:6265 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.152988] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.153029] binder: 6254:6265 transaction failed 29189/-3, size 0-8 line 3134 [ 598.153599] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.153635] binder: 6258:6264 transaction failed 29189/-3, size 0-0 line 3134 [ 598.156959] binder: BINDER_SET_CONTEXT_MGR already set [ 598.156965] binder: 6256:6266 ioctl 40046207 0 returned -16 [ 598.157053] binder: 6256:6266 BC_FREE_BUFFER u0000000000000000 no match [ 598.157057] binder: 6256:6266 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.157063] binder: 6256:6266 BC_INCREFS_DONE u0000000000000000 no match [ 598.157067] binder: 6256:6266 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.157077] binder: 6256:6266 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.157139] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.157176] binder: 6256:6266 transaction failed 29189/-3, size 0-8 line 3134 [ 598.159380] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.159418] binder: 6255:6262 transaction failed 29189/-3, size 0-0 line 3134 [ 598.159634] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.159670] binder: 6254:6265 transaction failed 29189/-3, size 0-0 line 3134 [ 598.160639] binder: BINDER_SET_CONTEXT_MGR already set [ 598.160645] binder: 6261:6267 ioctl 40046207 0 returned -16 [ 598.160986] binder: 6261:6267 BC_FREE_BUFFER u0000000000000000 no match [ 598.160991] binder: 6261:6267 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.160998] binder: 6261:6267 BC_INCREFS_DONE u0000000000000000 no match [ 598.161003] binder: 6261:6267 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.161013] binder: 6261:6267 Release 1 refcount change on invalid ref 0 ret -22 [ 598.161021] binder: 6261:6267 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.161083] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.161121] binder: 6261:6267 transaction failed 29189/-3, size 0-8 line 3134 [ 598.165655] binder_alloc: 6257: binder_alloc_buf, no vma [ 598.165692] binder: 6256:6266 transaction failed 29189/-3, size 0-0 line 3134 [ 598.167299] binder: BINDER_SET_CONTEXT_MGR already set [ 598.167305] binder: 6256:6266 ioctl 40046207 0 returned -16 [ 598.174342] binder: 6250:6270 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.182212] binder: 6257:6276 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.202811] binder: 6255:6279 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.242572] binder: 6261:6292 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.243257] binder: 6278:6288 BC_FREE_BUFFER u0000000000000000 no match [ 598.243263] binder: 6278:6288 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.243274] binder: 6278:6288 BC_INCREFS_DONE u0000000000000000 node 36223 cookie mismatch 0000000000000001 != 0000000000000000 [ 598.243280] binder: 6278:6288 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.243287] binder: 6278:6288 Release 1 refcount change on invalid ref 0 ret -22 [ 598.243296] binder: 6278:6288 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.243356] binder_alloc: 6278: binder_alloc_buf, no vma [ 598.243394] binder: 6278:6288 transaction failed 29189/-3, size 0-8 line 3134 [ 598.246991] binder_alloc: 6278: binder_alloc_buf, no vma [ 598.247030] binder: 6278:6288 transaction failed 29189/-3, size 0-0 line 3134 [ 598.280023] binder: BINDER_SET_CONTEXT_MGR already set [ 598.280030] binder: 6294:6298 ioctl 40046207 0 returned -16 [ 598.280124] binder: 6294:6298 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.280132] binder: 6294:6298 BC_INCREFS_DONE u0000000000000000 no match [ 598.280137] binder: 6294:6298 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.280148] binder: 6294:6298 Release 1 refcount change on invalid ref 0 ret -22 [ 598.280157] binder: 6294:6298 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.280231] binder_alloc: 6278: binder_alloc_buf, no vma [ 598.280270] binder: 6294:6298 transaction failed 29189/-3, size 0-0 line 3134 [ 598.283276] binder_alloc: 6278: binder_alloc_buf, no vma [ 598.283314] binder: 6294:6298 transaction failed 29189/-3, size 0-0 line 3134 [ 598.286166] binder: BINDER_SET_CONTEXT_MGR already set [ 598.286172] binder: 6295:6299 ioctl 40046207 0 returned -16 [ 598.287207] binder: 6295:6299 BC_FREE_BUFFER u0000000000000000 no match [ 598.287212] binder: 6295:6299 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.287225] binder: 6295:6299 BC_INCREFS_DONE u0000000000000000 no match [ 598.287230] binder: 6295:6299 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.287240] binder: 6295:6299 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.287303] binder_alloc: 6278: binder_alloc_buf, no vma [ 598.287341] binder: 6295:6299 transaction failed 29189/-3, size 0-8 line 3134 [ 598.290438] binder_alloc: 6278: binder_alloc_buf, no vma [ 598.290476] binder: 6295:6299 transaction failed 29189/-3, size 0-0 line 3134 [ 598.290938] binder: BINDER_SET_CONTEXT_MGR already set [ 598.290944] binder: 6295:6299 ioctl 40046207 0 returned -16 [ 598.294634] binder: BINDER_SET_CONTEXT_MGR already set [ 598.294640] binder: 6291:6293 ioctl 40046207 0 returned -16 [ 598.294756] binder: 6291:6293 BC_FREE_BUFFER u0000000000000000 no match [ 598.294760] binder: 6291:6293 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.294767] binder: 6291:6293 BC_INCREFS_DONE u0000000000000000 no match [ 598.294771] binder: 6291:6293 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.294781] binder: 6291:6293 Release 1 refcount change on invalid ref 0 ret -22 [ 598.294863] binder_alloc: 6278: binder_alloc_buf, no vma [ 598.294902] binder: 6291:6293 transaction failed 29189/-3, size 0-0 line 3134 [ 598.295598] binder_alloc: 6278: binder_alloc_buf, no vma [ 598.295633] binder: 6291:6293 transaction failed 29189/-3, size 0-0 line 3134 [ 598.309542] binder: 6294:6306 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.318070] binder: 6291:6300 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.370231] binder: 6311:6312 BC_FREE_BUFFER u0000000000000000 no match [ 598.370236] binder: 6311:6312 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.370246] binder: 6311:6312 BC_INCREFS_DONE u0000000000000000 node 36233 cookie mismatch 0000000000000001 != 0000000000000000 [ 598.370253] binder: 6311:6312 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.370262] binder: 6311:6312 Release 1 refcount change on invalid ref 0 ret -22 [ 598.370269] binder: 6311:6312 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.370331] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.370371] binder: 6311:6312 transaction failed 29189/-3, size 0-8 line 3134 [ 598.372473] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.372511] binder: 6311:6312 transaction failed 29189/-3, size 0-0 line 3134 [ 598.374750] binder: BINDER_SET_CONTEXT_MGR already set [ 598.374757] binder: 6313:6316 ioctl 40046207 0 returned -16 [ 598.374859] binder: 6313:6316 BC_FREE_BUFFER u0000000000000000 no match [ 598.374865] binder: 6313:6316 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.374872] binder: 6313:6316 BC_INCREFS_DONE u0000000000000000 no match [ 598.374878] binder: 6313:6316 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.374888] binder: 6313:6316 Release 1 refcount change on invalid ref 0 ret -22 [ 598.374897] binder: 6313:6316 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.374960] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.374996] binder: 6313:6316 transaction failed 29189/-3, size 0-8 line 3134 [ 598.380953] binder: BINDER_SET_CONTEXT_MGR already set [ 598.380961] binder: 6314:6320 ioctl 40046207 0 returned -16 [ 598.381078] binder: 6314:6320 BC_FREE_BUFFER u0000000000000000 no match [ 598.381082] binder: 6314:6320 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.381090] binder: 6314:6320 BC_INCREFS_DONE u0000000000000000 no match [ 598.381095] binder: 6314:6320 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.381104] binder: 6314:6320 Release 1 refcount change on invalid ref 0 ret -22 [ 598.381112] binder: 6314:6320 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.381175] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.381210] binder: 6314:6320 transaction failed 29189/-3, size 0-8 line 3134 [ 598.382258] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.382293] binder: 6313:6316 transaction failed 29189/-3, size 0-0 line 3134 [ 598.383850] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.383889] binder: 6314:6320 transaction failed 29189/-3, size 0-0 line 3134 [ 598.393275] binder: BINDER_SET_CONTEXT_MGR already set [ 598.393283] binder: 6318:6327 ioctl 40046207 0 returned -16 [ 598.393433] binder: 6318:6327 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.393440] binder: 6318:6327 BC_INCREFS_DONE u0000000000000000 no match [ 598.393445] binder: 6318:6327 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.393453] binder: 6318:6327 Release 1 refcount change on invalid ref 0 ret -22 [ 598.393460] binder: 6318:6327 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.393523] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.393562] binder: 6318:6327 transaction failed 29189/-3, size 0-0 line 3134 [ 598.396448] binder: BINDER_SET_CONTEXT_MGR already set [ 598.396455] binder: 6315:6323 ioctl 40046207 0 returned -16 [ 598.396703] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.396744] binder: 6318:6327 transaction failed 29189/-3, size 0-0 line 3134 [ 598.396794] binder: BINDER_SET_CONTEXT_MGR already set [ 598.396800] binder: 6319:6325 ioctl 40046207 0 returned -16 [ 598.396871] binder: 6315:6323 BC_FREE_BUFFER u0000000000000000 no match [ 598.396877] binder: 6315:6323 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.396884] binder: 6315:6323 BC_INCREFS_DONE u0000000000000000 no match [ 598.396889] binder: 6315:6323 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.396895] binder: 6319:6325 BC_FREE_BUFFER u0000000000000000 no match [ 598.396900] binder: 6315:6323 Release 1 refcount change on invalid ref 0 ret -22 [ 598.396903] binder: 6319:6325 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.396908] binder: 6315:6323 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.396912] binder: 6319:6325 BC_INCREFS_DONE u0000000000000000 no match [ 598.396916] binder: 6319:6325 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.396924] binder: 6319:6325 Release 1 refcount change on invalid ref 0 ret -22 [ 598.396973] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.396986] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.397010] binder: 6315:6323 transaction failed 29189/-3, size 0-8 line 3134 [ 598.397023] binder: 6319:6325 transaction failed 29189/-3, size 0-0 line 3134 [ 598.401037] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.401077] binder: 6319:6325 transaction failed 29189/-3, size 0-0 line 3134 [ 598.401957] binder: BINDER_SET_CONTEXT_MGR already set [ 598.401965] binder: 6321:6329 ioctl 40046207 0 returned -16 [ 598.402052] binder: BINDER_SET_CONTEXT_MGR already set [ 598.402058] binder: 6317:6324 ioctl 40046207 0 returned -16 [ 598.402323] binder: 6317:6324 BC_FREE_BUFFER u0000000000000000 no match [ 598.402327] binder: 6317:6324 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.402335] binder: 6317:6324 BC_INCREFS_DONE u0000000000000000 no match [ 598.402339] binder: 6317:6324 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.402348] binder: 6317:6324 Release 1 refcount change on invalid ref 0 ret -22 [ 598.402356] binder: 6317:6324 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.402422] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.402461] binder: 6317:6324 transaction failed 29189/-3, size 0-8 line 3134 [ 598.402465] binder: 6321:6329 BC_FREE_BUFFER u0000000000000000 no match [ 598.402470] binder: 6321:6329 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.402477] binder: 6321:6329 BC_INCREFS_DONE u0000000000000000 no match [ 598.402482] binder: 6321:6329 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.402491] binder: 6321:6329 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.402555] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.402591] binder: 6321:6329 transaction failed 29189/-3, size 0-8 line 3134 [ 598.404447] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.404696] binder: 6321:6329 transaction failed 29189/-3, size 0-0 line 3134 [ 598.404953] binder_alloc: 6311: binder_alloc_buf, no vma [ 598.404991] binder: 6317:6324 transaction failed 29189/-3, size 0-0 line 3134 [ 598.409984] binder: BINDER_SET_CONTEXT_MGR already set [ 598.409991] binder: 6321:6329 ioctl 40046207 0 returned -16 [ 598.410562] binder: 6311:6330 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.452311] binder: 6319:6342 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.455328] binder: 6318:6341 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.481227] binder: 6353:6354 BC_FREE_BUFFER u0000000000000000 no match [ 598.481232] binder: 6353:6354 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.481244] binder: 6353:6354 BC_INCREFS_DONE u0000000000000000 node 36252 cookie mismatch 0000000000000001 != 0000000000000000 [ 598.481252] binder: 6353:6354 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.481262] binder: 6353:6354 Release 1 refcount change on invalid ref 0 ret -22 [ 598.481271] binder: 6353:6354 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.481339] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.481380] binder: 6353:6354 transaction failed 29189/-3, size 0-8 line 3134 [ 598.483316] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.483439] binder: 6353:6354 transaction failed 29189/-3, size 0-0 line 3134 [ 598.495290] binder: 6315:6347 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.529666] binder: BINDER_SET_CONTEXT_MGR already set [ 598.529674] binder: 6357:6363 ioctl 40046207 0 returned -16 [ 598.529802] binder: 6357:6363 BC_FREE_BUFFER u0000000000000000 no match [ 598.529808] binder: 6357:6363 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.529815] binder: 6357:6363 BC_INCREFS_DONE u0000000000000000 no match [ 598.529820] binder: 6357:6363 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.529831] binder: 6357:6363 Release 1 refcount change on invalid ref 0 ret -22 [ 598.529839] binder: 6357:6363 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.529908] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.529947] binder: 6357:6363 transaction failed 29189/-3, size 0-8 line 3134 [ 598.532285] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.532325] binder: 6357:6363 transaction failed 29189/-3, size 0-0 line 3134 [ 598.532354] binder: BINDER_SET_CONTEXT_MGR already set [ 598.532360] binder: 6361:6366 ioctl 40046207 0 returned -16 [ 598.532667] binder: 6361:6366 BC_FREE_BUFFER u0000000000000000 no match [ 598.532672] binder: 6361:6366 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.532680] binder: 6361:6366 BC_INCREFS_DONE u0000000000000000 no match [ 598.532684] binder: 6361:6366 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.532695] binder: 6361:6366 Release 1 refcount change on invalid ref 0 ret -22 [ 598.532767] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.532807] binder: 6361:6366 transaction failed 29189/-3, size 0-8 line 3134 [ 598.532909] binder: BINDER_SET_CONTEXT_MGR already set [ 598.532915] binder: 6358:6364 ioctl 40046207 0 returned -16 [ 598.533031] binder: 6358:6364 BC_FREE_BUFFER u0000000000000000 no match [ 598.533035] binder: 6358:6364 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.533042] binder: 6358:6364 BC_INCREFS_DONE u0000000000000000 no match [ 598.533046] binder: 6358:6364 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.533057] binder: 6358:6364 Release 1 refcount change on invalid ref 0 ret -22 [ 598.533065] binder: 6358:6364 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.533133] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.533175] binder: 6358:6364 transaction failed 29189/-3, size 0-8 line 3134 [ 598.536607] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.536644] binder: 6361:6366 transaction failed 29189/-3, size 0-0 line 3134 [ 598.537455] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.537495] binder: 6358:6364 transaction failed 29189/-3, size 0-0 line 3134 [ 598.537963] binder: BINDER_SET_CONTEXT_MGR already set [ 598.537969] binder: 6361:6366 ioctl 40046207 0 returned -16 [ 598.540252] binder: BINDER_SET_CONTEXT_MGR already set [ 598.540260] binder: 6359:6367 ioctl 40046207 0 returned -16 [ 598.541805] binder: 6359:6367 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.541813] binder: 6359:6367 BC_INCREFS_DONE u0000000000000000 no match [ 598.541818] binder: 6359:6367 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.541827] binder: 6359:6367 Release 1 refcount change on invalid ref 0 ret -22 [ 598.541836] binder: 6359:6367 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.541905] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.541946] binder: 6359:6367 transaction failed 29189/-3, size 0-0 line 3134 [ 598.542699] binder: BINDER_SET_CONTEXT_MGR already set [ 598.542706] binder: 6360:6369 ioctl 40046207 0 returned -16 [ 598.542832] binder: 6360:6369 BC_FREE_BUFFER u0000000000000000 no match [ 598.542837] binder: 6360:6369 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.542843] binder: 6360:6369 BC_INCREFS_DONE u0000000000000000 no match [ 598.542848] binder: 6360:6369 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.542857] binder: 6360:6369 Release 1 refcount change on invalid ref 0 ret -22 [ 598.542921] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.542963] binder: 6360:6369 transaction failed 29189/-3, size 0-0 line 3134 [ 598.543910] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.543946] binder: 6360:6369 transaction failed 29189/-3, size 0-0 line 3134 [ 598.545658] binder_alloc: 6353: binder_alloc_buf, no vma [ 598.545714] binder: 6359:6367 transaction failed 29189/-3, size 0-0 line 3134 [ 598.561873] binder: 6368:6371 BC_FREE_BUFFER u0000000000000000 no match [ 598.561878] binder: 6368:6371 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.561888] binder: 6368:6371 BC_INCREFS_DONE u0000000000000000 node 36267 cookie mismatch 0000000000000001 != 0000000000000000 [ 598.561895] binder: 6368:6371 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.561904] binder: 6368:6371 Release 1 refcount change on invalid ref 0 ret -22 [ 598.561913] binder: 6368:6371 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.562071] binder_alloc: 6368: binder_alloc_buf, no vma [ 598.562109] binder: 6368:6371 transaction failed 29189/-3, size 0-8 line 3134 [ 598.563508] binder_alloc: 6368: binder_alloc_buf, no vma [ 598.563544] binder: 6368:6371 transaction failed 29189/-3, size 0-0 line 3134 [ 598.567335] binder: 6358:6381 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.568665] binder: BINDER_SET_CONTEXT_MGR already set [ 598.568671] binder: 6374:6380 ioctl 40046207 0 returned -16 [ 598.569366] binder: 6374:6380 BC_FREE_BUFFER u0000000000000000 no match [ 598.569371] binder: 6374:6380 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.569378] binder: 6374:6380 BC_INCREFS_DONE u0000000000000000 no match [ 598.569382] binder: 6374:6380 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.569392] binder: 6374:6380 Release 1 refcount change on invalid ref 0 ret -22 [ 598.569400] binder: 6374:6380 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.569469] binder_alloc: 6368: binder_alloc_buf, no vma [ 598.569510] binder: 6374:6380 transaction failed 29189/-3, size 0-8 line 3134 [ 598.572229] binder: 6359:6383 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.590807] binder: 6360:6386 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.642447] binder: 6374:6394 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.689227] binder: BINDER_SET_CONTEXT_MGR already set [ 598.689235] binder: 6396:6404 ioctl 40046207 0 returned -16 [ 598.689288] binder: 6398:6403 BC_FREE_BUFFER u0000000000000000 no match [ 598.689294] binder: 6398:6403 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.689309] binder: 6398:6403 BC_INCREFS_DONE u0000000000000000 node 36272 cookie mismatch 0000000000000001 != 0000000000000000 [ 598.689316] binder: 6398:6403 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.689328] binder: 6398:6403 Release 1 refcount change on invalid ref 0 ret -22 [ 598.689396] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.689436] binder: 6398:6403 transaction failed 29189/-3, size 0-8 line 3134 [ 598.689580] binder: 6396:6404 BC_FREE_BUFFER u0000000000000000 no match [ 598.689585] binder: 6396:6404 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.689592] binder: 6396:6404 BC_INCREFS_DONE u0000000000000000 no match [ 598.689597] binder: 6396:6404 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.689606] binder: 6396:6404 Release 1 refcount change on invalid ref 0 ret -22 [ 598.689615] binder: 6396:6404 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.689676] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.689712] binder: 6396:6404 transaction failed 29189/-3, size 0-8 line 3134 [ 598.692153] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.692195] binder: 6396:6404 transaction failed 29189/-3, size 0-0 line 3134 [ 598.692336] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.692373] binder: 6398:6403 transaction failed 29189/-3, size 0-0 line 3134 [ 598.693512] binder: BINDER_SET_CONTEXT_MGR already set [ 598.693518] binder: 6397:6402 ioctl 40046207 0 returned -16 [ 598.693607] binder: 6397:6402 BC_FREE_BUFFER u0000000000000000 no match [ 598.693611] binder: 6397:6402 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.693619] binder: 6397:6402 BC_INCREFS_DONE u0000000000000000 no match [ 598.693623] binder: 6397:6402 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.693634] binder: 6397:6402 Release 1 refcount change on invalid ref 0 ret -22 [ 598.693643] binder: 6397:6402 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.693712] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.693750] binder: 6397:6402 transaction failed 29189/-3, size 0-8 line 3134 [ 598.694654] binder: BINDER_SET_CONTEXT_MGR already set [ 598.694660] binder: 6398:6403 ioctl 40046207 0 returned -16 [ 598.695540] binder: BINDER_SET_CONTEXT_MGR already set [ 598.695547] binder: 6399:6405 ioctl 40046207 0 returned -16 [ 598.695834] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.695871] binder: 6397:6402 transaction failed 29189/-3, size 0-0 line 3134 [ 598.695975] binder: 6399:6405 BC_FREE_BUFFER u0000000000000000 no match [ 598.695980] binder: 6399:6405 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.695987] binder: 6399:6405 BC_INCREFS_DONE u0000000000000000 no match [ 598.695992] binder: 6399:6405 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.696002] binder: 6399:6405 Release 1 refcount change on invalid ref 0 ret -22 [ 598.696010] binder: 6399:6405 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.696073] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.696110] binder: 6399:6405 transaction failed 29189/-3, size 0-8 line 3134 [ 598.699888] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.699928] binder: 6399:6405 transaction failed 29189/-3, size 0-0 line 3134 [ 598.700072] binder: BINDER_SET_CONTEXT_MGR already set [ 598.700078] binder: 6401:6406 ioctl 40046207 0 returned -16 [ 598.700230] binder: 6401:6406 BC_FREE_BUFFER u0000000000000000 no match [ 598.700235] binder: 6401:6406 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.700243] binder: 6401:6406 BC_INCREFS_DONE u0000000000000000 no match [ 598.700248] binder: 6401:6406 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.700259] binder: 6401:6406 Release 1 refcount change on invalid ref 0 ret -22 [ 598.700266] binder: 6401:6406 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.700333] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.700373] binder: 6401:6406 transaction failed 29189/-3, size 0-0 line 3134 [ 598.701910] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.703091] binder: 6401:6406 transaction failed 29189/-3, size 0-0 line 3134 [ 598.708558] binder: BINDER_SET_CONTEXT_MGR already set [ 598.708565] binder: 6400:6411 ioctl 40046207 0 returned -16 [ 598.708669] binder: 6400:6411 BC_FREE_BUFFER u0000000000000000 no match [ 598.708675] binder: 6400:6411 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.708682] binder: 6400:6411 BC_INCREFS_DONE u0000000000000000 no match [ 598.708687] binder: 6400:6411 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.708696] binder: 6400:6411 Release 1 refcount change on invalid ref 0 ret -22 [ 598.708766] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.708808] binder: 6400:6411 transaction failed 29189/-3, size 0-0 line 3134 [ 598.710898] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.710936] binder: 6400:6411 transaction failed 29189/-3, size 0-0 line 3134 [ 598.713523] binder: BINDER_SET_CONTEXT_MGR already set [ 598.713530] binder: 6407:6414 ioctl 40046207 0 returned -16 [ 598.713647] binder: 6407:6414 BC_FREE_BUFFER u0000000000000000 no match [ 598.713652] binder: 6407:6414 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.713659] binder: 6407:6414 BC_INCREFS_DONE u0000000000000000 no match [ 598.713664] binder: 6407:6414 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.713674] binder: 6407:6414 Release 1 refcount change on invalid ref 0 ret -22 [ 598.713682] binder: 6407:6414 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.713749] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.713790] binder: 6407:6414 transaction failed 29189/-3, size 0-8 line 3134 [ 598.715264] binder: BINDER_SET_CONTEXT_MGR already set [ 598.715271] binder: 6408:6415 ioctl 40046207 0 returned -16 [ 598.715955] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.715996] binder: 6407:6414 transaction failed 29189/-3, size 0-0 line 3134 [ 598.716593] binder: 6408:6415 BC_FREE_BUFFER u0000000000000000 no match [ 598.716598] binder: 6408:6415 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.716605] binder: 6408:6415 BC_INCREFS_DONE u0000000000000000 no match [ 598.716609] binder: 6408:6415 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.716618] binder: 6408:6415 Release 1 refcount change on invalid ref 0 ret -22 [ 598.716626] binder: 6408:6415 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.716688] binder_alloc: 6398: binder_alloc_buf, no vma [ 598.716732] binder: 6408:6415 transaction failed 29189/-3, size 0-8 line 3134 [ 598.744781] binder: 6399:6422 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.744967] binder: 6401:6423 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.759495] binder: 6400:6426 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.811613] binder: 6408:6431 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.817281] binder: 6437:6441 BC_FREE_BUFFER u0000000000000000 no match [ 598.817287] binder: 6437:6441 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.817298] binder: 6437:6441 BC_INCREFS_DONE u0000000000000000 node 36291 cookie mismatch 0000000000000001 != 0000000000000000 [ 598.817305] binder: 6437:6441 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.817315] binder: 6437:6441 Release 1 refcount change on invalid ref 0 ret -22 [ 598.817324] binder: 6437:6441 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.817391] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.817432] binder: 6437:6441 transaction failed 29189/-3, size 0-8 line 3134 [ 598.817735] binder: BINDER_SET_CONTEXT_MGR already set [ 598.817741] binder: 6438:6442 ioctl 40046207 0 returned -16 [ 598.817830] binder: 6438:6442 BC_FREE_BUFFER u0000000000000000 no match [ 598.817835] binder: 6438:6442 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.817842] binder: 6438:6442 BC_INCREFS_DONE u0000000000000000 no match [ 598.817847] binder: 6438:6442 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.817854] binder: 6438:6442 Release 1 refcount change on invalid ref 0 ret -22 [ 598.817951] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.817990] binder: 6438:6442 transaction failed 29189/-3, size 0-8 line 3134 [ 598.819101] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.819139] binder: 6437:6441 transaction failed 29189/-3, size 0-0 line 3134 [ 598.820446] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.820485] binder: 6438:6442 transaction failed 29189/-3, size 0-0 line 3134 [ 598.821538] binder: BINDER_SET_CONTEXT_MGR already set [ 598.821544] binder: 6438:6442 ioctl 40046207 0 returned -16 [ 598.822555] binder: BINDER_SET_CONTEXT_MGR already set [ 598.822561] binder: 6440:6443 ioctl 40046207 0 returned -16 [ 598.822644] binder: 6440:6443 BC_FREE_BUFFER u0000000000000000 no match [ 598.822649] binder: 6440:6443 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.822656] binder: 6440:6443 BC_INCREFS_DONE u0000000000000000 no match [ 598.822660] binder: 6440:6443 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.822670] binder: 6440:6443 Release 1 refcount change on invalid ref 0 ret -22 [ 598.822679] binder: 6440:6443 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.822744] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.822786] binder: 6440:6443 transaction failed 29189/-3, size 0-8 line 3134 [ 598.823951] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.823988] binder: 6440:6443 transaction failed 29189/-3, size 0-0 line 3134 [ 598.854220] binder: BINDER_SET_CONTEXT_MGR already set [ 598.854230] binder: 6446:6449 ioctl 40046207 0 returned -16 [ 598.854367] binder: 6446:6449 BC_FREE_BUFFER u0000000000000000 no match [ 598.854373] binder: 6446:6449 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.854382] binder: 6446:6449 BC_INCREFS_DONE u0000000000000000 no match [ 598.854387] binder: 6446:6449 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.854397] binder: 6446:6449 Release 1 refcount change on invalid ref 0 ret -22 [ 598.854404] binder: 6446:6449 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.854474] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.854516] binder: 6446:6449 transaction failed 29189/-3, size 0-8 line 3134 [ 598.858304] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.858342] binder: 6446:6449 transaction failed 29189/-3, size 0-0 line 3134 [ 598.861598] binder: BINDER_SET_CONTEXT_MGR already set [ 598.861605] binder: 6452:6457 ioctl 40046207 0 returned -16 [ 598.861724] binder: 6452:6457 BC_FREE_BUFFER u0000000000000000 no match [ 598.861729] binder: 6452:6457 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.861737] binder: 6452:6457 BC_INCREFS_DONE u0000000000000000 no match [ 598.861742] binder: 6452:6457 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.861758] binder: 6452:6457 Release 1 refcount change on invalid ref 0 ret -22 [ 598.862016] binder: 6452:6457 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.862086] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.862128] binder: 6452:6457 transaction failed 29189/-3, size 0-0 line 3134 [ 598.863815] binder: BINDER_SET_CONTEXT_MGR already set [ 598.863883] binder: 6451:6459 ioctl 40046207 0 returned -16 [ 598.864003] binder: BINDER_SET_CONTEXT_MGR already set [ 598.864010] binder: 6447:6453 ioctl 40046207 0 returned -16 [ 598.864131] binder: 6451:6459 BC_FREE_BUFFER u0000000000000000 no match [ 598.864136] binder: 6451:6459 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.864144] binder: 6451:6459 BC_INCREFS_DONE u0000000000000000 no match [ 598.864148] binder: 6451:6459 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.864157] binder: 6451:6459 Release 1 refcount change on invalid ref 0 ret -22 [ 598.864165] binder: 6451:6459 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.864335] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.864377] binder: 6451:6459 transaction failed 29189/-3, size 0-8 line 3134 [ 598.864488] binder: 6447:6453 BC_FREE_BUFFER u0000000000000000 no match [ 598.864492] binder: 6447:6453 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.864499] binder: 6447:6453 BC_INCREFS_DONE u0000000000000000 no match [ 598.864504] binder: 6447:6453 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.864512] binder: 6447:6453 Release 1 refcount change on invalid ref 0 ret -22 [ 598.864579] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.864640] binder: 6447:6453 transaction failed 29189/-3, size 0-0 line 3134 [ 598.865097] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.865135] binder: 6452:6457 transaction failed 29189/-3, size 0-0 line 3134 [ 598.866292] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.866327] binder: 6447:6453 transaction failed 29189/-3, size 0-0 line 3134 [ 598.869845] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.869884] binder: 6451:6459 transaction failed 29189/-3, size 0-0 line 3134 [ 598.886323] binder: BINDER_SET_CONTEXT_MGR already set [ 598.886331] binder: 6460:6464 ioctl 40046207 0 returned -16 [ 598.886998] binder: 6460:6464 BC_FREE_BUFFER u0000000000000000 no match [ 598.887002] binder: 6460:6464 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.887009] binder: 6460:6464 BC_INCREFS_DONE u0000000000000000 no match [ 598.887013] binder: 6460:6464 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.887025] binder: 6460:6464 Release 1 refcount change on invalid ref 0 ret -22 [ 598.887032] binder: 6460:6464 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.887098] binder_alloc: 6437: binder_alloc_buf, no vma [ 598.887141] binder: 6460:6464 transaction failed 29189/-3, size 0-8 line 3134 [ 598.891986] binder: 6446:6468 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.904014] binder: 6447:6470 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.965685] binder: 6460:6480 Acquire 1 refcount change on invalid ref 0 ret -22 [ 598.967074] binder: 6477:6481 BC_FREE_BUFFER u0000000000000000 no match [ 598.967079] binder: 6477:6481 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.967090] binder: 6477:6481 BC_INCREFS_DONE u0000000000000000 node 36310 cookie mismatch 0000000000000001 != 0000000000000000 [ 598.967098] binder: 6477:6481 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.967105] binder: 6477:6481 Release 1 refcount change on invalid ref 0 ret -22 [ 598.967112] binder: 6477:6481 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.967175] binder_alloc: 6477: binder_alloc_buf, no vma [ 598.967219] binder: 6477:6481 transaction failed 29189/-3, size 0-8 line 3134 [ 598.967384] binder: BINDER_SET_CONTEXT_MGR already set [ 598.967390] binder: 6476:6482 ioctl 40046207 0 returned -16 [ 598.967476] binder: 6476:6482 BC_FREE_BUFFER u0000000000000000 no match [ 598.967480] binder: 6476:6482 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.967486] binder: 6476:6482 BC_INCREFS_DONE u0000000000000000 no match [ 598.967490] binder: 6476:6482 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.967500] binder: 6476:6482 Release 1 refcount change on invalid ref 0 ret -22 [ 598.967507] binder: 6476:6482 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.967569] binder_alloc: 6477: binder_alloc_buf, no vma [ 598.967606] binder: 6476:6482 transaction failed 29189/-3, size 0-8 line 3134 [ 598.971315] binder_alloc: 6477: binder_alloc_buf, no vma [ 598.971359] binder: 6477:6481 transaction failed 29189/-3, size 0-0 line 3134 [ 598.971658] binder_alloc: 6477: binder_alloc_buf, no vma [ 598.971693] binder: 6476:6482 transaction failed 29189/-3, size 0-0 line 3134 [ 598.973994] binder: BINDER_SET_CONTEXT_MGR already set [ 598.974000] binder: 6478:6483 ioctl 40046207 0 returned -16 [ 598.974086] binder: 6478:6483 BC_FREE_BUFFER u0000000000000000 no match [ 598.974091] binder: 6478:6483 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.974098] binder: 6478:6483 BC_INCREFS_DONE u0000000000000000 no match [ 598.974103] binder: 6478:6483 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 598.974112] binder: 6478:6483 Release 1 refcount change on invalid ref 0 ret -22 [ 598.974120] binder: 6478:6483 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 598.974181] binder_alloc: 6477: binder_alloc_buf, no vma [ 598.974225] binder: 6478:6483 transaction failed 29189/-3, size 0-8 line 3134 [ 598.975377] binder_alloc: 6477: binder_alloc_buf, no vma [ 598.975413] binder: 6478:6483 transaction failed 29189/-3, size 0-0 line 3134 [ 599.066938] binder: 6493:6499 BC_FREE_BUFFER u0000000000000000 no match [ 599.066943] binder: 6493:6499 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.066945] binder: BINDER_SET_CONTEXT_MGR already set [ 599.066952] binder: 6492:6498 ioctl 40046207 0 returned -16 [ 599.066961] binder: 6493:6499 BC_INCREFS_DONE u0000000000000000 node 36320 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.066969] binder: 6493:6499 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.066978] binder: 6493:6499 Release 1 refcount change on invalid ref 0 ret -22 [ 599.066986] binder: 6493:6499 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.067044] binder: 6492:6498 BC_FREE_BUFFER u0000000000000000 no match [ 599.067048] binder: 6492:6498 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.067055] binder: 6492:6498 BC_INCREFS_DONE u0000000000000000 no match [ 599.067058] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.067061] binder: 6492:6498 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.067069] binder: 6492:6498 Release 1 refcount change on invalid ref 0 ret -22 [ 599.067101] binder: 6493:6499 transaction failed 29189/-3, size 0-8 line 3134 [ 599.067136] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.067172] binder: 6492:6498 transaction failed 29189/-3, size 0-0 line 3134 [ 599.067802] binder: BINDER_SET_CONTEXT_MGR already set [ 599.067810] binder: 6491:6500 ioctl 40046207 0 returned -16 [ 599.068230] binder: 6491:6500 BC_FREE_BUFFER u0000000000000000 no match [ 599.068236] binder: 6491:6500 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.068243] binder: 6491:6500 BC_INCREFS_DONE u0000000000000000 no match [ 599.068248] binder: 6491:6500 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.068258] binder: 6491:6500 Release 1 refcount change on invalid ref 0 ret -22 [ 599.068266] binder: 6491:6500 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.068334] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.068375] binder: 6491:6500 transaction failed 29189/-3, size 0-0 line 3134 [ 599.068867] binder: BINDER_SET_CONTEXT_MGR already set [ 599.068873] binder: 6495:6501 ioctl 40046207 0 returned -16 [ 599.069228] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.069261] binder: 6492:6498 transaction failed 29189/-3, size 0-0 line 3134 [ 599.069329] binder: 6495:6501 BC_FREE_BUFFER u0000000000000000 no match [ 599.069334] binder: 6495:6501 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.069341] binder: 6495:6501 BC_INCREFS_DONE u0000000000000000 no match [ 599.069346] binder: 6495:6501 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.069356] binder: 6495:6501 Release 1 refcount change on invalid ref 0 ret -22 [ 599.069365] binder: 6495:6501 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.069905] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.070830] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.070866] binder: 6495:6501 transaction failed 29189/-3, size 0-8 line 3134 [ 599.071345] binder: 6493:6499 transaction failed 29189/-3, size 0-0 line 3134 [ 599.071598] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.071635] binder: 6491:6500 transaction failed 29189/-3, size 0-0 line 3134 [ 599.072229] binder: BINDER_SET_CONTEXT_MGR already set [ 599.072235] binder: 6494:6502 ioctl 40046207 0 returned -16 [ 599.073355] binder: 6494:6502 BC_FREE_BUFFER u0000000000000000 no match [ 599.073360] binder: 6494:6502 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.073367] binder: 6494:6502 BC_INCREFS_DONE u0000000000000000 no match [ 599.073372] binder: 6494:6502 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.073380] binder: 6494:6502 Release 1 refcount change on invalid ref 0 ret -22 [ 599.073388] binder: 6494:6502 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.073455] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.073495] binder: 6494:6502 transaction failed 29189/-3, size 0-8 line 3134 [ 599.074091] binder: BINDER_SET_CONTEXT_MGR already set [ 599.074097] binder: 6490:6504 ioctl 40046207 0 returned -16 [ 599.074212] binder: 6490:6504 BC_FREE_BUFFER u0000000000000000 no match [ 599.074217] binder: 6490:6504 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.074224] binder: 6490:6504 BC_INCREFS_DONE u0000000000000000 no match [ 599.074228] binder: 6490:6504 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.074238] binder: 6490:6504 Release 1 refcount change on invalid ref 0 ret -22 [ 599.074541] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.074583] binder: 6490:6504 transaction failed 29189/-3, size 0-8 line 3134 [ 599.074727] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.074761] binder: 6495:6501 transaction failed 29189/-3, size 0-0 line 3134 [ 599.075731] binder: BINDER_SET_CONTEXT_MGR already set [ 599.075738] binder: 6497:6503 ioctl 40046207 0 returned -16 [ 599.076030] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.076064] binder: 6494:6502 transaction failed 29189/-3, size 0-0 line 3134 [ 599.076871] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.076910] binder: 6490:6504 transaction failed 29189/-3, size 0-0 line 3134 [ 599.077285] binder: BINDER_SET_CONTEXT_MGR already set [ 599.077291] binder: 6490:6504 ioctl 40046207 0 returned -16 [ 599.077466] binder: 6497:6503 BC_FREE_BUFFER u0000000000000000 no match [ 599.077472] binder: 6497:6503 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.077479] binder: 6497:6503 BC_INCREFS_DONE u0000000000000000 no match [ 599.077486] binder: 6497:6503 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.077493] binder: 6497:6503 Release 1 refcount change on invalid ref 0 ret -22 [ 599.077499] binder: 6497:6503 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.077559] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.077597] binder: 6497:6503 transaction failed 29189/-3, size 0-8 line 3134 [ 599.083654] binder: BINDER_SET_CONTEXT_MGR already set [ 599.083660] binder: 6496:6505 ioctl 40046207 0 returned -16 [ 599.083990] binder: 6496:6505 BC_FREE_BUFFER u0000000000000000 no match [ 599.083995] binder: 6496:6505 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.084002] binder: 6496:6505 BC_INCREFS_DONE u0000000000000000 no match [ 599.084007] binder: 6496:6505 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.084017] binder: 6496:6505 Release 1 refcount change on invalid ref 0 ret -22 [ 599.084026] binder: 6496:6505 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.084088] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.084126] binder: 6496:6505 transaction failed 29189/-3, size 0-8 line 3134 [ 599.086280] binder_alloc: 6493: binder_alloc_buf, no vma [ 599.086317] binder: 6496:6505 transaction failed 29189/-3, size 0-0 line 3134 [ 599.105940] binder: 6492:6514 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.106035] binder: 6491:6512 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.109593] binder: 6493:6513 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.171801] binder: 6497:6526 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.212009] binder: 6529:6534 BC_FREE_BUFFER u0000000000000000 no match [ 599.212014] binder: 6529:6534 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.212024] binder: 6529:6534 BC_INCREFS_DONE u0000000000000000 node 36340 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.212030] binder: 6529:6534 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.212039] binder: 6529:6534 Release 1 refcount change on invalid ref 0 ret -22 [ 599.212107] binder_alloc: 6529: binder_alloc_buf, no vma [ 599.212146] binder: 6529:6534 transaction failed 29189/-3, size 0-0 line 3134 [ 599.212799] binder_alloc: 6529: binder_alloc_buf, no vma [ 599.212834] binder: 6529:6534 transaction failed 29189/-3, size 0-0 line 3134 [ 599.215671] binder: BINDER_SET_CONTEXT_MGR already set [ 599.215677] binder: 6530:6532 ioctl 40046207 0 returned -16 [ 599.215832] binder: 6530:6532 BC_FREE_BUFFER u0000000000000000 no match [ 599.215837] binder: 6530:6532 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.215844] binder: 6530:6532 BC_INCREFS_DONE u0000000000000000 no match [ 599.215848] binder: 6530:6532 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.215858] binder: 6530:6532 Release 1 refcount change on invalid ref 0 ret -22 [ 599.215953] binder_alloc: 6529: binder_alloc_buf, no vma [ 599.215991] binder: 6530:6532 transaction failed 29189/-3, size 0-8 line 3134 [ 599.217140] binder: BINDER_SET_CONTEXT_MGR already set [ 599.217147] binder: 6531:6533 ioctl 40046207 0 returned -16 [ 599.217241] binder: 6531:6533 BC_FREE_BUFFER u0000000000000000 no match [ 599.217246] binder: 6531:6533 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.217254] binder: 6531:6533 BC_INCREFS_DONE u0000000000000000 no match [ 599.217258] binder: 6531:6533 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.217267] binder: 6531:6533 Release 1 refcount change on invalid ref 0 ret -22 [ 599.217275] binder: 6531:6533 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.217335] binder_alloc: 6529: binder_alloc_buf, no vma [ 599.217338] binder_alloc: 6529: binder_alloc_buf, no vma [ 599.217373] binder: 6530:6532 transaction failed 29189/-3, size 0-0 line 3134 [ 599.217379] binder: 6531:6533 transaction failed 29189/-3, size 0-8 line 3134 [ 599.217754] binder: BINDER_SET_CONTEXT_MGR already set [ 599.217760] binder: 6530:6532 ioctl 40046207 0 returned -16 [ 599.218766] binder_alloc: 6529: binder_alloc_buf, no vma [ 599.218804] binder: 6531:6533 transaction failed 29189/-3, size 0-0 line 3134 [ 599.239664] binder: 6529:6534 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.251180] binder: 6531:6533 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.282843] binder: 6542:6546 BC_FREE_BUFFER u0000000000000000 no match [ 599.282856] binder: 6542:6546 BC_INCREFS_DONE u0000000000000000 node 36348 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.282863] binder: 6542:6546 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.282875] binder: 6542:6546 Release 1 refcount change on invalid ref 0 ret -22 [ 599.282885] binder: 6542:6546 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.282947] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.282985] binder: 6542:6546 transaction failed 29189/-3, size 0-0 line 3134 [ 599.284100] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.284137] binder: 6542:6546 transaction failed 29189/-3, size 0-0 line 3134 [ 599.287325] binder: BINDER_SET_CONTEXT_MGR already set [ 599.287332] binder: 6541:6547 ioctl 40046207 0 returned -16 [ 599.287504] binder: BINDER_SET_CONTEXT_MGR already set [ 599.287510] binder: 6544:6548 ioctl 40046207 0 returned -16 [ 599.287573] binder: 6541:6547 BC_FREE_BUFFER u0000000000000000 no match [ 599.287578] binder: 6541:6547 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.287586] binder: 6541:6547 BC_INCREFS_DONE u0000000000000000 no match [ 599.287591] binder: 6541:6547 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.287600] binder: 6541:6547 Release 1 refcount change on invalid ref 0 ret -22 [ 599.287604] binder: 6544:6548 BC_FREE_BUFFER u0000000000000000 no match [ 599.287610] binder: 6541:6547 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.287613] binder: 6544:6548 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.287620] binder: 6544:6548 BC_INCREFS_DONE u0000000000000000 no match [ 599.287625] binder: 6544:6548 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.287633] binder: 6544:6548 Release 1 refcount change on invalid ref 0 ret -22 [ 599.287677] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.287705] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.287717] binder: 6541:6547 transaction failed 29189/-3, size 0-8 line 3134 [ 599.287746] binder: 6544:6548 transaction failed 29189/-3, size 0-0 line 3134 [ 599.287868] binder: BINDER_SET_CONTEXT_MGR already set [ 599.287878] binder: 6545:6549 ioctl 40046207 0 returned -16 [ 599.291056] binder: 6545:6549 BC_FREE_BUFFER u0000000000000000 no match [ 599.291061] binder: 6545:6549 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.291068] binder: 6545:6549 BC_INCREFS_DONE u0000000000000000 no match [ 599.291072] binder: 6545:6549 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.291083] binder: 6545:6549 Release 1 refcount change on invalid ref 0 ret -22 [ 599.291175] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.291220] binder: 6545:6549 transaction failed 29189/-3, size 0-8 line 3134 [ 599.291545] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.291581] binder: 6541:6547 transaction failed 29189/-3, size 0-0 line 3134 [ 599.293952] binder: BINDER_SET_CONTEXT_MGR already set [ 599.293958] binder: 6543:6551 ioctl 40046207 0 returned -16 [ 599.294280] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.294316] binder: 6545:6549 transaction failed 29189/-3, size 0-0 line 3134 [ 599.294670] binder: 6543:6551 BC_FREE_BUFFER u0000000000000000 no match [ 599.294674] binder: 6543:6551 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.294682] binder: 6543:6551 BC_INCREFS_DONE u0000000000000000 no match [ 599.294686] binder: 6543:6551 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.294697] binder: 6543:6551 Release 1 refcount change on invalid ref 0 ret -22 [ 599.294705] binder: 6543:6551 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.294767] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.294804] binder: 6543:6551 transaction failed 29189/-3, size 0-8 line 3134 [ 599.296728] binder: BINDER_SET_CONTEXT_MGR already set [ 599.296734] binder: 6545:6549 ioctl 40046207 0 returned -16 [ 599.297279] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.297316] binder: 6543:6551 transaction failed 29189/-3, size 0-0 line 3134 [ 599.301076] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.301110] binder: 6544:6548 transaction failed 29189/-3, size 0-0 line 3134 [ 599.311593] binder: 6542:6558 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.315799] binder: BINDER_SET_CONTEXT_MGR already set [ 599.315806] binder: 6550:6557 ioctl 40046207 0 returned -16 [ 599.316149] binder: 6550:6557 BC_FREE_BUFFER u0000000000000000 no match [ 599.316154] binder: 6550:6557 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.316160] binder: 6550:6557 BC_INCREFS_DONE u0000000000000000 no match [ 599.316164] binder: 6550:6557 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.316175] binder: 6550:6557 Release 1 refcount change on invalid ref 0 ret -22 [ 599.316191] binder: 6550:6557 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.316262] binder_alloc: 6542: binder_alloc_buf, no vma [ 599.316303] binder: 6550:6557 transaction failed 29189/-3, size 0-8 line 3134 [ 599.334206] binder: 6560:6568 BC_FREE_BUFFER u0000000000000000 no match [ 599.334211] binder: 6560:6568 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.334223] binder: 6560:6568 BC_INCREFS_DONE u0000000000000000 node 36363 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.334230] binder: 6560:6568 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.334240] binder: 6560:6568 Release 1 refcount change on invalid ref 0 ret -22 [ 599.334248] binder: 6560:6568 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.334313] binder_alloc: 6560: binder_alloc_buf, no vma [ 599.334352] binder: 6560:6568 transaction failed 29189/-3, size 0-8 line 3134 [ 599.339033] binder_alloc: 6560: binder_alloc_buf, no vma [ 599.339072] binder: 6560:6568 transaction failed 29189/-3, size 0-0 line 3134 [ 599.340737] binder: BINDER_SET_CONTEXT_MGR already set [ 599.340744] binder: 6559:6564 ioctl 40046207 0 returned -16 [ 599.340832] binder: 6559:6564 BC_FREE_BUFFER u0000000000000000 no match [ 599.340836] binder: 6559:6564 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.340842] binder: 6559:6564 BC_INCREFS_DONE u0000000000000000 no match [ 599.340846] binder: 6559:6564 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.340856] binder: 6559:6564 Release 1 refcount change on invalid ref 0 ret -22 [ 599.340864] binder: 6559:6564 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.340922] binder_alloc: 6560: binder_alloc_buf, no vma [ 599.340960] binder: 6559:6564 transaction failed 29189/-3, size 0-8 line 3134 [ 599.342175] binder: 6544:6569 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.344108] binder_alloc: 6560: binder_alloc_buf, no vma [ 599.344149] binder: 6559:6564 transaction failed 29189/-3, size 0-0 line 3134 [ 599.388107] binder: 6559:6578 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.388908] binder: BINDER_SET_CONTEXT_MGR already set [ 599.388915] binder: 6574:6579 ioctl 40046207 0 returned -16 [ 599.389030] binder: 6574:6579 BC_FREE_BUFFER u0000000000000000 no match [ 599.389037] binder: 6574:6579 BC_INCREFS_DONE u0000000000000000 no match [ 599.389062] binder: 6574:6579 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.389096] binder: 6574:6579 Release 1 refcount change on invalid ref 0 ret -22 [ 599.389104] binder: 6574:6579 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.389176] binder_alloc: 6560: binder_alloc_buf, no vma [ 599.389216] binder: 6574:6579 transaction failed 29189/-3, size 0-0 line 3134 [ 599.390021] binder_alloc: 6560: binder_alloc_buf, no vma [ 599.390057] binder: 6574:6579 transaction failed 29189/-3, size 0-0 line 3134 [ 599.392393] binder: 6550:6580 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.438727] binder: 6574:6587 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.459671] binder: 6589:6590 BC_FREE_BUFFER u0000000000000000 no match [ 599.459726] binder: 6589:6590 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.459737] binder: 6589:6590 BC_INCREFS_DONE u0000000000000000 node 36371 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.459743] binder: 6589:6590 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.459754] binder: 6589:6590 Release 1 refcount change on invalid ref 0 ret -22 [ 599.459819] binder_alloc: 6589: binder_alloc_buf, no vma [ 599.459858] binder: 6589:6590 transaction failed 29189/-3, size 0-0 line 3134 [ 599.461377] binder_alloc: 6589: binder_alloc_buf, no vma [ 599.461415] binder: 6589:6590 transaction failed 29189/-3, size 0-0 line 3134 [ 599.491361] binder: 6589:6594 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.524545] binder: 6596:6597 BC_FREE_BUFFER u0000000000000000 no match [ 599.524550] binder: 6596:6597 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.524561] binder: 6596:6597 BC_INCREFS_DONE u0000000000000000 node 36374 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.524567] binder: 6596:6597 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.524577] binder: 6596:6597 Release 1 refcount change on invalid ref 0 ret -22 [ 599.524587] binder: 6596:6597 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.524653] binder_alloc: 6596: binder_alloc_buf, no vma [ 599.524693] binder: 6596:6597 transaction failed 29189/-3, size 0-8 line 3134 [ 599.525970] binder_alloc: 6596: binder_alloc_buf, no vma [ 599.526008] binder: 6596:6597 transaction failed 29189/-3, size 0-0 line 3134 [ 599.527133] binder: BINDER_SET_CONTEXT_MGR already set [ 599.527146] binder: 6592:6595 ioctl 40046207 0 returned -16 [ 599.538454] binder: 6596:6597 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.547956] binder: 6592:6595 BC_FREE_BUFFER u0000000000000000 no match [ 599.547962] binder: 6592:6595 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.547971] binder: 6592:6595 BC_INCREFS_DONE u0000000000000000 no match [ 599.547975] binder: 6592:6595 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.547986] binder: 6592:6595 Release 1 refcount change on invalid ref 0 ret -22 [ 599.547994] binder: 6592:6595 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.548006] binder: 6592:6595 transaction failed 29189/-22, size 0-8 line 3011 [ 599.556444] binder: 6592:6595 transaction failed 29189/-22, size 0-0 line 3011 [ 599.577924] binder: 6600:6603 BC_FREE_BUFFER u0000000000000000 no match [ 599.577930] binder: 6600:6603 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.577943] binder: 6600:6603 BC_INCREFS_DONE u0000000000000000 node 36380 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.577951] binder: 6600:6603 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.577960] binder: 6600:6603 Release 1 refcount change on invalid ref 0 ret -22 [ 599.577967] binder: 6600:6603 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.577974] binder: 6600:6603 got transaction to invalid handle [ 599.577982] binder: 6600:6603 transaction failed 29201/-22, size 24-72 line 3011 [ 599.579421] binder_alloc: 6600: binder_alloc_buf, no vma [ 599.579461] binder: 6600:6603 transaction failed 29189/-3, size 0-0 line 3134 [ 599.580060] binder: BINDER_SET_CONTEXT_MGR already set [ 599.580067] binder: 6600:6603 ioctl 40046207 0 returned -16 [ 599.581457] binder: BINDER_SET_CONTEXT_MGR already set [ 599.581464] binder: 6602:6604 ioctl 40046207 0 returned -16 [ 599.582551] binder: 6602:6604 BC_FREE_BUFFER u0000000000000000 no match [ 599.582556] binder: 6602:6604 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.582564] binder: 6602:6604 BC_INCREFS_DONE u0000000000000000 no match [ 599.582569] binder: 6602:6604 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.582579] binder: 6602:6604 Release 1 refcount change on invalid ref 0 ret -22 [ 599.582586] binder: 6602:6604 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.582655] binder_alloc: 6600: binder_alloc_buf, no vma [ 599.582695] binder: 6602:6604 transaction failed 29189/-3, size 0-8 line 3134 [ 599.595025] binder_alloc: 6600: binder_alloc_buf, no vma [ 599.595079] binder: 6602:6604 transaction failed 29189/-3, size 0-0 line 3134 [ 599.656521] binder: 6614:6617 BC_FREE_BUFFER u0000000000000000 no match [ 599.656526] binder: 6614:6617 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.656537] binder: 6614:6617 BC_INCREFS_DONE u0000000000000000 node 36386 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.656543] binder: 6614:6617 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.656553] binder: 6614:6617 Release 1 refcount change on invalid ref 0 ret -22 [ 599.656564] binder: 6614:6617 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.656629] binder_alloc: 6614: binder_alloc_buf, no vma [ 599.656669] binder: 6614:6617 transaction failed 29189/-3, size 0-8 line 3134 [ 599.660164] binder: BINDER_SET_CONTEXT_MGR already set [ 599.660177] binder: 6616:6618 ioctl 40046207 0 returned -16 [ 599.660272] binder: 6616:6618 BC_FREE_BUFFER u0000000000000000 no match [ 599.660277] binder: 6616:6618 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.660283] binder: 6616:6618 BC_INCREFS_DONE u0000000000000000 no match [ 599.660289] binder: 6616:6618 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.660298] binder: 6616:6618 Release 1 refcount change on invalid ref 0 ret -22 [ 599.660307] binder: 6616:6618 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.660374] binder_alloc: 6614: binder_alloc_buf, no vma [ 599.660409] binder: 6616:6618 transaction failed 29189/-3, size 0-8 line 3134 [ 599.661563] binder_alloc: 6614: binder_alloc_buf, no vma [ 599.661597] binder: 6616:6618 transaction failed 29189/-3, size 0-0 line 3134 [ 599.665013] binder: BINDER_SET_CONTEXT_MGR already set [ 599.665021] binder: 6613:6620 ioctl 40046207 0 returned -16 [ 599.665175] binder: 6613:6620 BC_FREE_BUFFER u0000000000000000 no match [ 599.665180] binder: 6613:6620 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.665188] binder: 6613:6620 BC_INCREFS_DONE u0000000000000000 no match [ 599.665192] binder: 6613:6620 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.665201] binder: 6613:6620 Release 1 refcount change on invalid ref 0 ret -22 [ 599.665265] binder_alloc: 6614: binder_alloc_buf, no vma [ 599.665307] binder: 6613:6620 transaction failed 29189/-3, size 0-0 line 3134 [ 599.665975] binder_alloc: 6614: binder_alloc_buf, no vma [ 599.666001] binder: BINDER_SET_CONTEXT_MGR already set [ 599.666007] binder: 6615:6619 ioctl 40046207 0 returned -16 [ 599.666014] binder: 6613:6620 transaction failed 29189/-3, size 0-0 line 3134 [ 599.666099] binder: 6615:6619 BC_FREE_BUFFER u0000000000000000 no match [ 599.666106] binder: 6615:6619 BC_INCREFS_DONE u0000000000000000 no match [ 599.666111] binder: 6615:6619 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.666119] binder: 6615:6619 Release 1 refcount change on invalid ref 0 ret -22 [ 599.666127] binder: 6615:6619 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.666194] binder_alloc: 6614: binder_alloc_buf, no vma [ 599.666234] binder: 6615:6619 transaction failed 29189/-3, size 0-0 line 3134 [ 599.668454] binder_alloc: 6614: binder_alloc_buf, no vma [ 599.668494] binder: 6615:6619 transaction failed 29189/-3, size 0-0 line 3134 [ 599.691607] binder: 6613:6627 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.701402] binder: 6615:6619 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.725008] binder: 6614:6630 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.766521] binder: 6633:6636 BC_FREE_BUFFER u0000000000000000 no match [ 599.766526] binder: 6633:6636 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.766531] binder: 6633:6636 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.766540] binder: 6633:6636 Release 1 refcount change on invalid ref 0 ret -22 [ 599.766549] binder: 6633:6636 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.766615] binder_alloc: 6633: binder_alloc_buf, no vma [ 599.766656] binder: 6633:6636 transaction failed 29189/-3, size 0-0 line 3134 [ 599.767231] binder_alloc: 6633: binder_alloc_buf, no vma [ 599.767267] binder: 6633:6636 transaction failed 29189/-3, size 0-0 line 3134 [ 599.773279] binder: BINDER_SET_CONTEXT_MGR already set [ 599.773287] binder: 6632:6635 ioctl 40046207 0 returned -16 [ 599.773420] binder: 6632:6635 BC_FREE_BUFFER u0000000000000000 no match [ 599.773425] binder: 6632:6635 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.773434] binder: 6632:6635 BC_INCREFS_DONE u0000000000000000 no match [ 599.773438] binder: 6632:6635 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.773449] binder: 6632:6635 Release 1 refcount change on invalid ref 0 ret -22 [ 599.773457] binder: 6632:6635 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.773523] binder_alloc: 6633: binder_alloc_buf, no vma [ 599.773563] binder: 6632:6635 transaction failed 29189/-3, size 0-8 line 3134 [ 599.774133] binder: BINDER_SET_CONTEXT_MGR already set [ 599.774139] binder: 6634:6637 ioctl 40046207 0 returned -16 [ 599.774238] binder: 6634:6637 BC_FREE_BUFFER u0000000000000000 no match [ 599.774243] binder: 6634:6637 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.774251] binder: 6634:6637 BC_INCREFS_DONE u0000000000000000 no match [ 599.774256] binder: 6634:6637 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.774264] binder: 6634:6637 Release 1 refcount change on invalid ref 0 ret -22 [ 599.774272] binder: 6634:6637 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.774330] binder_alloc: 6633: binder_alloc_buf, no vma [ 599.774366] binder: 6634:6637 transaction failed 29189/-3, size 0-8 line 3134 [ 599.774993] binder_alloc: 6633: binder_alloc_buf, no vma [ 599.775028] binder: 6632:6635 transaction failed 29189/-3, size 0-0 line 3134 [ 599.775573] binder_alloc: 6633: binder_alloc_buf, no vma [ 599.775612] binder: 6634:6637 transaction failed 29189/-3, size 0-0 line 3134 [ 599.787259] binder: 6633:6636 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.794649] binder: 6632:6635 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.831414] binder: 6645:6650 BC_FREE_BUFFER u0000000000000000 no match [ 599.831420] binder: 6645:6650 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.831432] binder: 6645:6650 BC_INCREFS_DONE u0000000000000000 node 36403 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.831438] binder: 6645:6650 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.831449] binder: 6645:6650 Release 1 refcount change on invalid ref 0 ret -22 [ 599.831459] binder: 6645:6650 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.831467] binder: 6645:6650 got transaction to invalid handle [ 599.831475] binder: 6645:6650 transaction failed 29201/-22, size 24-72 line 3011 [ 599.834108] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.834149] binder: 6645:6650 transaction failed 29189/-3, size 0-0 line 3134 [ 599.834224] binder: BINDER_SET_CONTEXT_MGR already set [ 599.834230] binder: 6646:6652 ioctl 40046207 0 returned -16 [ 599.834323] binder: 6646:6652 BC_FREE_BUFFER u0000000000000000 no match [ 599.834328] binder: 6646:6652 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.834335] binder: 6646:6652 BC_INCREFS_DONE u0000000000000000 no match [ 599.834340] binder: 6646:6652 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.834349] binder: 6646:6652 Release 1 refcount change on invalid ref 0 ret -22 [ 599.834414] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.834453] binder: 6646:6652 transaction failed 29189/-3, size 0-0 line 3134 [ 599.836114] binder: BINDER_SET_CONTEXT_MGR already set [ 599.836122] binder: 6645:6650 ioctl 40046207 0 returned -16 [ 599.836538] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.836571] binder: 6646:6652 transaction failed 29189/-3, size 0-0 line 3134 [ 599.842742] binder: BINDER_SET_CONTEXT_MGR already set [ 599.842748] binder: 6647:6653 ioctl 40046207 0 returned -16 [ 599.844729] binder: 6647:6653 BC_FREE_BUFFER u0000000000000000 no match [ 599.844734] binder: 6647:6653 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.844740] binder: 6647:6653 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.844750] binder: 6647:6653 Release 1 refcount change on invalid ref 0 ret -22 [ 599.844759] binder: 6647:6653 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.844825] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.844867] binder: 6647:6653 transaction failed 29189/-3, size 0-0 line 3134 [ 599.846064] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.846103] binder: 6647:6653 transaction failed 29189/-3, size 0-0 line 3134 [ 599.849903] binder: BINDER_SET_CONTEXT_MGR already set [ 599.849910] binder: 6649:6657 ioctl 40046207 0 returned -16 [ 599.850645] binder: 6649:6657 BC_FREE_BUFFER u0000000000000000 no match [ 599.850651] binder: 6649:6657 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.850669] binder: 6649:6657 BC_INCREFS_DONE u0000000000000000 no match [ 599.850674] binder: 6649:6657 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.850684] binder: 6649:6657 Release 1 refcount change on invalid ref 0 ret -22 [ 599.850694] binder: 6649:6657 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.850755] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.850793] binder: 6649:6657 transaction failed 29189/-3, size 0-8 line 3134 [ 599.851012] binder: BINDER_SET_CONTEXT_MGR already set [ 599.851018] binder: 6648:6658 ioctl 40046207 0 returned -16 [ 599.851167] binder: 6648:6658 BC_FREE_BUFFER u0000000000000000 no match [ 599.851172] binder: 6648:6658 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.851178] binder: 6648:6658 BC_INCREFS_DONE u0000000000000000 no match [ 599.851182] binder: 6648:6658 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.851191] binder: 6648:6658 Release 1 refcount change on invalid ref 0 ret -22 [ 599.851199] binder: 6648:6658 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.851258] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.851295] binder: 6648:6658 transaction failed 29189/-3, size 0-8 line 3134 [ 599.855501] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.855542] binder: 6648:6658 transaction failed 29189/-3, size 0-0 line 3134 [ 599.855752] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.855888] binder: 6649:6657 transaction failed 29189/-3, size 0-0 line 3134 [ 599.860599] binder: BINDER_SET_CONTEXT_MGR already set [ 599.860606] binder: 6651:6660 ioctl 40046207 0 returned -16 [ 599.860824] binder: 6651:6660 BC_FREE_BUFFER u0000000000000000 no match [ 599.860829] binder: 6651:6660 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.860837] binder: 6651:6660 BC_INCREFS_DONE u0000000000000000 no match [ 599.860842] binder: 6651:6660 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.860854] binder: 6651:6660 Release 1 refcount change on invalid ref 0 ret -22 [ 599.860863] binder: 6651:6660 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.860929] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.860970] binder: 6651:6660 transaction failed 29189/-3, size 0-8 line 3134 [ 599.863165] binder: BINDER_SET_CONTEXT_MGR already set [ 599.863171] binder: 6655:6662 ioctl 40046207 0 returned -16 [ 599.863280] binder: 6655:6662 BC_FREE_BUFFER u0000000000000000 no match [ 599.863285] binder: 6655:6662 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.863291] binder: 6655:6662 BC_INCREFS_DONE u0000000000000000 no match [ 599.863296] binder: 6655:6662 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.863307] binder: 6655:6662 Release 1 refcount change on invalid ref 0 ret -22 [ 599.863315] binder: 6655:6662 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.863380] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.863415] binder: 6655:6662 transaction failed 29189/-3, size 0-8 line 3134 [ 599.868685] binder: 6646:6666 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.870768] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.870806] binder: 6655:6662 transaction failed 29189/-3, size 0-0 line 3134 [ 599.876038] binder: BINDER_SET_CONTEXT_MGR already set [ 599.876044] binder: 6659:6667 ioctl 40046207 0 returned -16 [ 599.876253] binder: 6659:6667 BC_FREE_BUFFER u0000000000000000 no match [ 599.876258] binder: 6659:6667 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.876265] binder: 6659:6667 BC_INCREFS_DONE u0000000000000000 no match [ 599.876269] binder: 6659:6667 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.876278] binder: 6659:6667 Release 1 refcount change on invalid ref 0 ret -22 [ 599.876286] binder: 6659:6667 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.876349] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.876387] binder: 6659:6667 transaction failed 29189/-3, size 0-8 line 3134 [ 599.878857] binder_alloc: 6645: binder_alloc_buf, no vma [ 599.878894] binder: 6659:6667 transaction failed 29189/-3, size 0-0 line 3134 [ 599.891262] binder: 6649:6674 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.900580] binder: 6647:6668 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.936699] binder: 6651:6684 Acquire 1 refcount change on invalid ref 0 ret -22 [ 599.991057] binder: 6689:6695 BC_FREE_BUFFER u0000000000000000 no match [ 599.991063] binder: 6689:6695 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.991073] binder: 6689:6695 BC_INCREFS_DONE u0000000000000000 node 36422 cookie mismatch 0000000000000001 != 0000000000000000 [ 599.991080] binder: 6689:6695 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.991090] binder: 6689:6695 Release 1 refcount change on invalid ref 0 ret -22 [ 599.991102] binder: 6689:6695 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.991177] binder_alloc: 6689: binder_alloc_buf, no vma [ 599.991215] binder: 6689:6695 transaction failed 29189/-3, size 0-8 line 3134 [ 599.992766] binder_alloc: 6689: binder_alloc_buf, no vma [ 599.992805] binder: 6689:6695 transaction failed 29189/-3, size 0-0 line 3134 [ 599.996048] binder: BINDER_SET_CONTEXT_MGR already set [ 599.996055] binder: 6692:6696 ioctl 40046207 0 returned -16 [ 599.996145] binder: 6692:6696 BC_FREE_BUFFER u0000000000000000 no match [ 599.996150] binder: 6692:6696 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.996163] binder: 6692:6696 BC_INCREFS_DONE u0000000000000000 no match [ 599.996168] binder: 6692:6696 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 599.996178] binder: 6692:6696 Release 1 refcount change on invalid ref 0 ret -22 [ 599.996186] binder: 6692:6696 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 599.996249] binder_alloc: 6689: binder_alloc_buf, no vma [ 599.996289] binder: 6692:6696 transaction failed 29189/-3, size 0-8 line 3134 [ 599.998054] binder_alloc: 6689: binder_alloc_buf, no vma [ 599.998091] binder: 6692:6696 transaction failed 29189/-3, size 0-0 line 3134 [ 600.000182] binder: BINDER_SET_CONTEXT_MGR already set [ 600.000188] binder: 6694:6697 ioctl 40046207 0 returned -16 [ 600.000279] binder: 6694:6697 BC_FREE_BUFFER u0000000000000000 no match [ 600.000283] binder: 6694:6697 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.000288] binder: 6694:6697 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.000296] binder: 6694:6697 Release 1 refcount change on invalid ref 0 ret -22 [ 600.000303] binder: 6694:6697 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.000365] binder_alloc: 6689: binder_alloc_buf, no vma [ 600.000402] binder: 6694:6697 transaction failed 29189/-3, size 0-0 line 3134 [ 600.002539] binder_alloc: 6689: binder_alloc_buf, no vma [ 600.002576] binder: 6694:6697 transaction failed 29189/-3, size 0-0 line 3134 [ 600.007748] binder: BINDER_SET_CONTEXT_MGR already set [ 600.007756] binder: 6691:6699 ioctl 40046207 0 returned -16 [ 600.009122] binder: 6691:6699 BC_FREE_BUFFER u0000000000000000 no match [ 600.009127] binder: 6691:6699 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.009134] binder: 6691:6699 BC_INCREFS_DONE u0000000000000000 no match [ 600.009139] binder: 6691:6699 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.009150] binder: 6691:6699 Release 1 refcount change on invalid ref 0 ret -22 [ 600.009166] binder: 6691:6699 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.009235] binder_alloc: 6689: binder_alloc_buf, no vma [ 600.009275] binder: 6691:6699 transaction failed 29189/-3, size 0-8 line 3134 [ 600.009923] binder: BINDER_SET_CONTEXT_MGR already set [ 600.009930] binder: 6690:6702 ioctl 40046207 0 returned -16 [ 600.010061] binder: 6690:6702 BC_FREE_BUFFER u0000000000000000 no match [ 600.010065] binder: 6690:6702 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.010073] binder: 6690:6702 BC_INCREFS_DONE u0000000000000000 no match [ 600.010077] binder: 6690:6702 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.010087] binder: 6690:6702 Release 1 refcount change on invalid ref 0 ret -22 [ 600.010221] binder_alloc: 6689: binder_alloc_buf, no vma [ 600.010260] binder: 6690:6702 transaction failed 29189/-3, size 0-0 line 3134 [ 600.011513] binder: BINDER_SET_CONTEXT_MGR already set [ 600.011520] binder: 6688:6693 ioctl 40046207 0 returned -16 [ 600.011616] binder: 6688:6693 BC_FREE_BUFFER u0000000000000000 no match [ 600.011621] binder: 6688:6693 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.011628] binder: 6688:6693 BC_INCREFS_DONE u0000000000000000 no match [ 600.011633] binder: 6688:6693 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.011642] binder: 6688:6693 Release 1 refcount change on invalid ref 0 ret -22 [ 600.011652] binder: 6688:6693 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.011658] binder: 6688:6693 got transaction to invalid handle [ 600.011667] binder: 6688:6693 transaction failed 29201/-22, size 24-72 line 3011 [ 600.012981] binder_alloc: 6689: binder_alloc_buf, no vma [ 600.013018] binder: 6688:6693 transaction failed 29189/-3, size 0-0 line 3134 [ 600.013353] binder: BINDER_SET_CONTEXT_MGR already set [ 600.013359] binder: 6688:6693 ioctl 40046207 0 returned -16 [ 600.013642] binder_alloc: 6689: binder_alloc_buf, no vma [ 600.013679] binder: 6691:6699 transaction failed 29189/-3, size 0-0 line 3134 [ 600.032524] binder: 6694:6711 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.051263] binder: 6690:6714 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.069494] binder: 6691:6713 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.114162] binder: 6719:6722 BC_FREE_BUFFER u0000000000000000 no match [ 600.114169] binder: 6719:6722 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.114181] binder: 6719:6722 BC_INCREFS_DONE u0000000000000000 node 36436 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.114187] binder: 6719:6722 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.114197] binder: 6719:6722 Release 1 refcount change on invalid ref 0 ret -22 [ 600.114205] binder: 6719:6722 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.114274] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.114313] binder: 6719:6722 transaction failed 29189/-3, size 0-8 line 3134 [ 600.119082] binder: BINDER_SET_CONTEXT_MGR already set [ 600.119089] binder: 6720:6724 ioctl 40046207 0 returned -16 [ 600.119184] binder: 6720:6724 BC_FREE_BUFFER u0000000000000000 no match [ 600.119189] binder: 6720:6724 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.119196] binder: 6720:6724 BC_INCREFS_DONE u0000000000000000 no match [ 600.119200] binder: 6720:6724 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.119210] binder: 6720:6724 Release 1 refcount change on invalid ref 0 ret -22 [ 600.119217] binder: 6720:6724 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.119281] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.119321] binder: 6720:6724 transaction failed 29189/-3, size 0-8 line 3134 [ 600.120844] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.120879] binder: 6720:6724 transaction failed 29189/-3, size 0-0 line 3134 [ 600.123563] binder: BINDER_SET_CONTEXT_MGR already set [ 600.123569] binder: 6723:6727 ioctl 40046207 0 returned -16 [ 600.123678] binder: 6723:6727 BC_FREE_BUFFER u0000000000000000 no match [ 600.123682] binder: 6723:6727 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.123689] binder: 6723:6727 BC_INCREFS_DONE u0000000000000000 no match [ 600.123693] binder: 6723:6727 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.123703] binder: 6723:6727 Release 1 refcount change on invalid ref 0 ret -22 [ 600.123712] binder: 6723:6727 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.123775] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.123815] binder: 6723:6727 transaction failed 29189/-3, size 0-0 line 3134 [ 600.124732] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.124767] binder: 6723:6727 transaction failed 29189/-3, size 0-0 line 3134 [ 600.128711] binder: BINDER_SET_CONTEXT_MGR already set [ 600.128717] binder: 6725:6728 ioctl 40046207 0 returned -16 [ 600.129100] binder: 6725:6728 BC_FREE_BUFFER u0000000000000000 no match [ 600.129105] binder: 6725:6728 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.129112] binder: 6725:6728 BC_INCREFS_DONE u0000000000000000 no match [ 600.129117] binder: 6725:6728 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.129127] binder: 6725:6728 Release 1 refcount change on invalid ref 0 ret -22 [ 600.129135] binder: 6725:6728 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.129204] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.129244] binder: 6725:6728 transaction failed 29189/-3, size 0-8 line 3134 [ 600.130884] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.130924] binder: 6725:6728 transaction failed 29189/-3, size 0-0 line 3134 [ 600.133318] binder: BINDER_SET_CONTEXT_MGR already set [ 600.133325] binder: 6725:6728 ioctl 40046207 0 returned -16 [ 600.146600] binder: BINDER_SET_CONTEXT_MGR already set [ 600.146606] binder: 6731:6736 ioctl 40046207 0 returned -16 [ 600.146716] binder: 6731:6736 BC_FREE_BUFFER u0000000000000000 no match [ 600.146721] binder: 6731:6736 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.146727] binder: 6731:6736 BC_INCREFS_DONE u0000000000000000 no match [ 600.146731] binder: 6731:6736 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.146741] binder: 6731:6736 Release 1 refcount change on invalid ref 0 ret -22 [ 600.146748] binder: 6731:6736 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.146810] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.146848] binder: 6731:6736 transaction failed 29189/-3, size 0-8 line 3134 [ 600.148712] binder: BINDER_SET_CONTEXT_MGR already set [ 600.148719] binder: 6726:6734 ioctl 40046207 0 returned -16 [ 600.148806] binder: 6726:6734 BC_FREE_BUFFER u0000000000000000 no match [ 600.148810] binder: 6726:6734 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.148817] binder: 6726:6734 BC_INCREFS_DONE u0000000000000000 no match [ 600.148821] binder: 6726:6734 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.148830] binder: 6726:6734 Release 1 refcount change on invalid ref 0 ret -22 [ 600.148837] binder: 6726:6734 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.148897] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.148934] binder: 6726:6734 transaction failed 29189/-3, size 0-8 line 3134 [ 600.150260] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.150294] binder: 6726:6734 transaction failed 29189/-3, size 0-0 line 3134 [ 600.153515] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.153556] binder: 6731:6736 transaction failed 29189/-3, size 0-0 line 3134 [ 600.153587] binder: BINDER_SET_CONTEXT_MGR already set [ 600.153592] binder: 6721:6737 ioctl 40046207 0 returned -16 [ 600.153714] binder: 6721:6737 BC_FREE_BUFFER u0000000000000000 no match [ 600.153719] binder: 6721:6737 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.153727] binder: 6721:6737 BC_INCREFS_DONE u0000000000000000 no match [ 600.153732] binder: 6721:6737 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.153741] binder: 6721:6737 Release 1 refcount change on invalid ref 0 ret -22 [ 600.153797] binder: 6721:6737 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.153865] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.153907] binder: 6721:6737 transaction failed 29189/-3, size 0-8 line 3134 [ 600.155244] binder: BINDER_SET_CONTEXT_MGR already set [ 600.155250] binder: 6735:6741 ioctl 40046207 0 returned -16 [ 600.155705] binder: 6735:6741 BC_FREE_BUFFER u0000000000000000 no match [ 600.155710] binder: 6735:6741 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.155717] binder: 6735:6741 BC_INCREFS_DONE u0000000000000000 no match [ 600.155721] binder: 6735:6741 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.155730] binder: 6735:6741 Release 1 refcount change on invalid ref 0 ret -22 [ 600.155791] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.155828] binder: 6735:6741 transaction failed 29189/-3, size 0-0 line 3134 [ 600.159744] binder_alloc: 6719: binder_alloc_buf, no vma [ 600.159782] binder: 6721:6737 transaction failed 29189/-3, size 0-0 line 3134 [ 600.161586] binder: 6723:6740 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.182602] binder: 6719:6750 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.194780] binder: 6735:6753 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.195165] binder: 6731:6754 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.262725] binder: 6762:6764 BC_FREE_BUFFER u0000000000000000 no match [ 600.262731] binder: 6762:6764 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.262740] binder: 6762:6764 BC_INCREFS_DONE u0000000000000000 node 36454 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.262746] binder: 6762:6764 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.262756] binder: 6762:6764 Release 1 refcount change on invalid ref 0 ret -22 [ 600.262766] binder: 6762:6764 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.262830] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.262867] binder: 6762:6764 transaction failed 29189/-3, size 0-8 line 3134 [ 600.263703] binder: BINDER_SET_CONTEXT_MGR already set [ 600.263710] binder: 6757:6767 ioctl 40046207 0 returned -16 [ 600.263828] binder: 6757:6767 BC_FREE_BUFFER u0000000000000000 no match [ 600.263832] binder: 6757:6767 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.263840] binder: 6757:6767 BC_INCREFS_DONE u0000000000000000 no match [ 600.263844] binder: 6757:6767 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.263854] binder: 6757:6767 Release 1 refcount change on invalid ref 0 ret -22 [ 600.263863] binder: 6757:6767 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.263922] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.263959] binder: 6757:6767 transaction failed 29189/-3, size 0-8 line 3134 [ 600.266352] binder: BINDER_SET_CONTEXT_MGR already set [ 600.266358] binder: 6763:6765 ioctl 40046207 0 returned -16 [ 600.266452] binder: 6763:6765 BC_FREE_BUFFER u0000000000000000 no match [ 600.266457] binder: 6763:6765 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.266464] binder: 6763:6765 BC_INCREFS_DONE u0000000000000000 no match [ 600.266469] binder: 6763:6765 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.266480] binder: 6763:6765 Release 1 refcount change on invalid ref 0 ret -22 [ 600.266488] binder: 6763:6765 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.266602] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.266642] binder: 6763:6765 transaction failed 29189/-3, size 0-0 line 3134 [ 600.267311] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.267349] binder: 6763:6765 transaction failed 29189/-3, size 0-0 line 3134 [ 600.274079] binder: BINDER_SET_CONTEXT_MGR already set [ 600.274086] binder: 6766:6769 ioctl 40046207 0 returned -16 [ 600.274201] binder: 6766:6769 BC_FREE_BUFFER u0000000000000000 no match [ 600.274206] binder: 6766:6769 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.274214] binder: 6766:6769 BC_INCREFS_DONE u0000000000000000 no match [ 600.274219] binder: 6766:6769 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.274229] binder: 6766:6769 Release 1 refcount change on invalid ref 0 ret -22 [ 600.274237] binder: 6766:6769 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.274303] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.274343] binder: 6766:6769 transaction failed 29189/-3, size 0-8 line 3134 [ 600.276078] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.276117] binder: 6766:6769 transaction failed 29189/-3, size 0-0 line 3134 [ 600.280482] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.280515] binder: BINDER_SET_CONTEXT_MGR already set [ 600.280523] binder: 6757:6767 transaction failed 29189/-3, size 0-0 line 3134 [ 600.280528] binder: 6768:6772 ioctl 40046207 0 returned -16 [ 600.280655] binder: 6768:6772 BC_FREE_BUFFER u0000000000000000 no match [ 600.280659] binder: 6768:6772 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.280667] binder: 6768:6772 BC_INCREFS_DONE u0000000000000000 no match [ 600.280671] binder: 6768:6772 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.280679] binder: 6768:6772 Release 1 refcount change on invalid ref 0 ret -22 [ 600.280745] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.280786] binder: 6768:6772 transaction failed 29189/-3, size 0-0 line 3134 [ 600.300310] binder: BINDER_SET_CONTEXT_MGR already set [ 600.300317] binder: 6771:6775 ioctl 40046207 0 returned -16 [ 600.300431] binder: 6771:6775 BC_FREE_BUFFER u0000000000000000 no match [ 600.300436] binder: 6771:6775 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.300443] binder: 6771:6775 BC_INCREFS_DONE u0000000000000000 no match [ 600.300448] binder: 6771:6775 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.300460] binder: 6771:6775 Release 1 refcount change on invalid ref 0 ret -22 [ 600.300470] binder: 6771:6775 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.300540] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.300580] binder: 6771:6775 transaction failed 29189/-3, size 0-8 line 3134 [ 600.304863] binder_alloc: 6762: binder_alloc_buf, no vma [ 600.304941] binder: 6771:6775 transaction failed 29189/-3, size 0-0 line 3134 [ 600.305332] binder: BINDER_SET_CONTEXT_MGR already set [ 600.305338] binder: 6771:6775 ioctl 40046207 0 returned -16 [ 600.305889] binder: 6763:6778 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.311233] binder: 6768:6781 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.339326] binder: 6762:6790 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.396810] binder: 6792:6794 BC_FREE_BUFFER u0000000000000000 no match [ 600.396816] binder: 6792:6794 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.396826] binder: 6792:6794 BC_INCREFS_DONE u0000000000000000 node 36467 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.396833] binder: 6792:6794 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.396844] binder: 6792:6794 Release 1 refcount change on invalid ref 0 ret -22 [ 600.396855] binder: 6792:6794 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.396922] binder_alloc: 6792: binder_alloc_buf, no vma [ 600.396961] binder: 6792:6794 transaction failed 29189/-3, size 0-8 line 3134 [ 600.401287] binder_alloc: 6792: binder_alloc_buf, no vma [ 600.401326] binder: 6792:6794 transaction failed 29189/-3, size 0-0 line 3134 [ 600.411583] binder: BINDER_SET_CONTEXT_MGR already set [ 600.411590] binder: 6795:6797 ioctl 40046207 0 returned -16 [ 600.411680] binder: 6795:6797 BC_FREE_BUFFER u0000000000000000 no match [ 600.411684] binder: 6795:6797 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.411691] binder: 6795:6797 BC_INCREFS_DONE u0000000000000000 no match [ 600.411696] binder: 6795:6797 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.411706] binder: 6795:6797 Release 1 refcount change on invalid ref 0 ret -22 [ 600.411714] binder: 6795:6797 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.411856] binder_alloc: 6792: binder_alloc_buf, no vma [ 600.411936] binder: 6795:6797 transaction failed 29189/-3, size 0-0 line 3134 [ 600.413023] binder_alloc: 6792: binder_alloc_buf, no vma [ 600.413286] binder: 6795:6797 transaction failed 29189/-3, size 0-0 line 3134 [ 600.429098] binder: 6792:6801 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.430027] binder: BINDER_SET_CONTEXT_MGR already set [ 600.430035] binder: 6793:6799 ioctl 40046207 0 returned -16 [ 600.431645] binder: 6793:6799 BC_FREE_BUFFER u0000000000000000 no match [ 600.431650] binder: 6793:6799 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.431658] binder: 6793:6799 BC_INCREFS_DONE u0000000000000000 no match [ 600.431663] binder: 6793:6799 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.431673] binder: 6793:6799 Release 1 refcount change on invalid ref 0 ret -22 [ 600.431682] binder: 6793:6799 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.431872] binder_alloc: 6792: binder_alloc_buf, no vma [ 600.431915] binder: 6793:6799 transaction failed 29189/-3, size 0-8 line 3134 [ 600.434508] binder_alloc: 6792: binder_alloc_buf, no vma [ 600.434601] binder: 6793:6799 transaction failed 29189/-3, size 0-0 line 3134 [ 600.439826] binder: 6795:6805 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.439946] binder: BINDER_SET_CONTEXT_MGR already set [ 600.439952] binder: 6800:6804 ioctl 40046207 0 returned -16 [ 600.440065] binder: 6800:6804 BC_FREE_BUFFER u0000000000000000 no match [ 600.440070] binder: 6800:6804 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.440077] binder: 6800:6804 BC_INCREFS_DONE u0000000000000000 no match [ 600.440081] binder: 6800:6804 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.440089] binder: 6800:6804 Release 1 refcount change on invalid ref 0 ret -22 [ 600.440154] binder_alloc: 6792: binder_alloc_buf, no vma [ 600.440257] binder: 6800:6804 transaction failed 29189/-3, size 0-0 line 3134 [ 600.440862] binder_alloc: 6792: binder_alloc_buf, no vma [ 600.440894] binder: 6800:6804 transaction failed 29189/-3, size 0-0 line 3134 [ 600.447430] binder: 6802:6808 BC_FREE_BUFFER u0000000000000000 no match [ 600.447435] binder: 6802:6808 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.447444] binder: 6802:6808 BC_INCREFS_DONE u0000000000000000 node 36477 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.447449] binder: 6802:6808 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.447457] binder: 6802:6808 Release 1 refcount change on invalid ref 0 ret -22 [ 600.447465] binder: 6802:6808 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.447521] binder_alloc: 6802: binder_alloc_buf, no vma [ 600.447554] binder: 6802:6808 transaction failed 29189/-3, size 0-8 line 3134 [ 600.455952] binder_alloc: 6802: binder_alloc_buf, no vma [ 600.455986] binder: 6802:6808 transaction failed 29189/-3, size 0-0 line 3134 [ 600.483742] binder: 6800:6815 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.492815] binder: BINDER_SET_CONTEXT_MGR already set [ 600.492822] binder: 6813:6819 ioctl 40046207 0 returned -16 [ 600.492938] binder: 6813:6819 BC_FREE_BUFFER u0000000000000000 no match [ 600.492943] binder: 6813:6819 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.492951] binder: 6813:6819 BC_INCREFS_DONE u0000000000000000 no match [ 600.492956] binder: 6813:6819 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.492966] binder: 6813:6819 Release 1 refcount change on invalid ref 0 ret -22 [ 600.492974] binder: 6813:6819 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.493043] binder_alloc: 6802: binder_alloc_buf, no vma [ 600.493084] binder: 6813:6819 transaction failed 29189/-3, size 0-8 line 3134 [ 600.496457] binder: BINDER_SET_CONTEXT_MGR already set [ 600.496463] binder: 6812:6821 ioctl 40046207 0 returned -16 [ 600.496535] binder_alloc: 6802: binder_alloc_buf, no vma [ 600.496576] binder: 6813:6819 transaction failed 29189/-3, size 0-0 line 3134 [ 600.496580] binder: 6812:6821 BC_FREE_BUFFER u0000000000000000 no match [ 600.496585] binder: 6812:6821 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.496593] binder: 6812:6821 BC_INCREFS_DONE u0000000000000000 no match [ 600.496598] binder: 6812:6821 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.496607] binder: 6812:6821 Release 1 refcount change on invalid ref 0 ret -22 [ 600.496616] binder: 6812:6821 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.496691] binder_alloc: 6802: binder_alloc_buf, no vma [ 600.496725] binder: 6812:6821 transaction failed 29189/-3, size 0-8 line 3134 [ 600.508964] binder: 6812:6821 transaction failed 29189/-22, size 0-0 line 3011 [ 600.513996] binder: BINDER_SET_CONTEXT_MGR already set [ 600.514002] binder: 6822:6824 ioctl 40046207 0 returned -16 [ 600.514121] binder: 6822:6824 BC_FREE_BUFFER u0000000000000000 no match [ 600.514126] binder: 6822:6824 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.514133] binder: 6822:6824 BC_INCREFS_DONE u0000000000000000 no match [ 600.514137] binder: 6822:6824 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.514148] binder: 6822:6824 Release 1 refcount change on invalid ref 0 ret -22 [ 600.514158] binder: 6822:6824 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.514223] binder_alloc: 6812: binder_alloc_buf, no vma [ 600.514266] binder: 6822:6824 transaction failed 29189/-3, size 0-8 line 3134 [ 600.571720] binder: 6822:6834 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.580883] binder: 6831:6833 BC_FREE_BUFFER u0000000000000000 no match [ 600.580888] binder: 6831:6833 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.580898] binder: 6831:6833 BC_INCREFS_DONE u0000000000000000 node 36487 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.580905] binder: 6831:6833 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.580914] binder: 6831:6833 Release 1 refcount change on invalid ref 0 ret -22 [ 600.580921] binder: 6831:6833 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.580983] binder_alloc: 6831: binder_alloc_buf, no vma [ 600.581122] binder: 6831:6833 transaction failed 29189/-3, size 0-8 line 3134 [ 600.582471] binder_alloc: 6831: binder_alloc_buf, no vma [ 600.582507] binder: 6831:6833 transaction failed 29189/-3, size 0-0 line 3134 [ 600.608936] binder: BINDER_SET_CONTEXT_MGR already set [ 600.608943] binder: 6838:6840 ioctl 40046207 0 returned -16 [ 600.609042] binder: 6838:6840 BC_FREE_BUFFER u0000000000000000 no match [ 600.609047] binder: 6838:6840 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.609055] binder: 6838:6840 BC_INCREFS_DONE u0000000000000000 no match [ 600.609060] binder: 6838:6840 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.609072] binder: 6838:6840 Release 1 refcount change on invalid ref 0 ret -22 [ 600.609082] binder: 6838:6840 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.609153] binder_alloc: 6831: binder_alloc_buf, no vma [ 600.609158] binder: BINDER_SET_CONTEXT_MGR already set [ 600.609164] binder: 6835:6839 ioctl 40046207 0 returned -16 [ 600.609197] binder: 6838:6840 transaction failed 29189/-3, size 0-0 line 3134 [ 600.609280] binder: 6835:6839 BC_FREE_BUFFER u0000000000000000 no match [ 600.609285] binder: 6835:6839 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.609291] binder: 6835:6839 BC_INCREFS_DONE u0000000000000000 no match [ 600.609296] binder: 6835:6839 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.609304] binder: 6835:6839 Release 1 refcount change on invalid ref 0 ret -22 [ 600.609311] binder: 6835:6839 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.609422] binder_alloc: 6831: binder_alloc_buf, no vma [ 600.609462] binder: 6835:6839 transaction failed 29189/-3, size 0-8 line 3134 [ 600.610497] binder_alloc: 6831: binder_alloc_buf, no vma [ 600.610531] binder: 6838:6840 transaction failed 29189/-3, size 0-0 line 3134 [ 600.610819] binder_alloc: 6831: binder_alloc_buf, no vma [ 600.610853] binder: 6835:6839 transaction failed 29189/-3, size 0-0 line 3134 [ 600.612379] binder: 6831:6842 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.639676] binder: 6838:6850 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.653350] binder: 6845:6848 BC_FREE_BUFFER u0000000000000000 no match [ 600.653356] binder: 6845:6848 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.653367] binder: 6845:6848 BC_INCREFS_DONE u0000000000000000 node 36494 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.653374] binder: 6845:6848 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.653383] binder: 6845:6848 Release 1 refcount change on invalid ref 0 ret -22 [ 600.655782] binder: BINDER_SET_CONTEXT_MGR already set [ 600.655790] binder: 6846:6853 ioctl 40046207 0 returned -16 [ 600.655896] binder_alloc: 6845: binder_alloc_buf, no vma [ 600.655937] binder: 6845:6848 transaction failed 29189/-3, size 0-0 line 3134 [ 600.656093] binder: 6846:6853 BC_FREE_BUFFER u0000000000000000 no match [ 600.656098] binder: 6846:6853 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.656106] binder: 6846:6853 BC_INCREFS_DONE u0000000000000000 no match [ 600.656110] binder: 6846:6853 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.656119] binder: 6846:6853 Release 1 refcount change on invalid ref 0 ret -22 [ 600.656127] binder: 6846:6853 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.656194] binder_alloc: 6845: binder_alloc_buf, no vma [ 600.656232] binder: 6846:6853 transaction failed 29189/-3, size 0-8 line 3134 [ 600.659087] binder_alloc: 6845: binder_alloc_buf, no vma [ 600.659124] binder: 6845:6848 transaction failed 29189/-3, size 0-0 line 3134 [ 600.659413] binder_alloc: 6845: binder_alloc_buf, no vma [ 600.659449] binder: 6846:6853 transaction failed 29189/-3, size 0-0 line 3134 [ 600.660685] binder: BINDER_SET_CONTEXT_MGR already set [ 600.660691] binder: 6846:6853 ioctl 40046207 0 returned -16 [ 600.680896] binder: BINDER_SET_CONTEXT_MGR already set [ 600.680903] binder: 6852:6855 ioctl 40046207 0 returned -16 [ 600.681158] binder: 6852:6855 BC_FREE_BUFFER u0000000000000000 no match [ 600.681163] binder: 6852:6855 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.681170] binder: 6852:6855 BC_INCREFS_DONE u0000000000000000 no match [ 600.681175] binder: 6852:6855 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.681188] binder: 6852:6855 Release 1 refcount change on invalid ref 0 ret -22 [ 600.681232] binder: 6852:6855 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.681340] binder_alloc: 6845: binder_alloc_buf, no vma [ 600.681416] binder: 6852:6855 transaction failed 29189/-3, size 0-8 line 3134 [ 600.682867] binder_alloc: 6845: binder_alloc_buf, no vma [ 600.682904] binder: 6852:6855 transaction failed 29189/-3, size 0-0 line 3134 [ 600.686883] binder: BINDER_SET_CONTEXT_MGR already set [ 600.686890] binder: 6854:6858 ioctl 40046207 0 returned -16 [ 600.686988] binder: 6854:6858 BC_FREE_BUFFER u0000000000000000 no match [ 600.686993] binder: 6854:6858 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.687001] binder: 6854:6858 BC_INCREFS_DONE u0000000000000000 no match [ 600.687006] binder: 6854:6858 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.687017] binder: 6854:6858 Release 1 refcount change on invalid ref 0 ret -22 [ 600.687026] binder: 6854:6858 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.687091] binder_alloc: 6845: binder_alloc_buf, no vma [ 600.687131] binder: 6854:6858 transaction failed 29189/-3, size 0-8 line 3134 [ 600.692707] binder: 6845:6859 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.703373] binder: BINDER_SET_CONTEXT_MGR already set [ 600.703380] binder: 6862:6865 ioctl 40046207 0 returned -16 [ 600.716281] binder: 6862:6865 BC_FREE_BUFFER u0000000000000000 no match [ 600.716287] binder: 6862:6865 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.716297] binder: 6862:6865 BC_INCREFS_DONE u0000000000000000 no match [ 600.716302] binder: 6862:6865 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.716314] binder: 6862:6865 Release 1 refcount change on invalid ref 0 ret -22 [ 600.716323] binder: 6862:6865 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.716333] binder: 6862:6865 transaction failed 29189/-22, size 0-0 line 3011 [ 600.716961] binder: 6862:6865 transaction failed 29189/-22, size 0-0 line 3011 [ 600.725534] binder: 6866:6870 BC_FREE_BUFFER u0000000000000000 no match [ 600.725539] binder: 6866:6870 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.725551] binder: 6866:6870 BC_INCREFS_DONE u0000000000000000 node 36505 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.725557] binder: 6866:6870 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.725567] binder: 6866:6870 Release 1 refcount change on invalid ref 0 ret -22 [ 600.725576] binder: 6866:6870 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.725645] binder_alloc: 6866: binder_alloc_buf, no vma [ 600.725686] binder: 6866:6870 transaction failed 29189/-3, size 0-8 line 3134 [ 600.727647] binder_alloc: 6866: binder_alloc_buf, no vma [ 600.727687] binder: 6866:6870 transaction failed 29189/-3, size 0-0 line 3134 [ 600.750847] binder: 6862:6874 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.761940] binder: 6854:6875 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.819479] binder: 6882:6887 BC_FREE_BUFFER u0000000000000000 no match [ 600.819484] binder: 6882:6887 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.819495] binder: 6882:6887 BC_INCREFS_DONE u0000000000000000 node 36509 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.819503] binder: 6882:6887 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.819514] binder: 6882:6887 Release 1 refcount change on invalid ref 0 ret -22 [ 600.819525] binder: 6882:6887 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.819589] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.819637] binder: 6882:6887 transaction failed 29189/-3, size 0-8 line 3134 [ 600.820860] binder: BINDER_SET_CONTEXT_MGR already set [ 600.820867] binder: 6880:6881 ioctl 40046207 0 returned -16 [ 600.820956] binder: 6880:6881 BC_FREE_BUFFER u0000000000000000 no match [ 600.820960] binder: 6880:6881 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.820967] binder: 6880:6881 BC_INCREFS_DONE u0000000000000000 no match [ 600.820971] binder: 6880:6881 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.820979] binder: 6880:6881 Release 1 refcount change on invalid ref 0 ret -22 [ 600.820986] binder: 6880:6881 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.821049] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.821087] binder: 6880:6881 transaction failed 29189/-3, size 0-8 line 3134 [ 600.824045] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.824083] binder: 6880:6881 transaction failed 29189/-3, size 0-0 line 3134 [ 600.829388] binder: BINDER_SET_CONTEXT_MGR already set [ 600.829395] binder: 6886:6891 ioctl 40046207 0 returned -16 [ 600.829508] binder: 6886:6891 BC_FREE_BUFFER u0000000000000000 no match [ 600.829512] binder: 6886:6891 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.829519] binder: 6886:6891 BC_INCREFS_DONE u0000000000000000 no match [ 600.829523] binder: 6886:6891 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.829534] binder: 6886:6891 Release 1 refcount change on invalid ref 0 ret -22 [ 600.829542] binder: 6886:6891 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.829605] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.829643] binder: 6886:6891 transaction failed 29189/-3, size 0-8 line 3134 [ 600.831904] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.831948] binder: 6886:6891 transaction failed 29189/-3, size 0-0 line 3134 [ 600.833073] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.833114] binder: 6882:6887 transaction failed 29189/-3, size 0-0 line 3134 [ 600.834876] binder: BINDER_SET_CONTEXT_MGR already set [ 600.834883] binder: 6885:6893 ioctl 40046207 0 returned -16 [ 600.834997] binder: 6885:6893 BC_FREE_BUFFER u0000000000000000 no match [ 600.835001] binder: 6885:6893 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.835010] binder: 6885:6893 BC_INCREFS_DONE u0000000000000000 no match [ 600.835014] binder: 6885:6893 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.835025] binder: 6885:6893 Release 1 refcount change on invalid ref 0 ret -22 [ 600.835034] binder: 6885:6893 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.835095] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.835142] binder: 6885:6893 transaction failed 29189/-3, size 0-0 line 3134 [ 600.837408] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.837639] binder: 6885:6893 transaction failed 29189/-3, size 0-0 line 3134 [ 600.839183] binder: BINDER_SET_CONTEXT_MGR already set [ 600.839189] binder: 6883:6894 ioctl 40046207 0 returned -16 [ 600.839241] binder: BINDER_SET_CONTEXT_MGR already set [ 600.839247] binder: 6884:6890 ioctl 40046207 0 returned -16 [ 600.839287] binder: 6883:6894 BC_FREE_BUFFER u0000000000000000 no match [ 600.839292] binder: 6883:6894 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.839300] binder: 6883:6894 BC_INCREFS_DONE u0000000000000000 no match [ 600.839305] binder: 6883:6894 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.839314] binder: 6883:6894 Release 1 refcount change on invalid ref 0 ret -22 [ 600.839339] binder: 6884:6890 BC_FREE_BUFFER u0000000000000000 no match [ 600.839343] binder: 6884:6890 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.839350] binder: 6884:6890 BC_INCREFS_DONE u0000000000000000 no match [ 600.839355] binder: 6884:6890 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.839364] binder: 6884:6890 Release 1 refcount change on invalid ref 0 ret -22 [ 600.839373] binder: 6884:6890 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.839380] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.839420] binder: 6883:6894 transaction failed 29189/-3, size 0-0 line 3134 [ 600.839436] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.839472] binder: 6884:6890 transaction failed 29189/-3, size 0-8 line 3134 [ 600.840736] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.840774] binder: 6884:6890 transaction failed 29189/-3, size 0-0 line 3134 [ 600.841309] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.841436] binder: 6883:6894 transaction failed 29189/-3, size 0-0 line 3134 [ 600.841438] binder: BINDER_SET_CONTEXT_MGR already set [ 600.841444] binder: 6884:6890 ioctl 40046207 0 returned -16 [ 600.841796] binder: BINDER_SET_CONTEXT_MGR already set [ 600.841802] binder: 6888:6892 ioctl 40046207 0 returned -16 [ 600.841893] binder: 6888:6892 BC_FREE_BUFFER u0000000000000000 no match [ 600.841898] binder: 6888:6892 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.841906] binder: 6888:6892 BC_INCREFS_DONE u0000000000000000 no match [ 600.841910] binder: 6888:6892 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.841922] binder: 6888:6892 Release 1 refcount change on invalid ref 0 ret -22 [ 600.841928] binder: 6888:6892 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.841994] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.842035] binder: 6888:6892 transaction failed 29189/-3, size 0-8 line 3134 [ 600.853588] binder: BINDER_SET_CONTEXT_MGR already set [ 600.853595] binder: 6889:6898 ioctl 40046207 0 returned -16 [ 600.854088] binder: 6889:6898 BC_FREE_BUFFER u0000000000000000 no match [ 600.854094] binder: 6889:6898 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.854102] binder: 6889:6898 BC_INCREFS_DONE u0000000000000000 no match [ 600.854106] binder: 6889:6898 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.854166] binder: 6889:6898 Release 1 refcount change on invalid ref 0 ret -22 [ 600.854176] binder: 6889:6898 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.854522] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.854791] binder: 6889:6898 transaction failed 29189/-3, size 0-8 line 3134 [ 600.866629] binder: 6882:6903 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.868407] binder: 6883:6909 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.869957] binder_alloc: 6882: binder_alloc_buf, no vma [ 600.869993] binder: 6889:6898 transaction failed 29189/-3, size 0-0 line 3134 [ 600.870914] binder: 6885:6907 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.922991] binder: 6888:6918 Acquire 1 refcount change on invalid ref 0 ret -22 [ 600.967170] binder: 6921:6928 BC_FREE_BUFFER u0000000000000000 no match [ 600.967176] binder: 6921:6928 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.967187] binder: 6921:6928 BC_INCREFS_DONE u0000000000000000 node 36527 cookie mismatch 0000000000000001 != 0000000000000000 [ 600.967194] binder: 6921:6928 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.967203] binder: 6921:6928 Release 1 refcount change on invalid ref 0 ret -22 [ 600.967212] binder: 6921:6928 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.967277] binder_alloc: 6921: binder_alloc_buf, no vma [ 600.967314] binder: 6921:6928 transaction failed 29189/-3, size 0-8 line 3134 [ 600.968551] binder_alloc: 6921: binder_alloc_buf, no vma [ 600.968587] binder: 6921:6928 transaction failed 29189/-3, size 0-0 line 3134 [ 600.971491] binder: BINDER_SET_CONTEXT_MGR already set [ 600.971498] binder: 6925:6927 ioctl 40046207 0 returned -16 [ 600.973055] binder: 6925:6927 BC_FREE_BUFFER u0000000000000000 no match [ 600.973060] binder: 6925:6927 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.973068] binder: 6925:6927 BC_INCREFS_DONE u0000000000000000 no match [ 600.973073] binder: 6925:6927 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.973083] binder: 6925:6927 Release 1 refcount change on invalid ref 0 ret -22 [ 600.973126] binder: BINDER_SET_CONTEXT_MGR already set [ 600.973132] binder: 6924:6926 ioctl 40046207 0 returned -16 [ 600.973162] binder_alloc: 6921: binder_alloc_buf, no vma [ 600.973207] binder: 6925:6927 transaction failed 29189/-3, size 0-0 line 3134 [ 600.973316] binder: 6924:6926 BC_FREE_BUFFER u0000000000000000 no match [ 600.973321] binder: 6924:6926 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.973328] binder: 6924:6926 BC_INCREFS_DONE u0000000000000000 no match [ 600.973332] binder: 6924:6926 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.973340] binder: 6924:6926 Release 1 refcount change on invalid ref 0 ret -22 [ 600.973349] binder: 6924:6926 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.973414] binder_alloc: 6921: binder_alloc_buf, no vma [ 600.973452] binder: 6924:6926 transaction failed 29189/-3, size 0-8 line 3134 [ 600.975404] binder_alloc: 6921: binder_alloc_buf, no vma [ 600.975439] binder: 6925:6927 transaction failed 29189/-3, size 0-0 line 3134 [ 600.976450] binder_alloc: 6921: binder_alloc_buf, no vma [ 600.976489] binder: 6924:6926 transaction failed 29189/-3, size 0-0 line 3134 [ 600.991604] binder: BINDER_SET_CONTEXT_MGR already set [ 600.991612] binder: 6930:6933 ioctl 40046207 0 returned -16 [ 600.991716] binder: 6930:6933 BC_FREE_BUFFER u0000000000000000 no match [ 600.991721] binder: 6930:6933 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.991728] binder: 6930:6933 BC_INCREFS_DONE u0000000000000000 no match [ 600.991733] binder: 6930:6933 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 600.991744] binder: 6930:6933 Release 1 refcount change on invalid ref 0 ret -22 [ 600.991753] binder: 6930:6933 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 600.991820] binder_alloc: 6921: binder_alloc_buf, no vma [ 600.991862] binder: 6930:6933 transaction failed 29189/-3, size 0-8 line 3134 [ 601.004778] binder_alloc: 6921: binder_alloc_buf, no vma [ 601.004816] binder: 6930:6933 transaction failed 29189/-3, size 0-0 line 3134 [ 601.005170] binder: BINDER_SET_CONTEXT_MGR already set [ 601.005176] binder: 6930:6933 ioctl 40046207 0 returned -16 [ 601.011962] binder: 6925:6938 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.016819] binder: undelivered TRANSACTION_ERROR: 29189 [ 601.042413] binder: 6943:6944 BC_FREE_BUFFER u0000000000000000 no match [ 601.042418] binder: 6943:6944 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.042422] binder: BINDER_SET_CONTEXT_MGR already set [ 601.042429] binder: 6943:6944 BC_INCREFS_DONE u0000000000000000 node 36538 cookie mismatch 0000000000000001 != 0000000000000000 [ 601.042435] binder: 6937:6942 ioctl 40046207 0 returned -16 [ 601.042442] binder: 6943:6944 Release 1 refcount change on invalid ref 0 ret -22 [ 601.042452] binder: 6943:6944 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.042558] binder: 6937:6942 BC_FREE_BUFFER u0000000000000000 no match [ 601.042562] binder: 6937:6942 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.042569] binder: 6937:6942 BC_INCREFS_DONE u0000000000000000 no match [ 601.042574] binder: 6937:6942 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.042584] binder: 6937:6942 Release 1 refcount change on invalid ref 0 ret -22 [ 601.042593] binder: 6937:6942 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.042661] binder_alloc: 6943: binder_alloc_buf, no vma [ 601.042699] binder: 6937:6942 transaction failed 29189/-3, size 0-8 line 3134 [ 601.044112] binder_alloc: 6943: binder_alloc_buf, no vma [ 601.044157] binder: 6937:6942 transaction failed 29189/-3, size 0-0 line 3134 [ 601.044511] binder_alloc: 6943: binder_alloc_buf, no vma [ 601.044552] binder: 6943:6944 transaction failed 29189/-3, size 0-0 line 3134 [ 601.048184] binder_alloc: 6943: binder_alloc_buf, no vma [ 601.048222] binder: 6943:6944 transaction failed 29189/-3, size 0-0 line 3134 [ 601.055323] binder: BINDER_SET_CONTEXT_MGR already set [ 601.055330] binder: 6946:6950 ioctl 40046207 0 returned -16 [ 601.055421] binder: 6946:6950 BC_FREE_BUFFER u0000000000000000 no match [ 601.055426] binder: 6946:6950 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.055433] binder: 6946:6950 BC_INCREFS_DONE u0000000000000000 no match [ 601.055438] binder: 6946:6950 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.055449] binder: 6946:6950 Release 1 refcount change on invalid ref 0 ret -22 [ 601.055457] binder: 6946:6950 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.055520] binder_alloc: 6943: binder_alloc_buf, no vma [ 601.055558] binder: 6946:6950 transaction failed 29189/-3, size 0-8 line 3134 [ 601.069294] binder: 6937:6953 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.077061] binder: 6943:6954 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.077198] binder: BINDER_SET_CONTEXT_MGR already set [ 601.077204] binder: 6948:6952 ioctl 40046207 0 returned -16 [ 601.077290] binder: 6948:6952 BC_FREE_BUFFER u0000000000000000 no match [ 601.077295] binder: 6948:6952 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.077302] binder: 6948:6952 BC_INCREFS_DONE u0000000000000000 no match [ 601.077306] binder: 6948:6952 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.077314] binder: 6948:6952 Release 1 refcount change on invalid ref 0 ret -22 [ 601.077321] binder: 6948:6952 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.077450] binder_alloc: 6943: binder_alloc_buf, no vma [ 601.077487] binder: 6948:6952 transaction failed 29189/-3, size 0-8 line 3134 [ 601.079537] binder_alloc: 6943: binder_alloc_buf, no vma [ 601.079571] binder: 6948:6952 transaction failed 29189/-3, size 0-0 line 3134 [ 601.136357] binder: 6946:6957 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.192283] binder: BINDER_SET_CONTEXT_MGR already set [ 601.192291] binder: 6967:6971 ioctl 40046207 0 returned -16 [ 601.192371] binder: 6966:6973 BC_FREE_BUFFER u0000000000000000 no match [ 601.192474] binder: 6966:6973 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.192487] binder: 6966:6973 BC_INCREFS_DONE u0000000000000000 node 36547 cookie mismatch 0000000000000001 != 0000000000000000 [ 601.192494] binder: 6966:6973 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.192506] binder: 6966:6973 Release 1 refcount change on invalid ref 0 ret -22 [ 601.192515] binder: 6966:6973 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.192584] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.192630] binder: 6966:6973 transaction failed 29189/-3, size 0-8 line 3134 [ 601.192809] binder: BINDER_SET_CONTEXT_MGR already set [ 601.192815] binder: 6964:6968 ioctl 40046207 0 returned -16 [ 601.192916] binder: 6964:6968 BC_FREE_BUFFER u0000000000000000 no match [ 601.192921] binder: 6964:6968 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.192929] binder: 6964:6968 BC_INCREFS_DONE u0000000000000000 no match [ 601.192934] binder: 6964:6968 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.192944] binder: 6964:6968 Release 1 refcount change on invalid ref 0 ret -22 [ 601.192953] binder: 6964:6968 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.193009] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.193045] binder: 6964:6968 transaction failed 29189/-3, size 0-8 line 3134 [ 601.194546] binder: 6967:6971 BC_FREE_BUFFER u0000000000000000 no match [ 601.194555] binder: 6967:6971 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.194570] binder: 6967:6971 BC_INCREFS_DONE u0000000000000000 no match [ 601.194687] binder: 6967:6971 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.194697] binder: 6967:6971 Release 1 refcount change on invalid ref 0 ret -22 [ 601.194764] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.194805] binder: 6967:6971 transaction failed 29189/-3, size 0-0 line 3134 [ 601.197151] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.197186] binder: 6966:6973 transaction failed 29189/-3, size 0-0 line 3134 [ 601.197301] binder: BINDER_SET_CONTEXT_MGR already set [ 601.197308] binder: 6965:6975 ioctl 40046207 0 returned -16 [ 601.197819] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.197854] binder: 6967:6971 transaction failed 29189/-3, size 0-0 line 3134 [ 601.197978] binder: 6965:6975 BC_FREE_BUFFER u0000000000000000 no match [ 601.197982] binder: 6965:6975 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.197990] binder: 6965:6975 BC_INCREFS_DONE u0000000000000000 no match [ 601.197994] binder: 6965:6975 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.198003] binder: 6965:6975 Release 1 refcount change on invalid ref 0 ret -22 [ 601.198011] binder: 6965:6975 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.198308] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.198342] binder: 6964:6968 transaction failed 29189/-3, size 0-0 line 3134 [ 601.198969] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.199013] binder: 6965:6975 transaction failed 29189/-3, size 0-0 line 3134 [ 601.201233] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.201268] binder: 6965:6975 transaction failed 29189/-3, size 0-0 line 3134 [ 601.202357] binder: BINDER_SET_CONTEXT_MGR already set [ 601.202363] binder: 6965:6975 ioctl 40046207 0 returned -16 [ 601.204508] binder: BINDER_SET_CONTEXT_MGR already set [ 601.204514] binder: 6970:6976 ioctl 40046207 0 returned -16 [ 601.204616] binder: 6970:6976 BC_FREE_BUFFER u0000000000000000 no match [ 601.204621] binder: 6970:6976 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.204628] binder: 6970:6976 BC_INCREFS_DONE u0000000000000000 no match [ 601.204635] binder: 6970:6976 Release 1 refcount change on invalid ref 0 ret -22 [ 601.204642] binder: 6970:6976 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.204709] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.204751] binder: 6970:6976 transaction failed 29189/-3, size 0-0 line 3134 [ 601.206813] binder: BINDER_SET_CONTEXT_MGR already set [ 601.206820] binder: 6974:6979 ioctl 40046207 0 returned -16 [ 601.206867] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.206906] binder: 6970:6976 transaction failed 29189/-3, size 0-0 line 3134 [ 601.206916] binder: 6974:6979 BC_FREE_BUFFER u0000000000000000 no match [ 601.207016] binder: 6974:6979 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.207024] binder: 6974:6979 BC_INCREFS_DONE u0000000000000000 no match [ 601.207029] binder: 6974:6979 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.207038] binder: 6974:6979 Release 1 refcount change on invalid ref 0 ret -22 [ 601.207046] binder: 6974:6979 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.207108] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.207145] binder: 6974:6979 transaction failed 29189/-3, size 0-8 line 3134 [ 601.209757] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.210562] binder: 6974:6979 transaction failed 29189/-3, size 0-0 line 3134 [ 601.211071] binder: BINDER_SET_CONTEXT_MGR already set [ 601.211079] binder: 6969:6977 ioctl 40046207 0 returned -16 [ 601.212505] binder: 6969:6977 BC_FREE_BUFFER u0000000000000000 no match [ 601.212510] binder: 6969:6977 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.212518] binder: 6969:6977 BC_INCREFS_DONE u0000000000000000 no match [ 601.212523] binder: 6969:6977 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.212531] binder: 6969:6977 Release 1 refcount change on invalid ref 0 ret -22 [ 601.212540] binder: 6969:6977 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.212607] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.212647] binder: 6969:6977 transaction failed 29189/-3, size 0-8 line 3134 [ 601.213575] binder: BINDER_SET_CONTEXT_MGR already set [ 601.213581] binder: 6972:6980 ioctl 40046207 0 returned -16 [ 601.213672] binder: 6972:6980 BC_FREE_BUFFER u0000000000000000 no match [ 601.213677] binder: 6972:6980 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.213683] binder: 6972:6980 BC_INCREFS_DONE u0000000000000000 no match [ 601.213688] binder: 6972:6980 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.213698] binder: 6972:6980 Release 1 refcount change on invalid ref 0 ret -22 [ 601.213706] binder: 6972:6980 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.213768] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.213808] binder: 6972:6980 transaction failed 29189/-3, size 0-8 line 3134 [ 601.217818] binder_alloc: 6966: binder_alloc_buf, no vma [ 601.217856] binder: 6972:6980 transaction failed 29189/-3, size 0-0 line 3134 [ 601.230857] binder: 6967:6987 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.237800] binder: 6970:6992 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.274998] binder: undelivered TRANSACTION_ERROR: 29189 [ 601.283555] binder: 6972:6998 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.299505] binder: 6969:7002 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.332179] binder: 7007:7008 BC_FREE_BUFFER u0000000000000000 no match [ 601.332185] binder: 7007:7008 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.332196] binder: 7007:7008 BC_INCREFS_DONE u0000000000000000 node 36566 cookie mismatch 0000000000000001 != 0000000000000000 [ 601.332202] binder: 7007:7008 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.332212] binder: 7007:7008 Release 1 refcount change on invalid ref 0 ret -22 [ 601.332278] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.332315] binder: 7007:7008 transaction failed 29189/-3, size 0-0 line 3134 [ 601.333724] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.333762] binder: 7007:7008 transaction failed 29189/-3, size 0-0 line 3134 [ 601.339881] binder: BINDER_SET_CONTEXT_MGR already set [ 601.339888] binder: 7006:7011 ioctl 40046207 0 returned -16 [ 601.340004] binder: 7006:7011 BC_FREE_BUFFER u0000000000000000 no match [ 601.340009] binder: 7006:7011 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.340016] binder: 7006:7011 BC_INCREFS_DONE u0000000000000000 no match [ 601.340020] binder: 7006:7011 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.340030] binder: 7006:7011 Release 1 refcount change on invalid ref 0 ret -22 [ 601.340039] binder: 7006:7011 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.340112] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.340152] binder: 7006:7011 transaction failed 29189/-3, size 0-8 line 3134 [ 601.341319] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.341352] binder: 7006:7011 transaction failed 29189/-3, size 0-0 line 3134 [ 601.349119] binder: BINDER_SET_CONTEXT_MGR already set [ 601.349127] binder: 7010:7012 ioctl 40046207 0 returned -16 [ 601.350270] binder: 7010:7012 BC_FREE_BUFFER u0000000000000000 no match [ 601.350275] binder: 7010:7012 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.350282] binder: 7010:7012 BC_INCREFS_DONE u0000000000000000 no match [ 601.350291] binder: 7010:7012 Release 1 refcount change on invalid ref 0 ret -22 [ 601.350300] binder: 7010:7012 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.350367] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.350408] binder: 7010:7012 transaction failed 29189/-3, size 0-0 line 3134 [ 601.352525] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.352561] binder: 7010:7012 transaction failed 29189/-3, size 0-0 line 3134 [ 601.360639] binder: 7007:7018 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.367846] binder: BINDER_SET_CONTEXT_MGR already set [ 601.367852] binder: 7015:7020 ioctl 40046207 0 returned -16 [ 601.367971] binder: 7015:7020 BC_FREE_BUFFER u0000000000000000 no match [ 601.367976] binder: 7015:7020 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.367983] binder: 7015:7020 BC_INCREFS_DONE u0000000000000000 no match [ 601.367988] binder: 7015:7020 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.367995] binder: 7015:7020 Release 1 refcount change on invalid ref 0 ret -22 [ 601.368003] binder: 7015:7020 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.368067] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.368112] binder: 7015:7020 transaction failed 29189/-3, size 0-0 line 3134 [ 601.371617] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.371654] binder: 7015:7020 transaction failed 29189/-3, size 0-0 line 3134 [ 601.372225] binder: BINDER_SET_CONTEXT_MGR already set [ 601.372231] binder: 7015:7020 ioctl 40046207 0 returned -16 [ 601.374564] binder: BINDER_SET_CONTEXT_MGR already set [ 601.374571] binder: 7017:7021 ioctl 40046207 0 returned -16 [ 601.374672] binder: 7017:7021 BC_FREE_BUFFER u0000000000000000 no match [ 601.374677] binder: 7017:7021 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.374685] binder: 7017:7021 BC_INCREFS_DONE u0000000000000000 no match [ 601.374689] binder: 7017:7021 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.374698] binder: 7017:7021 Release 1 refcount change on invalid ref 0 ret -22 [ 601.374706] binder: 7017:7021 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.374771] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.374812] binder: 7017:7021 transaction failed 29189/-3, size 0-8 line 3134 [ 601.378278] binder_alloc: 7007: binder_alloc_buf, no vma [ 601.378316] binder: 7017:7021 transaction failed 29189/-3, size 0-0 line 3134 [ 601.383626] binder: 7010:7025 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.403840] binder: undelivered TRANSACTION_ERROR: 29189 [ 601.429440] binder: 7030:7034 BC_FREE_BUFFER u0000000000000000 no match [ 601.429445] binder: 7030:7034 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.429456] binder: 7030:7034 BC_INCREFS_DONE u0000000000000000 node 36579 cookie mismatch 0000000000000001 != 0000000000000000 [ 601.429462] binder: 7030:7034 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.429473] binder: 7030:7034 Release 1 refcount change on invalid ref 0 ret -22 [ 601.429483] binder: 7030:7034 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.429548] binder_alloc: 7030: binder_alloc_buf, no vma [ 601.429587] binder: 7030:7034 transaction failed 29189/-3, size 0-8 line 3134 [ 601.432057] binder_alloc: 7030: binder_alloc_buf, no vma [ 601.432096] binder: 7030:7034 transaction failed 29189/-3, size 0-0 line 3134 [ 601.476327] binder: BINDER_SET_CONTEXT_MGR already set [ 601.476335] binder: 7037:7039 ioctl 40046207 0 returned -16 [ 601.476442] binder: 7037:7039 BC_FREE_BUFFER u0000000000000000 no match [ 601.476447] binder: 7037:7039 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.476456] binder: 7037:7039 BC_INCREFS_DONE u0000000000000000 no match [ 601.476460] binder: 7037:7039 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.476471] binder: 7037:7039 Release 1 refcount change on invalid ref 0 ret -22 [ 601.476480] binder: 7037:7039 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.476549] binder_alloc: 7030: binder_alloc_buf, no vma [ 601.476591] binder: 7037:7039 transaction failed 29189/-3, size 0-8 line 3134 [ 601.489554] binder_alloc: 7030: binder_alloc_buf, no vma [ 601.489595] binder: 7037:7039 transaction failed 29189/-3, size 0-0 line 3134 [ 601.528064] binder: 7037:7043 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.619672] binder: 7044:7045 BC_FREE_BUFFER u0000000000000000 no match [ 601.619678] binder: 7044:7045 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.619688] binder: 7044:7045 BC_INCREFS_DONE u0000000000000000 node 36585 cookie mismatch 0000000000000001 != 0000000000000000 [ 601.619695] binder: 7044:7045 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.619705] binder: 7044:7045 Release 1 refcount change on invalid ref 0 ret -22 [ 601.619716] binder: 7044:7045 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.619781] binder_alloc: 7044: binder_alloc_buf, no vma [ 601.619819] binder: 7044:7045 transaction failed 29189/-3, size 0-8 line 3134 [ 601.688040] binder: 7044:7048 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.763960] binder: 7056:7058 BC_FREE_BUFFER u0000000000000000 no match [ 601.763966] binder: 7056:7058 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.763977] binder: 7056:7058 BC_INCREFS_DONE u0000000000000000 node 36587 cookie mismatch 0000000000000001 != 0000000000000000 [ 601.763985] binder: 7056:7058 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.763995] binder: 7056:7058 Release 1 refcount change on invalid ref 0 ret -22 [ 601.764005] binder: 7056:7058 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.764073] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.764113] binder: 7056:7058 transaction failed 29189/-3, size 0-0 line 3134 [ 601.768655] binder: BINDER_SET_CONTEXT_MGR already set [ 601.768661] binder: 7051:7059 ioctl 40046207 0 returned -16 [ 601.768999] binder: 7051:7059 BC_FREE_BUFFER u0000000000000000 no match [ 601.769004] binder: 7051:7059 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.769011] binder: 7051:7059 BC_INCREFS_DONE u0000000000000000 no match [ 601.769015] binder: 7051:7059 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.769024] binder: 7051:7059 Release 1 refcount change on invalid ref 0 ret -22 [ 601.769096] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.769138] binder: 7051:7059 transaction failed 29189/-3, size 0-0 line 3134 [ 601.769660] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.769694] binder: 7051:7059 transaction failed 29189/-3, size 0-0 line 3134 [ 601.772002] binder: BINDER_SET_CONTEXT_MGR already set [ 601.772009] binder: 7054:7061 ioctl 40046207 0 returned -16 [ 601.772113] binder: 7054:7061 BC_FREE_BUFFER u0000000000000000 no match [ 601.772118] binder: 7054:7061 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.772124] binder: 7054:7061 BC_INCREFS_DONE u0000000000000000 no match [ 601.772128] binder: 7054:7061 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.772138] binder: 7054:7061 Release 1 refcount change on invalid ref 0 ret -22 [ 601.772148] binder: 7054:7061 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.772217] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.772260] binder: 7054:7061 transaction failed 29189/-3, size 0-8 line 3134 [ 601.772590] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.772629] binder: 7056:7058 transaction failed 29189/-3, size 0-0 line 3134 [ 601.773012] binder: BINDER_SET_CONTEXT_MGR already set [ 601.773018] binder: 7055:7062 ioctl 40046207 0 returned -16 [ 601.773315] binder: 7055:7062 BC_FREE_BUFFER u0000000000000000 no match [ 601.773319] binder: 7055:7062 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.773327] binder: 7055:7062 BC_INCREFS_DONE u0000000000000000 no match [ 601.773331] binder: 7055:7062 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.773345] binder: 7055:7062 Release 1 refcount change on invalid ref 0 ret -22 [ 601.773447] binder: 7055:7062 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.773556] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.773599] binder: 7055:7062 transaction failed 29189/-3, size 0-8 line 3134 [ 601.773839] binder: BINDER_SET_CONTEXT_MGR already set [ 601.773845] binder: 7057:7063 ioctl 40046207 0 returned -16 [ 601.774005] binder: BINDER_SET_CONTEXT_MGR already set [ 601.774010] binder: 7056:7058 ioctl 40046207 0 returned -16 [ 601.774094] binder: 7057:7063 BC_FREE_BUFFER u0000000000000000 no match [ 601.774099] binder: 7057:7063 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.774106] binder: 7057:7063 BC_INCREFS_DONE u0000000000000000 no match [ 601.774111] binder: 7057:7063 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.774121] binder: 7057:7063 Release 1 refcount change on invalid ref 0 ret -22 [ 601.774130] binder: 7057:7063 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.774194] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.774233] binder: 7057:7063 transaction failed 29189/-3, size 0-8 line 3134 [ 601.776519] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.776555] binder: 7055:7062 transaction failed 29189/-3, size 0-0 line 3134 [ 601.776718] binder: BINDER_SET_CONTEXT_MGR already set [ 601.776724] binder: 7053:7060 ioctl 40046207 0 returned -16 [ 601.776852] binder: 7053:7060 BC_FREE_BUFFER u0000000000000000 no match [ 601.776857] binder: 7053:7060 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.776864] binder: 7053:7060 BC_INCREFS_DONE u0000000000000000 no match [ 601.776868] binder: 7053:7060 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.776879] binder: 7053:7060 Release 1 refcount change on invalid ref 0 ret -22 [ 601.776888] binder: 7053:7060 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.776947] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.776981] binder: 7053:7060 transaction failed 29189/-3, size 0-8 line 3134 [ 601.778558] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.778601] binder: 7057:7063 transaction failed 29189/-3, size 0-0 line 3134 [ 601.779925] binder: BINDER_SET_CONTEXT_MGR already set [ 601.779932] binder: 7052:7065 ioctl 40046207 0 returned -16 [ 601.780684] binder: 7052:7065 BC_FREE_BUFFER u0000000000000000 no match [ 601.780689] binder: 7052:7065 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.780696] binder: 7052:7065 BC_INCREFS_DONE u0000000000000000 no match [ 601.780701] binder: 7052:7065 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.780710] binder: 7052:7065 Release 1 refcount change on invalid ref 0 ret -22 [ 601.780719] binder: 7052:7065 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.780786] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.780826] binder: 7052:7065 transaction failed 29189/-3, size 0-8 line 3134 [ 601.781832] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.781867] binder: 7053:7060 transaction failed 29189/-3, size 0-0 line 3134 [ 601.783952] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.783990] binder: 7052:7065 transaction failed 29189/-3, size 0-0 line 3134 [ 601.803154] binder: BINDER_SET_CONTEXT_MGR already set [ 601.803162] binder: 7050:7064 ioctl 40046207 0 returned -16 [ 601.803270] binder: 7050:7064 BC_FREE_BUFFER u0000000000000000 no match [ 601.803275] binder: 7050:7064 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.803284] binder: 7050:7064 BC_INCREFS_DONE u0000000000000000 no match [ 601.803289] binder: 7050:7064 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.803301] binder: 7050:7064 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.803504] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.803545] binder: 7050:7064 transaction failed 29189/-3, size 0-0 line 3134 [ 601.804187] binder_alloc: 7056: binder_alloc_buf, no vma [ 601.804223] binder: 7050:7064 transaction failed 29189/-3, size 0-0 line 3134 [ 601.809629] binder: 7051:7071 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.826925] binder: 7057:7075 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.835154] binder: 7050:7085 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.893971] binder: 7054:7090 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.934617] binder: 7098:7101 BC_FREE_BUFFER u0000000000000000 no match [ 601.934623] binder: 7098:7101 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.934633] binder: 7098:7101 BC_INCREFS_DONE u0000000000000000 node 36606 cookie mismatch 0000000000000001 != 0000000000000000 [ 601.934639] binder: 7098:7101 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.934649] binder: 7098:7101 Release 1 refcount change on invalid ref 0 ret -22 [ 601.934658] binder: 7098:7101 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.934722] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.934761] binder: 7098:7101 transaction failed 29189/-3, size 0-8 line 3134 [ 601.936607] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.936642] binder: 7098:7101 transaction failed 29189/-3, size 0-0 line 3134 [ 601.940610] binder: BINDER_SET_CONTEXT_MGR already set [ 601.940617] binder: 7098:7101 ioctl 40046207 0 returned -16 [ 601.941351] binder: BINDER_SET_CONTEXT_MGR already set [ 601.941358] binder: 7096:7102 ioctl 40046207 0 returned -16 [ 601.941822] binder: 7096:7102 BC_FREE_BUFFER u0000000000000000 no match [ 601.941827] binder: 7096:7102 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.941835] binder: 7096:7102 BC_INCREFS_DONE u0000000000000000 no match [ 601.941839] binder: 7096:7102 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.941849] binder: 7096:7102 Release 1 refcount change on invalid ref 0 ret -22 [ 601.941857] binder: 7096:7102 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.941966] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.942049] binder: 7096:7102 transaction failed 29189/-3, size 0-8 line 3134 [ 601.942722] binder: BINDER_SET_CONTEXT_MGR already set [ 601.942729] binder: 7094:7100 ioctl 40046207 0 returned -16 [ 601.946629] binder: 7094:7100 BC_FREE_BUFFER u0000000000000000 no match [ 601.946634] binder: 7094:7100 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.946642] binder: 7094:7100 BC_INCREFS_DONE u0000000000000000 no match [ 601.946647] binder: 7094:7100 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.946656] binder: 7094:7100 Release 1 refcount change on invalid ref 0 ret -22 [ 601.946722] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.946762] binder: 7094:7100 transaction failed 29189/-3, size 0-0 line 3134 [ 601.947405] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.947444] binder: 7096:7102 transaction failed 29189/-3, size 0-0 line 3134 [ 601.949038] binder: BINDER_SET_CONTEXT_MGR already set [ 601.949044] binder: 7097:7106 ioctl 40046207 0 returned -16 [ 601.949374] binder: 7097:7106 BC_FREE_BUFFER u0000000000000000 no match [ 601.949378] binder: 7097:7106 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.949387] binder: 7097:7106 BC_INCREFS_DONE u0000000000000000 no match [ 601.949392] binder: 7097:7106 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.949402] binder: 7097:7106 Release 1 refcount change on invalid ref 0 ret -22 [ 601.949410] binder: 7097:7106 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.949475] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.949514] binder: 7097:7106 transaction failed 29189/-3, size 0-8 line 3134 [ 601.949656] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.949693] binder: 7094:7100 transaction failed 29189/-3, size 0-0 line 3134 [ 601.949765] binder: BINDER_SET_CONTEXT_MGR already set [ 601.949770] binder: 7095:7104 ioctl 40046207 0 returned -16 [ 601.949890] binder: 7095:7104 BC_FREE_BUFFER u0000000000000000 no match [ 601.949894] binder: 7095:7104 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.949902] binder: 7095:7104 BC_INCREFS_DONE u0000000000000000 no match [ 601.949907] binder: 7095:7104 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.949918] binder: 7095:7104 Release 1 refcount change on invalid ref 0 ret -22 [ 601.949926] binder: 7095:7104 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.949989] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.950025] binder: 7095:7104 transaction failed 29189/-3, size 0-8 line 3134 [ 601.954192] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.954232] binder: 7095:7104 transaction failed 29189/-3, size 0-0 line 3134 [ 601.955305] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.955345] binder: 7097:7106 transaction failed 29189/-3, size 0-0 line 3134 [ 601.960037] binder: BINDER_SET_CONTEXT_MGR already set [ 601.960043] binder: 7103:7109 ioctl 40046207 0 returned -16 [ 601.960134] binder: 7103:7109 BC_FREE_BUFFER u0000000000000000 no match [ 601.960139] binder: 7103:7109 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.960145] binder: 7103:7109 BC_INCREFS_DONE u0000000000000000 no match [ 601.960150] binder: 7103:7109 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.960158] binder: 7103:7109 Release 1 refcount change on invalid ref 0 ret -22 [ 601.960166] binder: 7103:7109 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.960228] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.960305] binder: 7103:7109 transaction failed 29189/-3, size 0-8 line 3134 [ 601.963254] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.963290] binder: 7103:7109 transaction failed 29189/-3, size 0-0 line 3134 [ 601.968888] binder: BINDER_SET_CONTEXT_MGR already set [ 601.968896] binder: 7105:7112 ioctl 40046207 0 returned -16 [ 601.969438] binder: 7105:7112 BC_FREE_BUFFER u0000000000000000 no match [ 601.969444] binder: 7105:7112 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.969451] binder: 7105:7112 BC_INCREFS_DONE u0000000000000000 no match [ 601.969456] binder: 7105:7112 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.969467] binder: 7105:7112 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.969537] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.969579] binder: 7105:7112 transaction failed 29189/-3, size 0-0 line 3134 [ 601.971399] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.971437] binder: 7105:7112 transaction failed 29189/-3, size 0-0 line 3134 [ 601.984983] binder: BINDER_SET_CONTEXT_MGR already set [ 601.984990] binder: 7113:7119 ioctl 40046207 0 returned -16 [ 601.985106] binder: 7113:7119 BC_FREE_BUFFER u0000000000000000 no match [ 601.985111] binder: 7113:7119 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.985118] binder: 7113:7119 BC_INCREFS_DONE u0000000000000000 no match [ 601.985122] binder: 7113:7119 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 601.985132] binder: 7113:7119 Release 1 refcount change on invalid ref 0 ret -22 [ 601.985140] binder: 7113:7119 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 601.985202] binder_alloc: 7098: binder_alloc_buf, no vma [ 601.985242] binder: 7113:7119 transaction failed 29189/-3, size 0-8 line 3134 [ 601.991362] binder: 7094:7118 Acquire 1 refcount change on invalid ref 0 ret -22 [ 601.996152] binder: 7097:7123 Acquire 1 refcount change on invalid ref 0 ret -22 [ 602.025285] binder: 7105:7129 Acquire 1 refcount change on invalid ref 0 ret -22 [ 602.068364] binder: 7136:7137 BC_FREE_BUFFER u0000000000000000 no match [ 602.068407] binder: 7136:7137 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 602.068418] binder: 7136:7137 BC_INCREFS_DONE u0000000000000000 node 36625 cookie mismatch 0000000000000001 != 0000000000000000 [ 602.068425] binder: 7136:7137 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 602.068434] binder: 7136:7137 Release 1 refcount change on invalid ref 0 ret -22 [ 602.068441] binder: 7136:7137 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 602.068509] binder_alloc: 7136: binder_alloc_buf, no vma [ 602.068547] binder: 7136:7137 transaction failed 29189/-3, size 0-8 line 3134 [ 602.070029] binder_alloc: 7136: binder_alloc_buf, no vma [ 602.070067] binder: 7136:7137 transaction failed 29189/-3, size 0-0 line 3134 [ 602.070625] binder: BINDER_SET_CONTEXT_MGR already set [ 602.070632] binder: 7136:7137 ioctl 40046207 0 returned -16 [ 602.087520] binder: 7113:7132 Acquire 1 refcount change on invalid ref 0 ret -22 [ 602.097140] binder: BINDER_SET_CONTEXT_MGR already set [ 602.097147] binder: 7139:7142 ioctl 40046207 0 returned -16 [ 602.097236] binder: 7139:7142 BC_FREE_BUFFER u0000000000000000 no match [ 602.097241] binder: 7139:7142 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 602.097249] binder: 7139:7142 BC_INCREFS_DONE u0000000000000000 no match [ 602.097253] binder: 7139:7142 ERROR: BC_REGISTER_LOOPER called after BC_ENTER_LOOPER [ 602.097263] binder: 7139:7142 Release 1 refcount change on invalid ref 0 ret -22 [ 602.097271] binder: 7139:7142 IncRefs 0 refcount change on invalid ref 4 ret -22 [ 602.097336] binder_alloc: 7136: binder_alloc_buf, no vma [ 602.097377] binder: 7139:7142 transaction failed 29189/-3, size 0-8 line 3134 [ 602.099059] binder_alloc: 7136: binder_alloc_buf, no vma [ 602.099104] binder: 7139:7142 transaction failed 29189/-3, size 0-0 line 3134 [ 602.127986] binder: 7139:7142 Acquire 1 refcount change on invalid ref 0 ret -22 [ 602.128112] INFO: task init:28214 blocked for more than 120 seconds. [ 602.128116] Not tainted 4.4.125-g38f41ec #21 [ 602.128118] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 602.128137] init D ffff88007d7bf718 29488 28214 1 0x00000000 [ 602.128146] ffff88007d7bf718 ffff8801c84a1800 0000000000000000 0000000000000007 [ 602.128154] ffff8801c84a1800 ffff8801db31fdb8 ffff8801db31fde0 ffff8801db31f4d8 [ 602.128161] ffff8801db31f4c0 ffff8801d93a3000 ffff8801c84a1800 0000000000000000 [ 602.128163] Call Trace: [ 602.128175] [] schedule+0x7a/0x1b0 [ 602.128181] [] schedule_preempt_disabled+0x13/0x20 [ 602.128187] [] mutex_lock_nested+0x306/0x850 [ 602.128197] [] ? tty_open+0x4ca/0xee0 [ 602.128203] [] ? __ww_mutex_lock+0x14f0/0x14f0 [ 602.128209] [] ? tty_open+0x158/0xee0 [ 602.128218] [] ? kmem_cache_alloc_trace+0x100/0x2b0 [ 602.128224] [] tty_open+0x4ca/0xee0 [ 602.128231] [] ? tty_init_dev+0x430/0x430 [ 602.128237] [] ? chrdev_open+0xc7/0x4c0 [ 602.128244] [] ? tty_init_dev+0x430/0x430 [ 602.128249] [] chrdev_open+0x22b/0x4c0 [ 602.128255] [] ? cdev_put.part.0+0x50/0x50 [ 602.128262] [] do_dentry_open+0x59b/0xba0 [ 602.128268] [] ? __inode_permission2+0x9b/0x240 [ 602.128274] [] ? cdev_put.part.0+0x50/0x50 [ 602.128280] [] vfs_open+0x110/0x210 [ 602.128285] [] ? may_open+0x1ae/0x280 [ 602.128291] [] path_openat+0x923/0x3940 [ 602.128297] [] ? depot_save_stack+0x1c3/0x640 [ 602.128304] [] ? path_mountpoint+0x830/0x830 [ 602.128309] [] ? getname_flags+0xcb/0x580 [ 602.128314] [] ? getname+0x19/0x20 [ 602.128320] [] ? do_sys_open+0x21f/0x660 [ 602.128326] [] ? SyS_open+0x2d/0x40 [ 602.128332] [] ? entry_SYSCALL_64_fastpath+0x22/0x9e [ 602.128340] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 602.128346] [] ? new_slab+0x2df/0x3b0 [ 602.128351] [] ? __lock_is_held+0xa1/0xf0 [ 602.128358] [] do_filp_open+0x197/0x290 [ 602.128364] [] ? user_path_mountpoint_at+0x40/0x40 [ 602.128370] [] ? _raw_spin_unlock+0x2c/0x50 [ 602.128376] [] ? __alloc_fd+0x1e3/0x500 [ 602.128382] [] do_sys_open+0x369/0x660 [ 602.128389] [] ? filp_open+0x70/0x70 [ 602.128395] [] ? proc_clear_tty+0xd9/0x140 [ 602.128401] [] ? _raw_write_unlock_irq+0x27/0x50 [ 602.128407] [] SyS_open+0x2d/0x40 [ 602.128413] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 602.128418] 1 lock held by init/28214: [ 602.128432] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x4ca/0xee0 [ 602.128435] Sending NMI to all CPUs: [ 602.129664] NMI backtrace for cpu 0 [ 602.129668] CPU: 0 PID: 486 Comm: khungtaskd Not tainted 4.4.125-g38f41ec #21 [ 602.129671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.129674] task: ffff8800bad4e000 task.stack: ffff8800bad70000 [ 602.129677] RIP: 0010:[] [] flat_send_IPI_mask+0xf7/0x1a0 [ 602.129679] RSP: 0018:ffff8800bad77cb8 EFLAGS: 00000046 [ 602.129682] RAX: 0000000003000000 RBX: 0000000000000c00 RCX: 0000000000000000 [ 602.129685] RDX: 0000000000000c00 RSI: 0000000000000000 RDI: ffffffffff5fb300 [ 602.129687] RBP: ffff8800bad77ce0 R08: 0000000000000001 R09: 0000000000000000 [ 602.129690] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000246 [ 602.129693] R13: 0000000000000003 R14: ffffffff8426f5a0 R15: 0000000000000002 [ 602.129696] FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 602.129698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 602.129701] CR2: 0000000008117654 CR3: 00000001d484a000 CR4: 0000000000160670 [ 602.129704] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 602.129706] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 602.129708] Stack: [ 602.129711] ffffffff8426f5a0 ffffffff847f0b40 fffffbfff08fdc1c dffffc0000000000 [ 602.129713] ffff8801db31bca0 ffff8800bad77d00 ffffffff810b9abb ffffffff839f6dc0 [ 602.129716] 0000000000000003 ffff8800bad77d60 ffffffff81d11764 ffffffff8141b993 [ 602.129718] Call Trace: [ 602.129720] [] nmi_raise_cpu_backtrace+0x5b/0x70 [ 602.129723] [] nmi_trigger_all_cpu_backtrace+0x4a4/0x550 [ 602.129725] [] ? print_lock+0xab/0xae [ 602.129728] [] ? irq_force_complete_move+0x3b0/0x3b0 [ 602.129731] [] arch_trigger_all_cpu_backtrace+0x14/0x20 [ 602.129733] [] watchdog+0x6fa/0xae0 [ 602.129735] [] ? watchdog+0xc3/0xae0 [ 602.129738] [] kthread+0x268/0x300 [ 602.129740] [] ? reset_hung_task_detector+0x20/0x20 [ 602.129743] [] ? kthread_create_on_node+0x400/0x400 [ 602.129745] [] ? kthread_create_on_node+0x400/0x400 [ 602.129748] [] ret_from_fork+0x55/0x80 [ 602.129750] [] ? kthread_create_on_node+0x400/0x400 [ 602.129756] Code: b3 5f ff f6 c4 10 75 e1 44 89 e8 c1 e0 18 89 04 25 10 b3 5f ff 44 89 fa 09 da 80 cf 04 41 83 ff 02 0f 44 d3 89 14 25 00 b3 5f ff <41> f7 c4 00 02 00 00 74 1a e8 2b 33 17 00 4c 89 e7 57 9d 0f 1f [ 602.129758] NMI backtrace for cpu 1 [ 602.129761] CPU: 1 PID: 28000 Comm: init Not tainted 4.4.125-g38f41ec #21 [ 602.129764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.129767] task: ffff8801c87b4800 task.stack: ffff8800b97d0000 [ 602.129769] RIP: 0010:[] [] io_serial_in+0x6b/0x90 [ 602.129772] RSP: 0018:ffff8800b97d7518 EFLAGS: 00000002 [ 602.129775] RAX: dffffc0000000000 RBX: 00000000000003fd RCX: 0000000000000000 [ 602.129777] RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8607e878 [ 602.129780] RBP: ffff8800b97d7528 R08: 0000000000000001 R09: ffffffff850e4aa0 [ 602.129783] R10: 0000000000000001 R11: 1ffff100172fae84 R12: ffffffff8607e840 [ 602.129785] R13: 0000000000000020 R14: fffffbfff0c0fd4f R15: fffffbfff0c0fd11 [ 602.129788] FS: 00007f72a64307a0(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 602.129791] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 602.129793] CR2: 000000c45ea0d000 CR3: 00000000b62a8000 CR4: 0000000000160670 [ 602.129796] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 602.129799] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 602.129800] Stack: [ 602.129803] ffffffff8607e840 0000000000002706 ffff8800b97d7578 ffffffff81f89289 [ 602.129806] 0000000000000000 ffffffff8607e888 ffffffff8607ea7a ffffffff8607e840 [ 602.129809] 0000000000000020 ffffffff81f893d0 dffffc0000000000 0000000000000020 [ 602.129811] Call Trace: [ 602.129813] [] wait_for_xmitr+0x89/0x1d0 [ 602.129816] [] ? wait_for_xmitr+0x1d0/0x1d0 [ 602.129818] [] serial8250_console_putchar+0x1f/0x60 [ 602.129821] [] uart_console_write+0xac/0xe0 [ 602.129823] [] serial8250_console_write+0x2e0/0x860 [ 602.129826] [] ? exar_handle_irq+0x1b0/0x1b0 [ 602.129828] [] ? sprintf+0xb0/0xe0 [ 602.129830] [] ? scnprintf+0x110/0x110 [ 602.129833] [] ? univ8250_console_setup+0x100/0x100 [ 602.129835] [] univ8250_console_write+0x64/0x80 [ 602.129838] [] call_console_drivers.constprop.26+0x1ec/0x3e0 [ 602.129840] [] console_unlock+0x534/0xa00 [ 602.129843] [] ? uart_set_termios+0x6b0/0x6b0 [ 602.129846] [] console_device+0x95/0xc0 [ 602.129848] [] tty_open+0x4e8/0xee0 [ 602.129850] [] ? tty_init_dev+0x430/0x430 [ 602.129853] [] ? chrdev_open+0xc7/0x4c0 [ 602.129855] [] ? tty_init_dev+0x430/0x430 [ 602.129857] [] chrdev_open+0x22b/0x4c0 [ 602.129860] [] ? cdev_put.part.0+0x50/0x50 [ 602.129862] [] do_dentry_open+0x59b/0xba0 [ 602.129864] [] ? __inode_permission2+0x9b/0x240 [ 602.129867] [] ? cdev_put.part.0+0x50/0x50 [ 602.129869] [] vfs_open+0x110/0x210 [ 602.129872] [] ? may_open+0x1ae/0x280 [ 602.129874] [] path_openat+0x923/0x3940 [ 602.129877] [] ? depot_save_stack+0x1c3/0x640 [ 602.129879] [] ? path_mountpoint+0x830/0x830 [ 602.129881] [] ? getname_flags+0xcb/0x580 [ 602.129884] [] ? getname+0x19/0x20 [ 602.129886] [] ? do_sys_open+0x21f/0x660 [ 602.129888] [] ? SyS_open+0x2d/0x40 [ 602.129891] [] ? entry_SYSCALL_64_fastpath+0x22/0x9e [ 602.129894] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 602.129896] [] ? __lock_is_held+0xa1/0xf0 [ 602.129898] [] do_filp_open+0x197/0x290 [ 602.129901] [] ? user_path_mountpoint_at+0x40/0x40 [ 602.129903] [] ? _raw_spin_unlock+0x2c/0x50 [ 602.129906] [] ? __alloc_fd+0x1e3/0x500 [ 602.129908] [] do_sys_open+0x369/0x660 [ 602.129910] [] ? filp_open+0x70/0x70 [ 602.129913] [] ? proc_clear_tty+0xd9/0x140 [ 602.129915] [] ? _raw_write_unlock_irq+0x27/0x50 [ 602.129917] [] SyS_open+0x2d/0x40 [ 602.129920] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 602.129925] Code: 24 c1 00 00 00 49 8d 7c 24 38 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 d3 e3 80 3c 02 00 75 17 41 03 5c 24 38 89 da ec <5b> 0f b6 c0 41 5c 5d c3 e8 e8 79 57 ff eb c2 e8 41 7a 57 ff eb [ 602.130083] Kernel panic - not syncing: hung_task: blocked tasks [ 602.130088] CPU: 0 PID: 486 Comm: khungtaskd Not tainted 4.4.125-g38f41ec #21 [ 602.130091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 602.130099] 0000000000000000 8c4be1e917a414bc ffff8800bad77ca8 ffffffff81d067bd [ 602.130106] ffffffff838831a0 ffff8800bad77d80 dffffc0000000000 7fffffffffffffff [ 602.130114] ffff8801c84a1c48 ffff8800bad77d70 ffffffff8141b46a 0000000041b58ab3 [ 602.130115] Call Trace: [ 602.130123] [] dump_stack+0xc1/0x124 [ 602.130129] [] panic+0x1aa/0x388 [ 602.130136] [] ? percpu_up_read.constprop.45+0xe1/0xe1 [ 602.130142] [] ? nmi_trigger_all_cpu_backtrace+0x3f8/0x550 [ 602.130148] [] ? nmi_trigger_all_cpu_backtrace+0x3f8/0x550 [ 602.130154] [] watchdog+0x70b/0xae0 [ 602.130159] [] ? watchdog+0xc3/0xae0 [ 602.130165] [] kthread+0x268/0x300 [ 602.130171] [] ? reset_hung_task_detector+0x20/0x20 [ 602.130178] [] ? kthread_create_on_node+0x400/0x400 [ 602.130185] [] ? kthread_create_on_node+0x400/0x400 [ 602.130191] [] ret_from_fork+0x55/0x80 [ 602.130197] [] ? kthread_create_on_node+0x400/0x400 [ 602.138997] Dumping ftrace buffer: [ 602.139033] (ftrace buffer empty) [ 602.139035] Kernel Offset: disabled [ 625.346455] Rebooting in 86400 seconds..