5dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00WD%l\x8c\x8e3\xf1vS\xdeK8\xd6R\xbd\xd3\x199\'\x95J[>u\xd4l\x8c\xd3\xa6\xcf\xc99\xe0\xed^OM\x9a\xd8\xa2\xef\xee]\x11\xadD\xbe\xf7P:\xc5\xf4\xc2q', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:13 executing program 1: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00WD%l\x8c\x8e3\xf1vS\xdeK8\xd6R\xbd\xd3\x199\'\x95J[>u\xd4l\x8c\xd3\xa6\xcf\xc99\xe0\xed^OM\x9a\xd8\xa2\xef\xee]\x11\xadD\xbe\xf7P:\xc5\xf4\xc2q', 0x0, 0x0) umount2(&(0x7f0000000240)='./file0\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) bind(r1, &(0x7f0000000000)=@in6={0xa, 0x4e24, 0xffff, @empty, 0xfffffff7}, 0x80) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001640)={'team0\x00'}) 16:16:13 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e603e153450000000000000000000008000000000000", @ANYPTR], 0x1e}}, 0x40) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000001c0)="80000000380400001900030000000000000000000000010001000000090000000040000010000800006d5ebe5a0000ffff53ef6e2fcb8476e8ae91ec62e5b9fd7c475b2a447eaab0", 0x48, 0x400}], 0x2100005, 0x0) [ 925.744791] binder: 25272:25280 BC_INCREFS_DONE node 2010 has no pending increfs request [ 925.757463] binder: 25272:25280 got transaction to context manager from process owning it [ 925.774516] binder: 25272:25280 transaction failed 29201/-22, size 0-0 line 3129 [ 925.783959] binder: BINDER_SET_CONTEXT_MGR already set [ 925.789260] binder: 25272:25280 ioctl 40046207 0 returned -16 16:16:13 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00WD%l\x8c\x8e3\xf1vS\xdeK8\xd6R\xbd\xd3\x199\'\x95J[>u\xd4l\x8c\xd3\xa6\xcf\xc99\xe0\xed^OM\x9a\xd8\xa2\xef\xee]\x11\xadD\xbe\xf7P:\xc5\xf4\xc2q', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:13 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYRES16=r0, @ANYRESOCT], 0x19}}, 0x0) [ 925.806324] binder_alloc: 25272: binder_alloc_buf, no vma [ 925.816848] binder: 25272:25280 transaction failed 29189/-3, size 88-24 line 3284 [ 925.829311] binder: undelivered TRANSACTION_ERROR: 29189 [ 925.830568] ip6_tunnel: k xmit: Local address not yet configured! 16:16:13 executing program 3: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00WD%l\x8c\x8e3\xf1vS\xdeK8\xd6R\xbd\xd3\x199\'\x95J[>u\xd4l\x8c\xd3\xa6\xcf\xc99\xe0\xed^OM\x9a\xd8\xa2\xef\xee]\x11\xadD\xbe\xf7P:\xc5\xf4\xc2q', 0x0, 0x0) umount2(&(0x7f0000000240)='./file0\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) bind(r1, &(0x7f0000000000)=@in6={0xa, 0x4e24, 0xffff, @empty, 0xfffffff7}, 0x80) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001640)={'team0\x00'}) 16:16:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) connect$unix(r1, &(0x7f0000000000)=@abs={0xd789e98acedba5d1, 0x0, 0x4e21}, 0x6e) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) [ 925.854092] binder: undelivered TRANSACTION_ERROR: 29201 [ 925.860025] binder: 25272:25280 BC_INCREFS_DONE node 2013 has no pending increfs request [ 925.860035] binder: 25272:25280 got transaction to context manager from process owning it 16:16:13 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000140)=ANY=[@ANYBLOB="e6ff0300544500459fc547ee007999e2f4723c7cf405ab0929d8b2c7273600000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/enforce\x00', 0x1b477496d77aa80d, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={0x0, r0, 0x6}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) r3 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r5, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r5, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000b40)={0x180, 0x0, &(0x7f0000000900)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x1, 0x1}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x1000}, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f00000002c0)={@fd={0x66642a85, 0x0, r4}, @flat=@handle={0x73682a85, 0x5}, @flat=@weak_handle={0x77682a85, 0x1, 0x3}}, &(0x7f0000000340)={0x0, 0x18, 0x30}}}, @acquire_done, @acquire={0x40046305, 0x2}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x2c2513fa8d018532, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000380)={@fda={0x66646185, 0x5, 0x2, 0x1d}, @fda={0x66646185, 0x0, 0x2, 0x40}, @flat=@weak_binder={0x77622a85, 0xb, 0x3}}, &(0x7f0000000400)={0x0, 0x20, 0x40}}}, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000600)={@ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/151, 0x97, 0x2, 0x6}, @ptr={0x70742a85, 0x1, &(0x7f0000000500)=""/194, 0xc2, 0x0, 0x15}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000680)={0x0, 0x28, 0x50}}}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000840)={@fda={0x66646185, 0xa, 0x0, 0x31}, @ptr={0x70742a85, 0x0, &(0x7f00000006c0)=""/192, 0xc0, 0x2, 0x1c}, @ptr={0x70742a85, 0x0, &(0x7f0000000780)=""/155, 0x9b, 0x1, 0xc}}, &(0x7f00000008c0)={0x0, 0x20, 0x48}}, 0x280}], 0x87, 0x0, &(0x7f0000000a80)="e74d0fb26564fcb9b75218317d1e98df0a53358e5191faf690920d71f5169c039e687858b80a23951603f214080d6de41d25bc8e4c2c911b8a24025cf3543a8fbb68ed00b6984c419d5e8e5ea493ffffb290afe622fce7214ee3c2307df432e4b7fdb1e2a27a222b101213ca63884843b4731775dcea3301287fcb611b2a92fbdc017911253619"}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r6 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 925.860047] binder: 25272:25280 transaction failed 29201/-22, size 0-0 line 3129 [ 925.860130] binder: BINDER_SET_CONTEXT_MGR already set [ 925.860138] binder: 25272:25280 ioctl 40046207 0 returned -16 [ 925.860317] binder_alloc: 25272: binder_alloc_buf, no vma [ 925.860335] binder: 25272:25280 transaction failed 29189/-3, size 88-24 line 3284 [ 925.898716] binder: BINDER_SET_CONTEXT_MGR already set [ 925.898724] binder: 25307:25309 ioctl 40046207 0 returned -16 [ 925.899748] binder: BINDER_SET_CONTEXT_MGR already set [ 925.899770] binder: 25307:25310 ioctl 40046207 0 returned -16 [ 925.943657] binder: BINDER_SET_CONTEXT_MGR already set [ 925.943666] binder: 25313:25316 ioctl 40046207 0 returned -16 [ 925.943769] binder: 25313:25316 BC_INCREFS_DONE u0000000000000000 no match [ 925.943799] binder_alloc: 25272: binder_alloc_buf, no vma [ 925.943818] binder: 25313:25316 transaction failed 29189/-3, size 0-0 line 3284 [ 925.944138] binder: BINDER_SET_CONTEXT_MGR already set [ 925.944145] binder: 25313:25316 ioctl 40046207 0 returned -16 [ 925.944206] binder: 25313:25316 BC_INCREFS_DONE u0000000000000000 no match [ 925.944226] binder_alloc: 25272: binder_alloc_buf, no vma [ 925.944251] binder: 25313:25316 transaction failed 29189/-3, size 0-0 line 3284 [ 925.945141] binder: BINDER_SET_CONTEXT_MGR already set [ 925.945149] binder: 25313:25316 ioctl 40046207 0 returned -16 [ 925.945392] binder_alloc: 25272: binder_alloc_buf, no vma [ 925.945408] binder: 25313:25316 transaction failed 29189/-3, size 88-24 line 3284 [ 925.950073] binder: BINDER_SET_CONTEXT_MGR already set [ 925.950082] binder: 25313:25317 ioctl 40046207 0 returned -16 [ 925.953863] binder: 25313:25316 BC_INCREFS_DONE u0000000000000000 no match [ 925.953889] binder_alloc: 25272: binder_alloc_buf, no vma [ 925.953907] binder: 25313:25316 transaction failed 29189/-3, size 0-0 line 3284 [ 925.962618] binder: BINDER_SET_CONTEXT_MGR already set [ 925.962629] binder: 25313:25316 ioctl 40046207 0 returned -16 [ 925.962712] binder: 25313:25316 BC_INCREFS_DONE u0000000000000000 no match [ 925.962737] binder_alloc: 25272: binder_alloc_buf, no vma [ 925.962756] binder: 25313:25316 transaction failed 29189/-3, size 0-8319668240672711727 line 3284 [ 925.969205] binder: BINDER_SET_CONTEXT_MGR already set [ 925.969213] binder: 25313:25316 ioctl 40046207 0 returned -16 [ 925.975294] binder_alloc: 25272: binder_alloc_buf, no vma [ 925.975312] binder: 25313:25316 transaction failed 29189/-3, size 88-24 line 3284 [ 926.179929] binder: undelivered TRANSACTION_ERROR: 29189 [ 926.185418] binder: undelivered TRANSACTION_ERROR: 29189 [ 926.190952] binder: undelivered TRANSACTION_ERROR: 29189 [ 926.196481] binder: undelivered TRANSACTION_ERROR: 29189 [ 926.202147] binder: undelivered TRANSACTION_ERROR: 29189 [ 926.207619] binder: undelivered TRANSACTION_ERROR: 29201 16:16:16 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:16 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:16 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a62730000000000000000000000000000000000000000852a747000"/88], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB="fe826f9850126bacb2a9f9f2bc4c28aa8f8ae48ac73ab210c5b645e8db76f4f142e00be2542fbe047d23181f9f5f818683f0df53bb4f002e3effe210c04df11997cf0d5bb09e76bbaf15785f41158558ebdab54874b54c60d4a466"], 0x0, 0x0, 0x0}) 16:16:16 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="8e62000000040000000080000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932e3c9bb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbd3031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd"], 0x95}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:16 executing program 1: r0 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x10000) ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f0000000100)=0x7b) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x14, 0x0, &(0x7f0000000140)=[@release={0x40046306, 0x3}, @dead_binder_done], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:16 executing program 3: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00WD%l\x8c\x8e3\xf1vS\xdeK8\xd6R\xbd\xd3\x199\'\x95J[>u\xd4l\x8c\xd3\xa6\xcf\xc99\xe0\xed^OM\x9a\xd8\xa2\xef\xee]\x11\xadD\xbe\xf7P:\xc5\xf4\xc2q', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:16 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000112a7b0000000000000000000000000300000000200000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0098dad2d1000000000100000000000000000000000000ffffffff00000000000000008000000000000000002000000000000000ffffff7f000000000000000000000000000000feffffff01000000110000000900000000ff00ffff00000000134ac9e8b83246c800ba680000000000000000000000000001010000000000000000001fb0919c00010000e1c90fed90ac00000000a85f00184b00000000000000050400000000000000000002000000000000fcffffffffffffffa00000004155444954000000000000000000ab4a000000000000000086e1456386412cecba00000000000000000800000000000d"]}, 0x1a8) 16:16:16 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nbd(0x0) 16:16:16 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544700000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}, 0x1, 0x0, 0x0, 0x10}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x3, &(0x7f00000001c0)={0x8001, {{0xa, 0x4e21, 0xffffffff, @ipv4={[], [], @broadcast}, 0x2}}, {{0xa, 0x4e23, 0x5, @empty, 0x7}}}, 0x108) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r2) [ 928.770222] binder_alloc: 25328: binder_alloc_buf size -6022699939313777808 failed, no address space [ 928.785808] binder: 25326:25336 BC_INCREFS_DONE node 2024 has no pending increfs request 16:16:16 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) [ 928.785820] binder: 25326:25336 got transaction to context manager from process owning it [ 928.785833] binder: 25326:25336 transaction failed 29201/-22, size 0-0 line 3129 [ 928.786075] binder: BINDER_SET_CONTEXT_MGR already set [ 928.786083] binder: 25326:25336 ioctl 40046207 0 returned -16 16:16:16 executing program 1: clone(0x84007bf7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() mknod(&(0x7f00000000c0)='./file0\x00', 0x1142, 0x0) execve(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) ptrace(0x10, r0) creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) ptrace(0x11, r0) 16:16:16 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYRESDEC=0x0, @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e617975eb8dbfcd05c1"], 0x9b}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 928.786707] binder_alloc: 25326: binder_alloc_buf, no vma [ 928.786726] binder: 25326:25336 transaction failed 29189/-3, size 88-24 line 3284 [ 928.787051] binder: undelivered TRANSACTION_ERROR: 29189 [ 928.787072] binder: undelivered TRANSACTION_ERROR: 29201 [ 928.900808] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 928.932055] binder: 25328:25334 transaction failed 29201/-28, size 88-24 line 3284 [ 928.944249] binder: undelivered TRANSACTION_ERROR: 29201 16:16:19 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:19 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket(0x10, 0x1000000000080002, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000040)=@ethtool_ringparam={0x12, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x4}}) 16:16:19 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:19 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) flistxattr(r1, &(0x7f0000000140), 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) set_tid_address(&(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:19 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000140), 0x8, &(0x7f00000001c0)) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f00000000c0)={0xbd, 0x3, 0x3}) 16:16:19 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:19 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000200)={0x9, 0x9, 0xfffffff7, 0x7fff, 0x8}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binderN(&(0x7f00000002c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000500)=ANY=[@ANYRESDEC=r3]) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0xc, &(0x7f0000000100)={@ptr={0x70742a85, 0x1, &(0x7f00000000c0)=""/27, 0x0, 0x0, 0x8}, @flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)={0x0, 0x331, 0xfffffffffffffd99}}}], 0x0, 0x0, 0x0}) [ 931.790109] binder: release 25374:25384 transaction 2029 out, still active [ 931.799592] binder: unexpected work type, 4, not freed [ 931.801346] binder: BINDER_SET_CONTEXT_MGR already set [ 931.801355] binder: 25374:25387 ioctl 40046207 0 returned -16 16:16:19 executing program 3: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") pread64(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffff8001) 16:16:19 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$UHID_DESTROY(r0, &(0x7f00000000c0), 0x4) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:19 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a62730000000000000000000000000000000000000000852a747000"/88], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB="18160000000002ac7d1cd89d19b97c7704628025a8042f99bc516c4a0022e6ba95db4dd40e58eb49f3f9e1a0528adc9a0d2faae1522afbeb94af257788"], 0x0, 0x0, 0x0}) [ 931.857057] binder: unexpected work type, 4, not freed [ 931.857843] binder: BINDER_SET_CONTEXT_MGR already set [ 931.857850] binder: 25395:25396 ioctl 40046207 0 returned -16 16:16:19 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) sendfile(r0, r0, 0x0, 0x200000d) [ 931.858468] binder: 25395:25396 ioctl 801c581f 20000200 returned -22 [ 931.858517] binder: BINDER_SET_CONTEXT_MGR already set [ 931.858523] binder: 25395:25396 ioctl 40046207 0 returned -16 16:16:19 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x40280, 0x0) write$P9_RVERSION(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="1300000065ffff018000020600395032303030"], 0x13) [ 931.858576] binder: 25395:25396 BC_INCREFS_DONE u0000000000000000 no match [ 931.858600] binder_alloc: 25374: binder_alloc_buf, no vma [ 931.858615] binder: 25395:25396 transaction failed 29189/-3, size 0-0 line 3284 [ 931.858763] binder: BINDER_SET_CONTEXT_MGR already set [ 931.858769] binder: 25395:25396 ioctl 40046207 0 returned -16 [ 931.860607] binder: 25395:25396 BC_INCREFS_DONE u0000000000000000 no match [ 931.860633] binder_alloc: 25374: binder_alloc_buf, no vma [ 931.860649] binder: 25395:25396 transaction failed 29189/-3, size 0-0 line 3284 [ 931.860727] binder: 25395:25396 ioctl c0c0583b 20000500 returned -22 [ 931.860935] binder: 25395:25396 got transaction to invalid handle [ 931.860942] binder: 25395:25396 transaction failed 29201/-22, size 88-12 line 3138 [ 931.865827] binder: BINDER_SET_CONTEXT_MGR already set [ 931.865836] binder: 25395:25398 ioctl 40046207 0 returned -16 [ 931.875069] binder: 25395:25396 ioctl 801c581f 20000200 returned -22 [ 931.878358] binder: BINDER_SET_CONTEXT_MGR already set [ 931.878367] binder: 25395:25398 ioctl 40046207 0 returned -16 [ 931.883785] binder: 25395:25396 BC_INCREFS_DONE u0000000000000000 no match [ 931.883813] binder_alloc: 25374: binder_alloc_buf, no vma [ 931.883833] binder: 25395:25396 transaction failed 29189/-3, size 0-0 line 3284 [ 931.888775] binder: BINDER_SET_CONTEXT_MGR already set [ 931.888784] binder: 25395:25396 ioctl 40046207 0 returned -16 [ 931.888791] binder: 25395:25398 BC_INCREFS_DONE u0000000000000000 no match [ 931.888819] binder_alloc: 25374: binder_alloc_buf, no vma [ 931.888838] binder: 25395:25398 transaction failed 29189/-3, size 0-0 line 3284 [ 931.890815] binder: 25395:25396 ioctl c0c0583b 20000500 returned -22 [ 931.941937] binder: BINDER_SET_CONTEXT_MGR already set [ 931.941946] binder: 25404:25409 ioctl 40046207 0 returned -16 [ 931.942336] binder_alloc: 25374: binder_alloc_buf, no vma [ 931.942356] binder: 25404:25409 transaction failed 29189/-3, size 88-24 line 3284 [ 931.955936] binder: BINDER_SET_CONTEXT_MGR already set [ 931.955948] binder: 25404:25411 ioctl 40046207 0 returned -16 [ 932.021327] binder: BINDER_SET_CONTEXT_MGR already set [ 932.021336] binder: 25416:25420 ioctl 40046207 0 returned -16 [ 932.022052] binder_alloc: 25374: binder_alloc_buf, no vma [ 932.022073] binder: 25416:25420 transaction failed 29189/-3, size 88-24 line 3284 [ 932.030606] binder: BINDER_SET_CONTEXT_MGR already set [ 932.030616] binder: 25416:25423 ioctl 40046207 0 returned -16 [ 932.030879] binder_alloc: 25374: binder_alloc_buf, no vma [ 932.030896] binder: 25416:25423 transaction failed 29189/-3, size 88-24 line 3284 [ 932.293125] binder: undelivered TRANSACTION_COMPLETE [ 932.298256] binder: undelivered TRANSACTION_ERROR: 29189 [ 932.303870] binder: undelivered TRANSACTION_ERROR: 29189 [ 932.309592] binder: undelivered TRANSACTION_ERROR: 29189 [ 932.315223] binder: undelivered TRANSACTION_ERROR: 29189 [ 932.320725] binder: undelivered TRANSACTION_ERROR: 29189 [ 932.326211] binder: undelivered TRANSACTION_ERROR: 29201 [ 932.331710] binder: undelivered TRANSACTION_ERROR: 29189 [ 932.337277] binder: undelivered TRANSACTION_ERROR: 29189 [ 932.342952] binder: send failed reply for transaction 2029, target dead 16:16:22 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a8dbfcd05c1"], 0x95}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:22 executing program 3: syz_emit_ethernet(0xfdef, &(0x7f0000000040)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "26f526", 0x2, 0x0, 0x0, @rand_addr, @mcast2, {[], @udp}}}}}, 0x0) 16:16:22 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:22 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:22 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f00000000c0)) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="116348400000000000000000000000000000000000000000000000000000000000000000580000000000000018000000000000002e28bef1dcc71587236229ca429d726564bae7d6197962b9affb6c2ed00a7059bd5cddd1a69ecdda6c299819358d6adb2d04d2d94b9ba678d88a245445142620929599417037a3e299eacb0ebe3764e10babb2456dc07672595a33541cbd25246b2cd832a0d96d8cab09b752b93cac71d33a8b1556017cb9663ceb55aea1031937a7b53a46880de7d73af9c58d899ae72a7e4dd951121d7da7dfad72035cf9a5970edaa216682795f908779b03c280bfc05524fd", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a62730000000000000000000000000000000000000000852a747000"/88], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:16:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:22 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 934.804240] binder: 25428:25436 ioctl c018620c 200000c0 returned -22 [ 934.834211] binder_alloc: 25428: binder_alloc_buf size -5088371477088585000 failed, no address space 16:16:22 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x1d1) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000140)={&(0x7f00000000c0)='./file0\x00', r0}, 0x10) [ 934.880088] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 934.906887] binder: 25428:25436 transaction failed 29201/-28, size 88-24 line 3284 [ 934.919191] binder: undelivered TRANSACTION_ERROR: 29201 16:16:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) dup(r1) [ 934.929325] binder: 25428:25436 ioctl c018620c 200000c0 returned -22 16:16:22 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6080400544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f00000000c0)={0x1, 0x32, "7dfb8a9742d2f7160ec1cbea9de61ff82ea0880dde103354da4d02f52ba9243cdbcb9244b231adf55dec48b0366b1b3fe1d8"}) 16:16:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = pkey_alloc(0x0, 0x1) pkey_free(r1) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) io_destroy(0x0) [ 934.986778] binder: release 25452:25455 transaction 2046 out, still active [ 934.996467] binder: unexpected work type, 4, not freed [ 935.006067] binder: BINDER_SET_CONTEXT_MGR already set 16:16:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="2321202e2f66696c6530202f2b247d747275737465647365637572697479656d3023766d6e657431707070302d202f6465762f62696e6465722300202f6465762f62696e6465722300206574683076626f786e65743065746830736563757269747965746831656d31766d6e657431237b0aa83963db13f76a764758676fe8444e95444c9af93a54fc3227a30338ac9516a768c52d5297a3b5bc9851af8f388a1916859160ddc0b88887477d84616b406d0c3402ac9d9b8a2feed43dede282567c6faccc63b8183aca609c50ac87f523e2370085c8212d638550aaaf768c0213c1e9a7779161a0fad19b011d9907647203372414dd7497897666e3f8e4f1"], 0xfe) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000058000000000000001800000000000000000000000000000000cdf9ad82f96089ebd1c78a97d67d26cfbc9b855d0136acac6d0cb00107a1d3e71d1147be9995f19920cad1d697b35b6492457d6e9f81a33270a0420b9a123c12f4f079540a19ccbd93ff039e36c61ac08e7d64314e98295f0e4ff125393862d22ceb1fbbe85911e6e4a55c285434ea7826f11db60713604809fe8bd83432f0ef1099d438ef68d1927fc5373f", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a62730000000000000000000000000000000000000000852a747000"/88], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 935.006078] binder: 25452:25457 ioctl 40046207 0 returned -16 [ 935.007247] binder_alloc: 25452: binder_alloc_buf, no vma [ 935.007269] binder: 25452:25457 transaction failed 29189/-3, size 88-24 line 3284 [ 935.045413] binder: BINDER_SET_CONTEXT_MGR already set [ 935.045423] binder: 25459:25462 ioctl 40046207 0 returned -16 16:16:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f00000000c0)={0x0, r3, 0x0, 0x0, 0x6, 0x7fffffff}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 935.047716] binder_alloc: 25452: binder_alloc_buf, no vma [ 935.047739] binder: 25459:25462 transaction failed 29189/-3, size 88-24 line 3284 [ 935.058930] binder: BINDER_SET_CONTEXT_MGR already set [ 935.058942] binder: 25459:25464 ioctl 40046207 0 returned -16 [ 935.092161] binder: BINDER_SET_CONTEXT_MGR already set [ 935.092171] binder: 25466:25467 ioctl 40046207 0 returned -16 [ 935.096721] binder_alloc: 25452: binder_alloc_buf, no vma [ 935.096742] binder: 25466:25467 transaction failed 29189/-3, size 0-0 line 3284 [ 935.100820] binder: 25461:25463 BC_INCREFS_DONE node 2054 has no pending increfs request [ 935.100834] binder: 25461:25463 got transaction to context manager from process owning it [ 935.100846] binder: 25461:25463 transaction failed 29201/-22, size 0-0 line 3129 [ 935.100935] binder: 25461:25463 ioctl c0046686 200000c0 returned -22 [ 935.111832] binder: BINDER_SET_CONTEXT_MGR already set [ 935.111843] binder: 25466:25467 ioctl 40046207 0 returned -16 [ 935.156340] binder: BINDER_SET_CONTEXT_MGR already set [ 935.156350] binder: 25473:25474 ioctl 40046207 0 returned -16 [ 935.156699] binder: BINDER_SET_CONTEXT_MGR already set [ 935.156706] binder: 25473:25474 ioctl 40046207 0 returned -16 [ 935.156771] binder: 25473:25474 BC_INCREFS_DONE u0000000000000000 no match [ 935.156802] binder_alloc: 25452: binder_alloc_buf, no vma [ 935.156821] binder: 25473:25474 transaction failed 29189/-3, size 0-0 line 3284 [ 935.157000] binder: BINDER_SET_CONTEXT_MGR already set [ 935.157007] binder: 25473:25474 ioctl 40046207 0 returned -16 [ 935.157328] binder: 25473:25474 BC_INCREFS_DONE u0000000000000000 no match [ 935.157350] binder_alloc: 25452: binder_alloc_buf, no vma [ 935.157365] binder: 25473:25474 transaction failed 29189/-3, size 0-0 line 3284 [ 935.157437] binder: 25473:25474 ioctl c028660f 200000c0 returned -22 [ 935.157520] binder_alloc: 25452: binder_alloc_buf, no vma [ 935.157536] binder: 25473:25474 transaction failed 29189/-3, size 88-24 line 3284 [ 935.158204] binder: BINDER_SET_CONTEXT_MGR already set [ 935.158482] binder: 25473:25475 ioctl 40046207 0 returned -16 [ 935.158795] binder: BINDER_SET_CONTEXT_MGR already set [ 935.158802] binder: 25473:25474 ioctl 40046207 0 returned -16 [ 935.158834] binder: 25473:25475 BC_INCREFS_DONE u0000000000000000 no match [ 935.158856] binder_alloc: 25452: binder_alloc_buf, no vma [ 935.158873] binder: 25473:25475 transaction failed 29189/-3, size 0-0 line 3284 [ 935.159004] binder: BINDER_SET_CONTEXT_MGR already set [ 935.159011] binder: 25473:25475 ioctl 40046207 0 returned -16 [ 935.159080] binder: 25473:25474 BC_INCREFS_DONE u0000000000000000 no match [ 935.159100] binder_alloc: 25452: binder_alloc_buf, no vma [ 935.159115] binder: 25473:25474 transaction failed 29189/-3, size 0-0 line 3284 [ 935.159143] binder: 25473:25475 ioctl c028660f 200000c0 returned -22 [ 935.445047] binder: unexpected work type, 4, not freed [ 935.450503] binder: undelivered TRANSACTION_COMPLETE [ 935.455647] binder: undelivered TRANSACTION_ERROR: 29189 [ 935.461164] binder: undelivered TRANSACTION_ERROR: 29189 [ 935.466673] binder: undelivered TRANSACTION_ERROR: 29189 [ 935.472181] binder: undelivered TRANSACTION_ERROR: 29189 [ 935.477642] binder: undelivered TRANSACTION_ERROR: 29189 [ 935.483252] binder: undelivered TRANSACTION_ERROR: 29201 [ 935.488797] binder: undelivered TRANSACTION_ERROR: 29189 [ 935.494416] binder: undelivered TRANSACTION_ERROR: 29189 [ 935.499961] binder: undelivered TRANSACTION_ERROR: 29189 [ 935.505653] binder: send failed reply for transaction 2046, target dead 16:16:25 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:25 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[], 0x394}, 0x1, 0x0, 0x0, 0x40001}, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/zero\x00', 0xed4d3dcb2ec527e9, 0x0) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f00000017c0)=@ccm_128={{0x7cb0f5a905ba321c}, "3dee1cbbbb49b5cf", "36b304ccbcfb6d7ab74258e2e2e73d18", "d82d99c1", "7016e22e496d8475"}, 0x28) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x800000002, 0x6, &(0x7f0000001400)=[{&(0x7f0000000180)="f4f0a9571c353994bf08893b6f26fa036b0234a9df7b9854864d82f08b16710613cc227dca1382797bf3cc9b763d5ef20505bed02ef2d8fef141122544b19d64df7d3ce2af5c2ce399864485e2ea03523610be783d14e79b1885d4d58a5884f8b52e320fa0e693ca94f84b4b249ed31a9b4b65e09a8f4bd28407d0a6bb3ff57f570a9c86c5d6fdad2fc60b34a096baf4c4f6244601cfcd64e2f220b71e7402b6e7c9555607f08731037de6e7436b3fa4de00d61673330fe6011d531d5a042602f04b44a248f4c3bf17af1fdfec2a75113c6cdf51714606dc88459e3e5855943ba5596856567f0d7b739ee1266c32050245946a543033d03cd0aa7dc6f256e4ef5cba39067e56511cdf7d032b408c5f6484e5e6c14bb48b40a9df3075a914ebfa3c19f547167aebaac65dc22f0d1ec44c6e8b571dde40707f0c986ea2c252cfc1a1874abe43d233d9a91ffe3f7daeea9133861eecf51047c315f57691bf88321d9415ae553f12636655bedb571fff6ae8d46312c9781d237df024048ea507d36c3456777dc2bea320ce63df56c4838e82cf994eb1f14f67ebde805fa848ab91971b4d54802e28b935ff0cdd5ea6de39f0302df9a5e2c2db0517dbe1a151f546cf28e6882fd6ff61fde15fdc8130e8127ee623c93f2ddf3796b72ebde1aad6c85b30359a80d97f241610dc20eb404e803d60e13433e99a323e2969fbcd6f1c68701e8475430ba84604b01bd7866c9b751ee305dba45bfefae3768ffff39213f5b5864a7e5d314a1c9beab32632f54b93ece56c370e59566cb293cb2cadf3658eed46d6d23a743e104b8a7faf40c3d9f80ebd7baae1cbe170502719b2729837f6df82dcde3a222fa407cc9f31e5b8ba8c9e1fc9be8ed0d767e9b3d8af676e90057db4f7e0dcddfa979f70bdc07acc04f9d971f327a66f9bbc9461e089230762e76eff0b7cfd0d1d330072230541924cfdc8a8dac6919515c4d2bbd3e268b62bd7ef1e633c9a8b758d6ffd632606402410e21a8dc723bf22d2e505b10697c12567698983aa8e162a8d665cc3625d7765cb8d52557b9c4fa6e3070930943f6043046807b5383b2471cc35bc0f503f39afc04771f59be9761b8f48220339318b929d656a27a823981fbe1293956eec1d07253122669bf0a43727a4e188f17e87898738454dc38d8e66d1e05074f298dff868d481b12b036d447ae1f60846a197a8c954c8f78229371dfe50cd2a44f3fef79c7bc4689d29efae6f4ee6fd14dafaa3b4c8b81510d508bc812e477607bd8532dd73090c14be1d4d79a337df5f82cd9bc69b60bbb16a79a37466b45f1f06d2f1f31af41df8720d55e148f5e8b4c5cac56a91dd572f05a4f87b1991962b01672113ab52312cb4b7aef37d9402f1cb0d14914439920b89e16242a049e407ca1b4fa83603d7349bde7e166ce7bb6bab0909fce6daa6d5aac509dce213e68f3a1d9a333595005a1afdff76e3109eb1a234807ee92dfa2572e9d81870a8fe8569199d1183883367d503cfb57541507719c3e5635567bde6746fc94e3781017432cd08c7e71a7a81ac28c0a5fa494b4261b448698658f7f436acb4482afdcd8eb23d0cc6ac59a39bdd27320074e0cd1ed706f3ac22c543c6cf740b4a59010d2f0a268d909935ef246a2b746e15f97323fa22141f234adc4688fd2d990422e71f235cc5a984170b9d7d4ceaf39b7f67d2b83dc8d176f7d3581aa2b25cade726ce6d7f5663895a9ce500dd0be22ff140fd99926d9ec8a2320d09af4f4e643a557cbdd007ed023761387b249ef7a381d2080e2c02bea84280d541b9117e888fedfcfdf806d1a5c1a1376bbf89db97b6f64f4665f4895298d29be6908b6f744737a4f1c644629976f51ee494bbbe1d22ae96478f81079b0732c27e0090361238a3aeee7e8e72b5aae359351b53d157681640d575d270ce9d52b6a61df4f6620a9a8a7b117590da7cf4e06b513bfc6a2e36fe1a45da7130d402c634fde645940a4fba3bde2b25ce8961346b079bb02be2f38cb794adc6d5e7f87db2d1fd54be8aec0b03f28be8a1d576e0b4cd770e8f0c6989b7cc2519717b9934d49a4a3bc1c6c35ad0afda4495de95fd47c9120042aafc00c810341f1c9e6b71edbc5f392aa5f9fd83cc6fe0a8d4b7f12a5729f286439ad74a5997a34dbee9cbb11e9804ac03a1d9da00201db2c63bf3e2969a5a737044b2c7c36298aefdf0a7db643ba26d2ee1f7b66779a0dc83c5875395840804763902b20657899b2b827eff47d65c07022979b19738b80b723bcea0fc16fc1dcda44eb7f77b754d5b808d1e3ff735e53ef7505e6fa90706cff86db4a593d80701bb3cbffb8f5ebed5a166c9436aaca569b4a018b8575efa643bd7ca04b25b86e581687d2142818c8b6fd6a33455d3322c572559c05b94e05069a4a57377f89e0acc4dc04b5b124198caac8c6816a20c5d9b1cc6c392d2731417775b079bbf1b8ee49a61c45bfc0ad9a4647153136c024fda072656a1ce550cc2d59c622b75339dc8f32097ec922b851b40ef58f02d156d63be340f021bbb585b66189b11348413d55916a3d19614861e569595f348429a3fb1321e27ebf24be3f084e7476a94ad2c7b89230641430f91ce36a2e3e84359f2f7d3baf35ac0fd63fda29e3f7addd90a38a5b455e0fa8b487d87b27a9e8c0bcaa246bec92136ef93ec4ca81b8fecdb8d3db653f8fca0d86adefe3f15071f3ea6ad03045d28d5b3f385fa850188ce53fffb2f99bff2652d26b9d85b3ac594299370e70c94f72b70e5a5f1f605ad3b486d2c9b2b30293133060fc2996ad9023895475e35dc368e357835fec86580d1425bb661a035c3a675db4b74424c2fc96b4820798dea2a856b0d0f6b0d043e4ef5db929bd41d76b64d8975a799b7e9ff1fa9cbe6ab808d68a165cf0d6667803a7ef71a8a59297397548c300062d6d3fb476da608f0e76775a983661fa89635f23f9b08c2673d438a5ebcd0ade42071108dabaf47f804ae15fa01bc255f946a2cde313c506b5e4119a9c9151c3ba2eb7e7eb3e539c6d108a6367f2a14210dee0fd0bd9165a956771e27966f50874a88bdced244a42ff3d57f655fbd748247197e584158b35b8df9545731f3cdd1e2088af8ccb1936851cb65a1fbc7b6ee57589239784b676382e253acfd04e4e92ceaeb3299cb9b443237f82aa0bbb5567272dbbe745442ee949a0c2f9b427969740aea85e2746eb9ff2f27e14da650279dd2144ad4c642bb0e77b6f542b044c1e0366ba51b3452f668fec71ff22ee91e9155f4cc6d691742bec125324ef238230973ddd69abdde1d2b9d88aecbe8379c21f261e0e2ce6b64edf240190ef5ba32149884cd46c15f633593504d345933d859540ed981cc47338b3034313af015168caad88f9d654c528619997510e1b12e7027fe54d7c9880b5de68ec58c15c007694f884f82f0af8d9449c201181b5697f2df35e9495c67aa7136e41133955f586b8b7370501513a7b54df6b755d4910d4cc0e295317266e8484c57ad1e8279308de4635ddbbf093084b8d2e79849acff7819c67870501e9440d20f62089ffacb5e91b1816c7758a017694dffb596c87af1425eea81120d2dac645c4e9b26018aec32fca8bbbbd2d7b33ae79b9a34a74a6e1c7ed8d1b65f831f9a31ce2fb4c854f8948d8914cc9ff3794cf69e674dba9da4dbb5398cfc5e13e1d11364fa402a84cceb5daa005c5b568e735d4d297a02be70628e6060e1967cdaece0d9c3dbf2eac25974b7a56878c7c1f4d2990048577c96c729cfaa27bf76c61e6d26a6114488016b6f6bfae0ba7073d290122babbd563c5c8e23574458edd01fa87fd2c5ff7708026de19991556c598731e5ce59f5f4c29869a4ada08072e8cff7bfcd711034f8ca3e957a6b3937f0ef82d6d832a4861f9db421ef416860a8a3e06856e8d1f78736e798bc147f1269c0376f1f7d2242e4dceaf3da20d2e69a6bc07ff28367aa837b3a2a9b147a5ff811055815511459e37f6b74f3231e54ba07e6e49f7e1dd435594e18a46dfa92ba18c4d289e50b3ac7d35302de56bb338e857c92e1e1b62ea88e6198adfab65d4208b3600a4a68c856e0363170431869cd45689ffe6e3be3f4db08aa94b2d8fe7aa10cd208adfa8440b625e121bdaa3688e626208c396b60f0749dc48c8845eb134fcc390fddad657a624b513a6644a863b4ec9e07e5ddd1efc12ad5e5b6a88e80216cdcd8069e59cc17dbeeade0c4e09d8db86cd6e36f829e9a27060afaf3078b824507a07e9f815bf71e165f0376961e7fb40feb99390ed6a7ec37129fcefda96ba4f883ad80c4d6bd1f30f524bef0484ed26b057fd58dcd584d3a09eec78834902315548390b46a66116b9d01fdc3ac4fbf24da8e82a23d47dd4734fd53a30d8cef7e2e4c7e96edfbd2be68c3013b65ca7bcd7283b069cc7955bf7a37f7d29ddb843128aa5ca7700679e2abbb2862c29f574f860cd554fb5289f1ed431acca4b4e003d4a6b8aaff73b4da60f436f899ac703b87d102f219ce4039adc0b023827f858e6e46d7103ca6ae2ac0eb9c26bc26b4c77a3a627951d80d4cad95bcd31cc00116190aa34d347e218ab77b33827a61fa30b8cbf060b340cf815725a785d46f27b8b42d5f0649c869d22ec970b925f9a9eb18e507a0edca6319f71a74ea69ae91e0baa8f0766a65cb437b6a8d9f1c52ea77be832489c6439fb8c14a9118787a34a0c4fa73972537fcfadb8960b0582b50f18764b7897ea9fc8cd7d639eeb22f2698567f15a13ff268cc899c5efc46eef44567004306ccd5948fd3e8d56bfb9d399b4a94c59445b76c2fdf4c1d913e5e5a77b49055df23ab3114f7251a2173c8f76ca19b65b9d467c77d140b98d5d38a998082f17bed044e8b59475b87f1115e7ff920920cc9c66cd01e9069f43fa9fe11666f24757f9f9d3e5c247749df2f7087be12e203b85a87097e90c6ff8a198560008454ed98293c28b63d8f7aae24863403ddb24f3117d821f03e015b306cfb90b3f1208e507ae78cf65b73b48308f233b8c9c54a8103391c9d803cc3d79e554d99c6977adf37943ab1fa24f80ec0892ec37d5cddf0a0a2324c99862b2ea530e60a83347c12314d3e06f4ce91eb329d32f16f26e613809dc05c8f4d6d586d673e1231908deb492b297b6b579a0768ebe678f3e8c419c4ec0589b492d91eb9ce083e1a1f2193ed92f2751da7d551226173aefb4544bf463417cf16f5e9c77133ecd2fb233da200b1aefc7a68afa661c209c8cc008868e9d60df31c4996ecbc8c2bf17dd0fbd8421b2b4a55883b911a2e303a11cbcce6861880e9174dd90b7e86bf0ecbe837fe0be378f6c1aa92a33efa8834a73dffed0bde1688ab7488145a95c2bbd4dfa568ff5712cfb0ef25deaff289fefac830caf629124de1f79a71aabcbaadf32b3f9c591085ca323c10df98a06c67a36ae5ae5e591ff12d2da6736fbbb9e78e6ebd90316f248972400c009ecce99a37e33ac6da9b206dd06587b6e5dc894bd676c6d3dde3b6b8770438d607ff48f8ba2106f751156fa4e6f8f7b65a5363a4fb18718b5d63a4c7d445aa5198ed6ecd398eb747cbe98dcdff7d582d7d7352fa13b3cec36943c0eea550e39cf697cb435110c57d94697d3898d865f594550871c81007543d7d66e0dbf2b49289f62776854365418fae4b0b9772197aef75a5e5ca66abef91b82d770f326e4cd476f260a930a10b65d3608d025a7f652dd87a0b26222b033b97375ee432659972da8ee34ee0a86cd5cf75a338a52ecedcc158", 0x1000, 0x3}, {&(0x7f0000000000)="8537c42ad6c9e2317bcd8ff6e49923638e159031c72964f9a1f1bc90020fea86105c81a8dbcbf9a3be969ade9fd469525f628bcd", 0x34, 0x4}, {&(0x7f0000001180)="c533b5ad66917be084e990a91895521121f8ca0cfa8137f43adcd62c55980e9035013e8c8bc76ac8de06b83f8816e001d809112e90b03d4eff7450817ff7f202b5a1e99509f0819b90698acbaf64c221f9c64f602a9f503c13a9510335a9fcd4defc0fa9bde4e99032e0cde17bcefb598c29cb4143071a73b4106e6092354296a7d652d4822469b36cc43cdb6324a12a0f25f224a987436cf8fadf80c049ee84e7d3a1bd14cfdbf5b201e12837a0470cae8b14d9498b54a87b1f22", 0xbb, 0x9}, {&(0x7f0000001240)="eb88001aca2b743648fd0dfb69c5ef55cfe8e71e9d849d355550a24047b5c7f5f07d9c5a50c022d50523ed2e482ebb7e0eee010fbcd00abc3660bc5f92753f479e2c7b221051b0ac216b852d7aa4eb8f29dfbfb373737bf6934d63c5887e50bd52da92c4b3740419747799bc3c7876e35f98ac7df5986f517673f96fa44fbe683a805219227e5b00121c6a192fd53d7b7b84b576c0e723474e6754fb3b39e8cda33217e2165474e9b0514b2e641edad64d241862cae287e93a", 0xb9, 0x6}, {&(0x7f0000000040)="872ee50bdb601d06a95ccf606ed04defa13c614f23e60b9a", 0x18, 0x6}, {&(0x7f0000001900)="d28f35e5982d945095f0764b049bff4a64680b3b4c68b45aa7953731a868571303c892402967465c0da9184d14514e198b489ad30cb13d45ee26bda2f2c6cf71dfe787155f2dd0f2ea0acc4303ea7757d35bc3dd295dab408802de9ef8556a59bebaa62660f3ee36a32f10ef9fae731eab1c6ea21f5bb57f7f89e2c47f50e9ecbbf75e64f6789d4944d8c5c930557f62eae1b669a854e53b2d7e6e188a78cc7b86cee6a808ff9d743b4b1a318f0a82ee93d18de0b4a5f0f0d4fb419d45d4f409f329e216315745d0b4f066fca70c5d32b2da9eb34ed751304b1605e95abe991f1963d9ec832ba9e83f29c3362520a21cdb4617de2359dbd4", 0xf8, 0x9}], 0x5, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) r3 = syz_open_dev$mice(&(0x7f0000001d40)='/dev/input/mice\x00', 0x0, 0x400) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001dc0)=0x0) sendmsg$nl_generic(r3, &(0x7f0000002240)={&(0x7f0000001d80)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000002200)={&(0x7f0000001e00)={0x3e4, 0x26, 0x20, 0x70bd26, 0x25dfdbfe, {0x1f}, [@nested={0x38, 0x2b, [@generic="9954333f3e0712b4a12ecbe9e27f65bcf4ee2d71f15dcdb61347e5228804d2a20081a6c98ccd708398404c9ad047cbd178"]}, @nested={0x390, 0x5b, [@typed={0x8, 0x76, @u32=0xfb01}, @generic="0159e8eb81734b056ea16af08053ad85165a524c912dbf3ee49cc7d7131ba698be67f4c331ec729f926f7ab43ac9aa01027582f40f082c6cd5e1ff256e351217389542ca", @typed={0x14, 0x50, @ipv6=@mcast2}, @generic="95eb314696843c20b0a2df13db256f5389511e60551172c0deaf6586084ba968c20447c9a9b440a876995c2e4ae7fd1e371d83761b10ba52149794011167598e88c11ca6dc1db4b636db132de65b6ba22a062152c74fe8c4c097253308f1483fd414f0c686aeccb98fcc0d83501e00416426cc8514e77aa60b77782d43c8054d529a92c8bb9aba6b199ea0e859bb2bad00fe67450620641e3040ada78209d13e5b52a686ceb1dd54c74f9733114ad269fca4a337f7d25bc7871b944e4aa01d36", @generic="f7dc89915d18895e9f8d12b15556f46f2316f84844459a309452bfb5649b2ba0a3c0f76f0a9832ba8df7ab40cf3ef53282551500087c8142857e319d4ef367e3a9d6cb0aa3db72d3d6ad1cf1226c8e609c035f76f807e7a085ca7a985368f8f02edadc536dd8f18bbb75502f6e74f7d0d416635e2362b653099f5f152813feed2680b518859d6a7e9f5fb23e08be2cc66a0b0b29fb48", @generic="869b2fb1bf3e846e54712d3f7f3ef142e59d09bd61d31480679683fdeb4add8834ee42b9cbea7a738068608cc8ead7000c760c054e85c4b2012711bf0c3502a7b15d7526572988542c6710894d7ccc2f8bcf0a01a6f4962fba490ffd5494d4d365ab9f06a83bacb6eb990027b06a9af90a3e8f4ba766a064adefd07780a18e31418e94581fe2c2dfa6ae3995df16e1fb65cbbe4ef18033ab9193506b19fe8fac8a9b812b53d3136dba7b850feb994f8f5fc232f636dfe857f4dc39ab0eccf3268432324b74b9208e5b414313c0dffabc2c6339ff482c2adca07a6fc3e78c2b54657752a5f16807d80083394023", @typed={0x8, 0x29, @pid=r4}, @typed={0x8, 0x60, @pid=r5}, @generic="5420bbdc994bca468fd798d4c40a4781ec091c102cb44306b1a71bd3e13f1b9560dc7652ae442acc1d6c786c79d200866fd215dccef1cac7a77bb29cb0db1f287d62678b4e9de1c2450fdb3b03de7b078824d4d4e222bd366af86a0beddc4fa5df5fe0ef29cee898cec8c74d8bb189aa675361d49123fadeb503cbbd18d7a45050905233748d58ee69d85c14727603ab8a875a71f389cd2369dfb2e11fd5bf9a8b5306deba50f17b4d2aadc981a2c8488c5e17e8f95441991f9d1b0573f27ff2d5ca17b9ecfc43382222a9f6aeda8830b050fd9378999dcc80"]}, @typed={0x8, 0x35, @str='\x00'}]}, 0x3e4}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f00000013c0)) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r6, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r6, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP6T_SO_GET_INFO(r6, 0x29, 0x40, &(0x7f0000001300)={'filter\x00'}, &(0x7f0000001380)=0x54) recvfrom$unix(r1, &(0x7f0000001800)=""/109, 0x6d, 0x20, &(0x7f0000001880)=@abs={0x0, 0x0, 0x4e20}, 0x6e) r7 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f00000014c0)='IPVS\x00') mknod$loop(&(0x7f0000001580)='./file0\x00', 0x200, 0x0) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000001540)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001500)={&(0x7f0000001680)={0x104, r8, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x9d}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x27}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xf341}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6f46}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x800}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xb0}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x80000000}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xfffff801}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xc00}]}, 0x104}, 0x1, 0x0, 0x0, 0xc0}, 0x21c7ae50e0143fa6) 16:16:25 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup3(r0, 0xffffffffffffffff, 0x80000) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40002}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x20000005) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:25 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:25 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:25 executing program 3: r0 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000100)='encrypted\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f00000001c0)='!3\t', 0x3, r0) 16:16:25 executing program 3: r0 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg(r0, &(0x7f0000005040), 0x15f, 0x0) 16:16:25 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:25 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 937.884008] binder: release 25482:25484 transaction 2062 out, still active [ 937.896829] binder: unexpected work type, 4, not freed 16:16:25 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') fsetxattr(r0, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', &(0x7f00000000c0)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&', 0x68, 0x4995693a79c74107) write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r3 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/context\x00', 0x2, 0x0) r4 = pidfd_open(0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r5, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r5, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r6 = openat$cgroup(r5, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) r7 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) poll(&(0x7f0000000200)=[{r3}, {r4}, {0xffffffffffffffff, 0x4000}, {r2, 0x100}, {r2, 0x80a8}, {r6, 0x3031}, {r7, 0xd0}], 0x7, 0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) [ 937.898867] binder: BINDER_SET_CONTEXT_MGR already set [ 937.898877] binder: 25482:25507 ioctl 40046207 0 returned -16 16:16:25 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:25 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000140)=ANY=[@ANYBLOB="e6ff0300544700000000000000000000080000000000da24178e68d5d802d536c27483587c5f3ce8c351d6743d4922cf0136646fc5b4ed0e59f69e6b1dfc204f0ba08b68df4b46a8cb6a56d28051b19f17f2f2b2f209101d40a655ae9eea3820404e1d3926d7d05dd5b1a79eabcf6bd25a3aa80600000000000000601678469781b02aceb3c6fd3eb35ab67861448a772cb95280c8b8e1b21d58fad95ecbe90d773318fb22729dc93069e359977688e6921f4ed6428541cd9a2f3d6402fcee807d0512e7c1af66b22860cf1d793564765979c0ce42692378dcbd438655b4366715499ce5d5301720addef7f454f47945f83bb7c1b351360affb4c7a3d1172da7cc414e5c2d5aa067c6acc749803134dfa66c17fa7f71792690", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x1a0}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) syz_mount_image$ext4(&(0x7f00000005c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x3fc}], 0x5, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') fsetxattr$security_ima(r0, &(0x7f0000000600)='security.ima\x00', &(0x7f0000000640)=@ng={0x4, 0x4, "32369d0cff4db245a1949cd4d60c512dda0657d9"}, 0x16, 0x2) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) perf_event_open(&(0x7f0000000540)={0x0, 0x70, 0x74, 0xff, 0x5, 0x2, 0x0, 0x71, 0x400, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x2, @perf_config_ext={0xffffffff, 0x1}, 0x20200, 0x5, 0x0, 0x0, 0xb5eb, 0x7, 0x8}, r1, 0x3, 0xffffffffffffffff, 0x8) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000780)=0x3f) r3 = socket$netlink(0x10, 0x3, 0x0) fsetxattr$smack_xattr_label(0xffffffffffffffff, &(0x7f00000007c0)='security.SMACK64MMAP\x00', &(0x7f0000000800)={'smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&'}, 0x69, 0x0) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x30, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x10, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4}}}]}, 0x30}}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000680)={{{@in=@multicast1, @in6=@ipv4={[], [], @multicast2}, 0x4e21, 0x0, 0x4e24, 0x0, 0x2, 0xa13c6a67556aa0a2, 0x20, 0x6, r5, r7}, {0x6, 0x1, 0x1000, 0xa35, 0xeb4, 0x9, 0xcf9f, 0x8}, {0x6, 0x1, 0xfff, 0x3}, 0x0, 0x6e6bb0, 0xa59a8ab3725e7016, 0x0, 0x1, 0x2}, {{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4d5, 0x3c}, 0x2, @in6=@remote, 0x0, 0x4, 0x0, 0x8, 0x6, 0x0, 0x8}}, 0xe8) write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000300)=ANY=[@ANYBLOB="8d2a000000000000030000000000000002000000d0060000010000000000000007000000000000002ff90000000000000002000000000000000000000000000000000000000000008c280000e1ff00"/88]) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000400)) r8 = dup(r0) ioctl$EVIOCGABS0(r8, 0x80184540, &(0x7f0000000480)=""/183) [ 937.971319] binder: BINDER_SET_CONTEXT_MGR already set [ 937.971328] binder: 25513:25514 ioctl 40046207 0 returned -16 [ 937.983049] binder: BINDER_SET_CONTEXT_MGR already set [ 937.983057] binder: 25513:25514 ioctl 40046207 0 returned -16 [ 937.985963] binder: 25513:25514 BC_INCREFS_DONE u0000000000000000 no match [ 937.985999] binder_alloc: 25482: binder_alloc_buf, no vma [ 937.986020] binder: 25513:25514 transaction failed 29189/-3, size 0-0 line 3284 [ 937.986231] binder: 25513:25514 unknown command 1937076852 [ 937.986238] binder: 25513:25514 ioctl c0306201 20000180 returned -22 [ 937.996809] binder: BINDER_SET_CONTEXT_MGR already set [ 937.996820] binder: 25513:25517 ioctl 40046207 0 returned -16 [ 938.002678] binder: BINDER_SET_CONTEXT_MGR already set [ 938.002684] binder: 25513:25514 ioctl 40046207 0 returned -16 [ 938.002713] binder: 25513:25517 BC_INCREFS_DONE u0000000000000000 no match [ 938.002742] binder_alloc: 25482: binder_alloc_buf, no vma [ 938.002757] binder: 25513:25517 transaction failed 29189/-3, size 0-0 line 3284 [ 938.002847] binder: 25513:25517 unknown command 1937076852 [ 938.002855] binder: 25513:25517 ioctl c0306201 20000180 returned -22 [ 938.198394] binder: unexpected work type, 4, not freed [ 938.203718] binder: undelivered TRANSACTION_COMPLETE [ 938.222728] binder: undelivered TRANSACTION_ERROR: 29189 [ 938.260794] binder: undelivered TRANSACTION_ERROR: 29189 [ 938.266536] binder: send failed reply for transaction 2062, target dead 16:16:28 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:28 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$FUSE_POLL(r1, &(0x7f0000000100)={0x18, 0x0, 0x7, {0xfffffffb}}, 0x18) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r4 = accept4$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000002c0)=0x14, 0x800) sendto(r4, &(0x7f0000000400)="3bc7dc72a2319a970de2f33b96b8fe9b3a832f83dbe5561383d7e3b55f4ea1dd667e959948aea270753073a265917a50ca25cc519cdad60f22aba4b144fe223ceac809e72091fed54743fab7ca2a2293e58f1e6b704dc9810093fdcdfc502a213e396b40b2757a9d4306d131914f8417a4ca83c31bc3e89c7d0bcfe8eb0ce0ccbd2781fbfb2f704b259b413ce7aa3d98508ed9959eae26b9002749779327795b86daaf6f1bf47debf624e8160f77f745", 0xb0, 0x42880, &(0x7f00000004c0)=@rc={0x1f, {0x40, 0xff, 0x1, 0x4, 0x4, 0x6a}, 0x4f}, 0x80) write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$IP_VS_SO_SET_DEL(r2, 0x0, 0x484, &(0x7f00000000c0)={0x0, @multicast2, 0x4e20, 0x4, 'fo\x00', 0x8, 0x9, 0x6b}, 0x2c) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:28 executing program 3: r0 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg(r0, &(0x7f0000005040), 0x15f, 0x0) 16:16:28 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r1 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x350b3a201ef2c9f2) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x48100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x64, r2, 0x0, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xad}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffffff26}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x6d59f5cdc0548986}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@rand_addr="5076d2a1a50ac122192b7f18b091f20a"}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x4020000) lsetxattr$security_ima(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='security.ima\x00', &(0x7f00000002c0)=@v1={0x2, "fd"}, 0x2, 0x5) sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x21c224dbd1229f75}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x0, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x10001}]}, 0x1c}}, 0xd0) openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x47c726bde3d0f010, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x4000000000000000, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x5, 0x0) 16:16:28 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x5, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:28 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001100000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="8561646600000000040000000000000002000000000000003900000000000000852a62730000000000000000000000000000000000000000852a74700000000000000000000000000000000000000000000000007f00"/96], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x008\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 940.873105] binder: release 25534:25536 transaction 2070 out, still active [ 940.882686] binder: unexpected work type, 4, not freed [ 940.883611] binder: BINDER_SET_CONTEXT_MGR already set 16:16:28 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000140)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r2, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=0x284, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x5, 0x4}, 0x0, 0x0, &(0x7f0000000280)={0x0, 0xf, 0x66, 0x7}, &(0x7f00000002c0)=0xd5, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=0x8000}}, 0x10) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05ff"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x8, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x5, 0x0) 16:16:28 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@fda={0x66646185, 0x1, 0x1, 0x15}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x20, 0x38}}, 0x1040}], 0x26c, 0x0, 0x0}) [ 940.883620] binder: 25534:25542 ioctl 40046207 0 returned -16 [ 940.947082] binder: unexpected work type, 4, not freed [ 940.964289] binder: BINDER_SET_CONTEXT_MGR already set 16:16:28 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000140)=ANY=[@ANYBLOB="693335e6ff03005488edbe40a8a46a0f3e7e3376f845e3afc391c6864386dbda8ddd57a0f485f17398942a2f5c4d6fe201a2122ab70000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000007c0)={0x7f, 0x5, 0x3000}, 0x4) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000340), 0x5, 0x0) r3 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x230000, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000240)='./file0\x00', 0x100000000, 0x8, &(0x7f00000006c0)=[{&(0x7f0000000280)="8bf11f704455b67ee9191f0649fbc9a943eb66981fb34a7f7a93a5fc042827991eb7945924d43e9927e359093ac33171acdb873dbfe9227605d4aa93546128f90f8457e59f0788c80162da5ba45fd974b16d3f2900ad3cf8c3af222c1cd1c91ce2ca07a961", 0x65}, {&(0x7f0000000300)="8e8b0a3ca829951e24caf77fd7f0af474c29", 0x12}, {&(0x7f0000000400)="d8a816c2dd50ddff05e9f67164fc2f0224be77803896c4cb5d83802b8b2d962a45a122e47638058ec5e3d352881c0aa1175c18ffd3fc511754c85d1425a809e27f29268d4019417424635b57a0e28e213dfc237ae1ca8d0997ebf10f54376d11a811242c237480", 0x67, 0x3ff}, {&(0x7f0000000480)="086264078de7e559cd16cdf76e198c9f3c49dd4df8cedcd35d5801e625bde6ed392ac9c4369e769600484b376f7b7f744fec48cc309a7dcf6f8b53cfe2e1f8d11d6c95e5500990f03847ff10e01b59a095dbccd694f204c395400d2efb4ecd855fd92e5adeada850ec2466dff1262d3084ae34f5ddd36bdea09d60f2c033a4339de59d43be97cb58049f7f045bd2e7648f9da7c430c7bcd2b65c4842e83a", 0x9e, 0x8000}, {&(0x7f0000000540)="a573a2e064c8ee75636bc9216de02c0c5f", 0x11, 0xfffffffffffffff7}, {&(0x7f0000000580)="7bfa3781fb0a5ac0b5216f0db7a71fe03edc66f1266143a99bf81e313922bbb6e7a4335b1d315f7aa37b0dc19319839260", 0x31, 0x207}, {&(0x7f00000005c0)="012ba9f1cf6d18cd52e04820fc80c3cfc958cb0d8c5f4da1bd7f767cd2189aeabbbcc21fc78cd1861296e266aed472f26405edc5387a0222c2a428fe12f931e2253cd063b542d2eaebcb33b0bfcb22fc4f84212a5d85ce1e99b4a5fc8698db9931fcea08b96a13b9098bf1c20ec1faccfe4d6b92233cdec2487ae5", 0x7b, 0xe0}, {&(0x7f0000000640)="e17b0429c89ad9d893053abc18871a587971370c809dc8d28e8a764b5a8c9892d08705a37b6fc31b1efbb06bcd9aceda7134bfe396052198707fe7534da3f2ee239f638dd1", 0x45, 0x7f}], 0x1321002, &(0x7f0000000780)={[{@grpid='grpid'}, {@grpquota='grpquota'}], [{@dont_appraise='dont_appraise'}]}) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x480, 0x0) write$FUSE_POLL(r4, &(0x7f0000000100)={0x18, 0x0, 0x3, {0x6}}, 0x18) fchdir(r3) 16:16:28 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffef79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000040000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r0, 0x0, 0xe, 0x0, &(0x7f0000000180)="bd6bf45ec5bbbb203dcc7ca739cc", 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000280)='\x00', 0x0}, 0x40) 16:16:28 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.opaque\x00', &(0x7f0000000140)='y\x00', 0x2, 0x2) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 940.964298] binder: 25550:25553 ioctl 40046207 0 returned -16 [ 940.965428] binder_alloc: 25534: binder_alloc_buf, no vma [ 940.965447] binder: 25550:25553 transaction failed 29189/-3, size 96-17 line 3284 [ 940.969999] binder: BINDER_SET_CONTEXT_MGR already set [ 940.970008] binder: 25550:25554 ioctl 40046207 0 returned -16 [ 940.970254] binder_alloc: 25534: binder_alloc_buf, no vma [ 940.970272] binder: 25550:25554 transaction failed 29189/-3, size 96-17 line 3284 [ 941.026781] binder: BINDER_SET_CONTEXT_MGR already set [ 941.026789] binder: 25557:25560 ioctl 40046207 0 returned -16 [ 941.033909] binder: BINDER_SET_CONTEXT_MGR already set [ 941.033922] binder: 25557:25561 ioctl 40046207 0 returned -16 [ 941.086952] binder: BINDER_SET_CONTEXT_MGR already set [ 941.086962] binder: 25568:25569 ioctl 40046207 0 returned -16 [ 941.087321] binder_alloc: 25534: binder_alloc_buf, no vma [ 941.087339] binder: 25568:25569 transaction failed 29189/-3, size 88-24 line 3284 [ 941.094959] binder: BINDER_SET_CONTEXT_MGR already set [ 941.094970] binder: 25568:25571 ioctl 40046207 0 returned -16 [ 941.184614] binder: undelivered TRANSACTION_COMPLETE [ 941.194680] binder: undelivered TRANSACTION_ERROR: 29189 [ 941.205363] binder: undelivered TRANSACTION_ERROR: 29189 [ 941.211318] binder: undelivered TRANSACTION_ERROR: 29189 [ 941.216990] binder: send failed reply for transaction 2070, target dead 16:16:31 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:31 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs\x00') sendfile(r0, r1, 0x0, 0xedc0) 16:16:31 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f00000002c0)) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$9p(r1, &(0x7f00000000c0)="3f7221921d4b3693949da4f05658c3f09f239ead87a7fb745c1f4e54171c6162aa4ed7554893b9f54b1e785d79bb1e552c512797b0fea35326388ee06513d1be88b7f7a7f856821e0976324aaaded9f689a0c50a8020e0e52269a82f8768", 0x5e) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000300)={0xfffffff8, 0x6, 0x913, 0x0, 0x2}) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, &(0x7f0000000280)=0x8) 16:16:31 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x5, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:31 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000140)=ANY=[@ANYBLOB="e60000000000000000000000000000000002000001004bc61951d0b79f8b9254a86da6de5e02d3340602e13c998392136ee5e92643df392fe2a0f7f162e1f278", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x420, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000003c0)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet6_buf(r2, 0x29, 0x194, &(0x7f0000000400)=""/181, &(0x7f00000004c0)=0xb5) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000008}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x68, r1, 0x409, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x1000, @media='eth\x00'}}}, ["", "", "", ""]}, 0x68}}, 0x4) 16:16:31 executing program 3: 16:16:31 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, 0xfffffffffffffffd, 0x200, 0x0) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f0000000000)={0x7, 0x10000, 0x4c, 0x84b, 0x4, 0x7}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) [ 943.867518] binder: release 25581:25584 transaction 2079 out, still active [ 943.879984] binder: unexpected work type, 4, not freed [ 943.891773] binder: BINDER_SET_CONTEXT_MGR already set 16:16:31 executing program 3: 16:16:31 executing program 3: 16:16:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 943.891784] binder: 25581:25584 ioctl 40046207 0 returned -16 [ 943.923497] binder: unexpected work type, 4, not freed [ 943.935887] binder: undelivered TRANSACTION_COMPLETE [ 943.955825] binder: send failed reply for transaction 2079, target dead 16:16:31 executing program 3: [ 943.973005] binder: BINDER_SET_CONTEXT_MGR already set [ 943.973015] binder: 25600:25609 ioctl 40046207 0 returned -16 [ 946.300595] ip6_tunnel: g xmit: Local address not yet configured! 16:16:34 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:34 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000100)={0x26, 0xd, 0xd, 0xb, 0x4, 0x9, 0x3, 0xa9}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000002240)={0x0, 0x0}) recvmmsg(r1, &(0x7f0000002140)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)=""/51, 0x33}, {&(0x7f0000000400)=""/217, 0xd9}, {&(0x7f0000000500)=""/242, 0xf2}], 0x3, &(0x7f0000000300)=""/25, 0x19}, 0x8000}, {{&(0x7f0000000600)=@tipc=@id, 0x80, &(0x7f0000001780)=[{&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000001680)=""/35, 0x23}, {&(0x7f00000016c0)=""/182, 0xb6}], 0x3, &(0x7f00000017c0)=""/59, 0x3b}, 0x2}, {{&(0x7f0000001800)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000001d80)=[{&(0x7f0000001880)=""/135, 0x87}, {&(0x7f0000001940)=""/21, 0x15}, {&(0x7f0000001980)=""/23, 0x17}, {&(0x7f00000019c0)=""/110, 0x6e}, {&(0x7f0000001a40)=""/126, 0x7e}, {&(0x7f0000001ac0)=""/170, 0xaa}, {&(0x7f0000001b80)=""/103, 0x67}, {&(0x7f0000001c00)=""/74, 0x4a}, {&(0x7f0000001c80)=""/232, 0xe8}], 0x9}, 0x9}, {{&(0x7f0000001e40), 0x80, &(0x7f0000002000)=[{&(0x7f0000001ec0)=""/61, 0x3d}, {&(0x7f0000001f00)=""/50, 0x32}, {&(0x7f0000001f40)=""/178, 0xb2}], 0x3, &(0x7f0000002040)=""/225, 0xe1}, 0x4}], 0x4, 0x1, &(0x7f0000002280)={r3, r4+30000000}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r6, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r6, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_udp_encap(r6, 0x11, 0x64, &(0x7f0000000200)=0x2, 0x4) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f00000022c0)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a646600000000", @ANYRES32=r5, @ANYBLOB="000000000000000000000000852a7470000004000000000000000000000000000000000000000000000000000000000000000000b58fae1bdbcf5287262d36edc1e51ca359b05dfa882bf19cf74300efa53ea3b6d418414a247ff46a3f9a527aafc65e84c845e472c175dfb1be7e5ee35d4eef"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xffffffffffffff9b, 0x0, 0x0}) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000000c0)=0x9) keyctl$invalidate(0x15, 0x0) 16:16:34 executing program 3: 16:16:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:34 executing program 4: prctl$PR_SET_FP_MODE(0x2d, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r1 = dup2(r0, 0xffffffffffffffff) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) recvfrom(r1, &(0x7f00000001c0)=""/38, 0x26, 0x10000, &(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x0, 0x1, 0x2, 0x4, {0xa, 0x4e23, 0x92fd, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1f}}}, 0x80) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, &(0x7f0000000140), &(0x7f0000000180)=0x4) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:34 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x5, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:34 executing program 3: 16:16:34 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240)='/dev/net/tun\x00', 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x20001000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'eql\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00*', 0x102}) ioctl$sock_ifreq(r1, 0x8914, &(0x7f00000000c0)={'eql\x00\x00\x00\xa9[\x00', @ifru_mtu=0x1}) dup3(r0, r2, 0x0) [ 946.870170] binder: 25622:25624 got transaction with fd, -1, but target does not allow fds [ 946.899020] binder: 25622:25624 transaction failed 29201/-1, size 88-24 line 3427 16:16:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) [ 946.918723] binder: 25622:25624 ioctl c0306201 20000180 returned -14 [ 946.935467] binder: undelivered TRANSACTION_ERROR: 29201 [ 946.946523] binder: BINDER_SET_CONTEXT_MGR already set 16:16:34 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/b\x05nder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) prctl$PR_GET_FP_MODE(0x2e) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/234, 0x0, 0x2, 0x15}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x2db, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 946.946531] binder: 25622:25638 ioctl 40046207 0 returned -16 16:16:34 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000000100)={0x0, {0x2, 0x4e23, @remote}, {0x2, 0x4e24, @remote}, {0x2, 0x4e24, @empty}, 0x100, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)='teql0\x00', 0x21, 0x8, 0x4}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:34 executing program 5: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 946.959411] binder_alloc: 25622: binder_alloc_buf, no vma [ 946.959434] binder: 25622:25638 transaction failed 29189/-3, size 88-24 line 3284 [ 946.959467] binder: 25622:25638 ioctl c0306201 20000180 returned -14 [ 947.041385] binder: BINDER_SET_CONTEXT_MGR already set [ 947.041393] binder: 25654:25655 ioctl 40046207 0 returned -16 [ 947.041623] binder_alloc: 25622: binder_alloc_buf, no vma [ 947.041641] binder: 25654:25655 transaction failed 29189/-3, size 88-24 line 3284 [ 947.047257] binder: BINDER_SET_CONTEXT_MGR already set [ 947.047266] binder: 25654:25656 ioctl 40046207 0 returned -16 [ 947.047852] binder_alloc: 25622: binder_alloc_buf, no vma [ 947.047873] binder: 25654:25656 transaction failed 29189/-3, size 88-24 line 3284 [ 947.143266] binder: undelivered TRANSACTION_ERROR: 29189 [ 947.148882] binder: undelivered TRANSACTION_ERROR: 29189 [ 947.154591] binder: undelivered TRANSACTION_ERROR: 29189 16:16:37 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:37 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/dev_mcast\x00') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) fchmodat(r3, &(0x7f00000008c0)='./file0\x00', 0xf) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') r5 = syz_open_dev$sndtimer(&(0x7f0000000900)='/dev/snd/timer\x00', 0x0, 0x5a280d4c55b27d7b) ioctl$SNDRV_TIMER_IOCTL_TREAD(r5, 0x40045402, &(0x7f0000000940)) write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r6, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r6, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') r8 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000980)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$P9_RREADLINK(r8, &(0x7f00000009c0)={0x19, 0x17, 0x1, {0x10, './file0/../file0'}}, 0x19) write$char_usb(r7, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r7, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xfffffffeffffffff) r9 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000880)={0xe8, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0c63000012634840000000000000000000000000000000000000000000000000000000000000000050000000000000001800000000000000", @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB="852a646600000000", @ANYRES32=r4, @ANYBLOB="0000000000000000000000008561646600000000050000000000000001000000000000002700000000000000852a6873000100"/68], @ANYPTR=&(0x7f0000000400)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB="000c00000000000011634840020000000000000000000000000000000000000003000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB="852a646600000000", @ANYRES32=r6, @ANYBLOB="000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000440)=ANY=[@ANYBLOB='\x00'/235], @ANYBLOB="eb0000000000000001000000000000001700000000000000852a646600000000", @ANYRES32=r2, @ANYBLOB='\x00'/12], @ANYPTR=&(0x7f00000005c0)=ANY=[@ANYBLOB="000000000000000018000000000000004000000000000000"], @ANYBLOB="8010000000000000066304400300000001634040000000000000000000000000000000000000000010000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000680)=ANY=[@ANYBLOB="852a747000000000", @ANYPTR=&(0x7f0000000600)=ANY=[@ANYBLOB='\x00'/94], @ANYBLOB="5e0000000000000002000000000000002f00000000000000852a646600000000", @ANYRES32=r7, @ANYBLOB="000000000000001d983084e7cb107d471e0a89f0", @ANYRES32=r9, @ANYBLOB='\x00'/12], @ANYPTR=&(0x7f0000000700)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x17, 0x0, &(0x7f0000000840)="079b5d9ac001977a9d9dea925813d581cd088a15eb1226"}) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x28, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="086310200000000000000000000040000000e4ffffff000000000000", @ANYRES64=r1], 0x56, 0x0, &(0x7f0000000100)="be6ac903d72f2770938bf3fb22907830cf45193a694147a675a90f030641e9b7ebb0f39a6e71127381b724886fa16b291b7edd5ceb3e446bf58134b9a0cfc2746917d1211e767945a9a9987837e5ac55d2c61f6e68d1"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r10 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:37 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0xb00005, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0xe0681, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 16:16:37 executing program 5: open(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:37 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r1, 0x0, 0x0) 16:16:37 executing program 3: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ftruncate(0xffffffffffffffff, 0x9) r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) fdatasync(r0) 16:16:37 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) unlink(&(0x7f00000000c0)='./file0\x00') sync_file_range(0xffffffffffffffff, 0x6f2e, 0xd24b, 0x2) 16:16:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:37 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x4) ioctl$VT_ACTIVATE(r0, 0x5606, 0x903) 16:16:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @rand_addr="ff3e6808e92b7abafc47d822996f60e4"}, 0x1c) r2 = open(&(0x7f0000000080)='./file0\x00', 0xa0001, 0x60) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f00000001c0)) write(r1, &(0x7f00000002c0), 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000100), 0x4) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r5, &(0x7f0000000040)=""/11, 0xb) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) inotify_init() clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) sched_setattr(0x0, &(0x7f0000000400)={0x30, 0x1, 0x0, 0x0, 0x1}, 0x0) pselect6(0xc, &(0x7f00000000c0)={0x0, 0x0, 0x5}, 0x0, &(0x7f0000000140)={0x1b4, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 16:16:37 executing program 2: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) ftruncate(0xffffffffffffffff, 0x208200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000280)=""/137, &(0x7f0000000100)=0x89) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007fff) keyctl$assume_authority(0x10, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lsetxattr$trusted_overlay_redirect(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000094440000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000005000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000edffffffffffffff00000003000000000000000000000000000000000000000000000000000000eeffffff00000000e2ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000c4d300000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000080000000000000000000000000000000000000000000000000040ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000404110061ca7c55a5e42d81d1e234c789375b23d36d0b7bd15e04e813cd723f47ce56dffa04c1f203e51942829b769c021a132a47ccf4ac88c150bfed88c8aa4db6efaf6839814663b22c44fc5c577657253c50de4d1797c8a8195d482f8537d4f9aeaf495c01d5a31348917325b55b4136f49a20b50d881350d03870439d9759097585033743069099a0c14b7ca9b9fdbba4b31e8658d38d801fc074013102247ae529fe94b9529742c76d1825a441f8205c765deabf008b3e6ac5064c0c2ca8030c651abbfe7fe8803ff6a2a5de91470a21ed3a29fbe853bf2625e00600d9e32fdac5c79c83d19c110c2cccfc32f7f99ea69994f81d903641120915cdcf49efeed42a2054e0544b5f53f43e4f7ab5b6037071e14229606aa0c3d7b7313232a904dbaedc6bd9fe7a1e54afc699624941b6c58fe24ca2338d97bbae7b60c350e72039f84328e39fdf444997aa080a882a81da917d4739bcbb223be6d19106fa4a239fa48a231a9786875523675a7058bc9135228354b3c161cd1c0d0e38d3e1514182f02f3a3a5273fa134e2756aee14acf52e878855b3c2d10bcc65caa785eb923078eebe9a92a0010fd0d9d4175cac3fa4c2ffa948ef6ace5b105904f91733855793c9e18e122e47a5cbf17b194016d3f938504c682a6e79af70f6028f13657100e36d31586511114091a8155a90889521a35f3997b6aa2e120fc6f1d8d38960e3659620e0c6192950e94000000000000000000000000000000003eb09ed9381be96996002d301735aa505e22a9336b362a1a28c3a0f70cc499152a43db91fa9e1569083a5d522702cd13ccba06629a50b3c11482cf9a948bcadbdae6da92f4d1a9b6bbea4b5faa8a9661ee1ccc6ef24efeafa4e233e36dfba0d7cba9be865b767c409cc5d90dfdd6ff9fe276fbf345b8af202eb993eb2548bdd841a4bb28e65b4125da980f6419f80eef639d7b90243b8fb9717755408f551411af115da7cf3e52d99a30bdc09d58cdbb55d997d51a57fb71a77b05ea854cb2675ab5cfc537a999fd49e671aae1109e23d79c9ee4c8e5dc476458537142b0"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) fcntl$setpipe(r2, 0x407, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 950.176299] binder: release 25705:25711 transaction 2097 out, still active [ 950.184674] binder: unexpected work type, 4, not freed [ 950.193704] binder: unexpected work type, 4, not freed [ 950.199084] binder: undelivered TRANSACTION_COMPLETE [ 950.311361] binder: send failed reply for transaction 2097, target dead 16:16:40 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:40 executing program 5: open(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:40 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaac49, &(0x7f0000000100), 0x5, 0x0) 16:16:40 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/enforce\x00', 0x200, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="08631040000000000000000000000000000000000063404000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd87459828b2ea4d5b80debbf0798ba53006a4f6d7ddf1c05d31278fe5dfc202a1ecfdc9ff089299fc747712935c29449e03bb968326a67c74dd556fb2"], 0x0, 0x0, 0x0}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) openat$cgroup_procs(r4, &(0x7f00000000c0)='cgroup.threads\x00', 0x2, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r4, 0x2405, r4) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$TCGETS(r1, 0x5401, &(0x7f0000000280)) 16:16:40 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @rand_addr="ff3e6808e92b7abafc47d822996f60e4"}, 0x1c) r2 = open(&(0x7f0000000080)='./file0\x00', 0xa0001, 0x60) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f00000001c0)) write(r1, &(0x7f00000002c0), 0x0) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000100), 0x4) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) read(r5, &(0x7f0000000040)=""/11, 0xb) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) inotify_init() clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) sched_setattr(0x0, &(0x7f0000000400)={0x30, 0x1, 0x0, 0x0, 0x1}, 0x0) pselect6(0xc, &(0x7f00000000c0)={0x0, 0x0, 0x5}, 0x0, &(0x7f0000000140)={0x1b4, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 952.918569] binder: BINDER_SET_CONTEXT_MGR already set [ 952.931716] binder: 25720:25723 ioctl 40046207 0 returned -16 [ 952.942820] binder: 25720:25723 BC_INCREFS_DONE u0000000000000000 no match [ 952.952347] binder: 25720:25723 BC_INCREFS_DONE u0000000000000000 no match [ 952.959757] binder: BINDER_SET_CONTEXT_MGR already set 16:16:40 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0863104000000000000000000000000000000000006340400000000000000000000000000000000000000000005e99d209d910ba160000000000000000000000000000e1ff00000000003c00"/88], 0x0, 0x0, 0x0}) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000140)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='-^(em0cpusetkeyring#*a-&-!system\x00', 0x4) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0863104000000000000000000000000000000000006340400000000000000000000000000000000000000000000000000000000000090000000000000000edffffffffffffff0000000000000000000000000000000000009116d9da"], 0x0, 0x0, 0x0}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x288, &(0x7f0000001600)={&(0x7f00000000c0)=ANY=[]}, 0x1, 0x0, 0x0, 0x8000}, 0xa488ab1d1771eb77) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x6, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a}], 0x5, 0x0) 16:16:40 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat=@weak_handle={0x77682a85, 0x1, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 952.965656] binder: 25720:25723 ioctl 40046207 0 returned -16 [ 952.979224] binder: 25720:25723 ioctl 5401 20000280 returned -22 [ 952.997738] binder: release 25720:25723 transaction 2105 out, still active [ 953.007174] binder: unexpected work type, 4, not freed 16:16:40 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) prctl$PR_GET_FPEMU(0x9, &(0x7f00000000c0)) [ 953.008141] binder: BINDER_SET_CONTEXT_MGR already set [ 953.008151] binder: 25720:25736 ioctl 40046207 0 returned -16 [ 953.009221] binder: BINDER_SET_CONTEXT_MGR already set [ 953.009229] binder: 25720:25736 ioctl 40046207 0 returned -16 16:16:40 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000400)=ANY=[@ANYBLOB="852a627314030000020000000000000000b82359aa2e6ca6c6e20d5de4d53e8200000000000000852a62730000000000000000000000000000000000000000852a747000000000000000000000000000000000000000000000000000000075cd9529c3b068ffa57d276e7bbb9c99cedfd30ada42b31ad61701c2ff4a7dde4fc4ff0dcdeb48fe24b19c56dae416982fb09c767fecac3853a81ac4f8a5d1201f5935ee8bc804822f61fd4ba9534e6351449f470f26550fb89686a9af7d6f06d99b8e85643e24b41e43d452e3138206b0a06ba43f67f96ce2c6692e0909b9ee2d92f468229225279a9ce78db6235be321322e98a60998fc9dcd736d6bae718c4a2f60ede678fef8aa14436d24d1312ec47408944aeaf028d5f6"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018002713000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r2 = accept4$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, &(0x7f0000000100)=0x10, 0x81000) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_mreqsrc(r3, 0x0, 0x26, &(0x7f0000000280)={@rand_addr=0x1, @local, @rand_addr=0x4}, 0xc) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000000200)={0x1, 0xacbb, 0x100, 0x9, 0x4, 0xfda}) setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000140)={0x62, @multicast2, 0x4e24, 0x1, 'wlc\x00', 0x2, 0x40, 0x41}, 0x2c) [ 953.012592] binder: 25720:25737 BC_INCREFS_DONE u0000000000000000 no match [ 953.012627] binder_alloc: 25720: binder_alloc_buf, no vma [ 953.012647] binder: 25720:25737 transaction failed 29189/-3, size 0-0 line 3284 [ 953.013568] binder: 25720:25736 BC_INCREFS_DONE u0000000000000000 no match [ 953.013669] binder_alloc: 25720: binder_alloc_buf, no vma [ 953.013690] binder: 25720:25736 transaction failed 29189/-3, size 0-0 line 3284 [ 953.014067] binder: BINDER_SET_CONTEXT_MGR already set 16:16:41 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f00000000c0)={0x18, 0xf, 0x1, {{0x9, 0x2, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0xffffffffffffff66, &(0x7f0000000200)={@fd={0x66642a85, 0x0, r2}, @flat=@binder={0x73622a85, 0xa}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:41 executing program 5: open(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 953.014073] binder: 25720:25723 ioctl 40046207 0 returned -16 [ 953.033002] binder: 25734:25735 BC_INCREFS_DONE node 2112 has no pending increfs request [ 953.033021] binder: 25734:25735 got transaction to context manager from process owning it [ 953.033036] binder: 25734:25735 transaction failed 29201/-22, size 0-1098991534080 line 3129 [ 953.034854] binder: BINDER_SET_CONTEXT_MGR already set [ 953.034862] binder: 25734:25735 ioctl 40046207 0 returned -16 [ 953.040294] binder: 25734:25735 BC_INCREFS_DONE u0000000000000000 no match [ 953.040331] binder_alloc: 25734: binder_alloc_buf, no vma [ 953.040350] binder: 25734:25735 transaction failed 29189/-3, size 0-0 line 3284 [ 953.040862] binder: BINDER_SET_CONTEXT_MGR already set [ 953.040870] binder: 25734:25735 ioctl 40046207 0 returned -16 [ 953.040939] binder: 25734:25735 BC_INCREFS_DONE u0000000000000000 no match [ 953.040961] binder_alloc: 25734: binder_alloc_buf, no vma [ 953.040978] binder: 25734:25735 transaction failed 29189/-3, size -5348024557502464-281474976710655 line 3284 [ 953.046312] binder: BINDER_SET_CONTEXT_MGR already set [ 953.046321] binder: 25734:25735 ioctl 40046207 0 returned -16 [ 953.052986] binder: 25734:25742 BC_INCREFS_DONE u0000000000000000 no match [ 953.053019] binder_alloc: 25734: binder_alloc_buf, no vma [ 953.053039] binder: 25734:25742 transaction failed 29189/-3, size 0-1098991534080 line 3284 [ 953.053498] binder: BINDER_SET_CONTEXT_MGR already set [ 953.053505] binder: 25740:25743 ioctl 40046207 0 returned -16 [ 953.053816] binder_alloc: 25720: binder_alloc_buf, no vma [ 953.053833] binder: 25740:25743 transaction failed 29189/-3, size 88-24 line 3284 [ 953.053853] binder: BINDER_SET_CONTEXT_MGR already set [ 953.053860] binder: 25734:25742 ioctl 40046207 0 returned -16 [ 953.053995] binder: 25734:25735 BC_INCREFS_DONE u0000000000000000 no match [ 953.054015] binder_alloc: 25734: binder_alloc_buf, no vma [ 953.054031] binder: 25734:25735 transaction failed 29189/-3, size 0-0 line 3284 [ 953.054947] binder: BINDER_SET_CONTEXT_MGR already set [ 953.054954] binder: 25734:25742 ioctl 40046207 0 returned -16 [ 953.060029] binder: 25734:25735 BC_INCREFS_DONE u0000000000000000 no match [ 953.060053] binder_alloc: 25734: binder_alloc_buf, no vma [ 953.060073] binder: 25734:25735 transaction failed 29189/-3, size -5348024557502464-281474976710655 line 3284 [ 953.060895] binder: BINDER_SET_CONTEXT_MGR already set [ 953.060903] binder: 25740:25744 ioctl 40046207 0 returned -16 [ 953.061551] binder_alloc: 25720: binder_alloc_buf, no vma [ 953.061568] binder: 25740:25744 transaction failed 29189/-3, size 88-24 line 3284 [ 953.329986] binder: BINDER_SET_CONTEXT_MGR already set [ 953.329997] binder: 25748:25750 ioctl 40046207 0 returned -16 [ 953.334434] binder_alloc: 25720: binder_alloc_buf, no vma [ 953.334512] binder: 25748:25750 transaction failed 29189/-3, size 88-24 line 3284 [ 953.357843] binder: BINDER_SET_CONTEXT_MGR already set [ 953.357853] binder: 25748:25751 ioctl 40046207 0 returned -16 [ 953.592964] binder: BINDER_SET_CONTEXT_MGR already set [ 953.592973] binder: 25754:25756 ioctl 40046207 0 returned -16 [ 953.594760] binder_alloc: 25720: binder_alloc_buf, no vma [ 953.594780] binder: 25754:25756 transaction failed 29189/-3, size 88--154 line 3284 [ 953.627312] binder: BINDER_SET_CONTEXT_MGR already set [ 953.627324] binder: 25754:25757 ioctl 40046207 0 returned -16 [ 953.931597] binder: unexpected work type, 4, not freed [ 953.936881] binder: undelivered TRANSACTION_COMPLETE [ 953.942114] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.947696] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.953374] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.958861] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.964364] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.969826] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.975346] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.980909] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.986356] binder: undelivered TRANSACTION_ERROR: 29189 [ 953.991850] binder: undelivered TRANSACTION_ERROR: 29201 [ 953.997343] binder: undelivered TRANSACTION_ERROR: 29189 [ 954.002843] binder: undelivered TRANSACTION_ERROR: 29189 [ 954.008341] binder: release 25720:25723 transaction 2103 out, still active [ 954.015391] binder: undelivered TRANSACTION_COMPLETE [ 954.020566] binder: release 25720:25723 transaction 2104 out, still active [ 954.027619] binder: undelivered TRANSACTION_COMPLETE [ 954.032834] binder: send failed reply for transaction 2103, target dead [ 954.039593] binder: send failed reply for transaction 2104, target dead [ 954.046401] binder: send failed reply for transaction 2105, target dead 16:16:43 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:43 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:43 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r1, 0x1001, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000010}, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x34, &(0x7f0000001600)={&(0x7f0000000140)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c11df8a31be477014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6070000001e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706e99644ce21b8e89e5300004c001f00ff6a4518c96e41797deb8dbfcd05c157a7dbbd3ce256fb1cd7e01f78a7456543cc6236835304c9839ae5f3a1c2807c256cbbf087a3c149404995b9915de72d37716f1808836848d34b4c6ddb6a9994ac453e977c36989e8d7d3681a5a498301fa8086a314a226240f6cc071b40c7e61fee477b6e8fe5ccf593a633e8509c8ecaf7c49d8fd1c36436c04a33d10cd7543ff18ad2843346d80ce51c9d63da4f0527b185"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:43 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x400000000000000) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0xc, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0f630c40010000000100000000000000"], 0xaa, 0x0, 0x0}) 16:16:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:43 executing program 3: setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) close(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) clone(0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x0) r2 = memfd_create(&(0x7f0000000000), 0x200) mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r2, 0x0) 16:16:43 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$TIOCSRS485(r1, 0x542f, &(0x7f00000000c0)={0xfffffffb, 0x7fff, 0x7}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 955.945960] binder: 25771:25774 BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 955.959422] binder: 25771:25774 ioctl c0306201 200000c0 returned -14 16:16:43 executing program 2: r0 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) msync(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x6) syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000500)={0xa4, 0x0, &(0x7f0000000380)=[@decrefs={0x40046307, 0x3}, @exit_looper, @request_death={0x400c630e, 0x1}, @acquire_done={0x40106309, 0x3}, @release={0x40046306, 0x1}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@fd, @flat=@weak_binder={0x77622a85, 0x1000, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/247, 0xf7, 0x0, 0x1f}}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x800}, @free_buffer={0x40086303, r0}, @acquire_done={0x40106309, 0x1}], 0xba, 0x0, &(0x7f0000000440)="9c6b56c98ca32ad38af10b233e0f108c572da918bc26c3ce91c435a4d38c0318f4f4a2c74cd473552bb131db6af36d5af08f9d402360a40437e29fdda306d6dcc8fd8259feb4ed50993020f741a54bfb9fc4e5a9b57229410fbf8c8ab3e8d6df45dac7f0ade539e1fb960567d97a0488a4649728e81ee02fca93a529ca77ae48c9dd37fd1fcc651959a87836cd227c6ebc5cd7832e7979bd14c766111591ea5aa372ade8bb858309fb0428b87c8b9001196d7ef93cf178b542ba"}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) r1 = gettid() ptrace$pokeuser(0x6, r1, 0x9, 0xfffffffffffff6c4) [ 956.001416] binder: release 25785:25786 transaction 2126 out, still active [ 956.009200] binder: unexpected work type, 4, not freed [ 956.015239] binder: unexpected work type, 4, not freed [ 956.016000] binder: BINDER_SET_CONTEXT_MGR already set [ 956.016008] binder: 25785:25789 ioctl 40046207 0 returned -16 16:16:43 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0xe38051e2f8e44b29) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:43 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000009800001800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYRESOCT=r0], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 956.056012] binder: undelivered TRANSACTION_COMPLETE [ 956.065958] binder: send failed reply for transaction 2126, target dead [ 956.115718] binder_alloc: 25800: binder_alloc_buf size 167125767422064 failed, no address space [ 956.125264] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 956.135634] binder: 25800:25801 transaction failed 29201/-28, size 167125767422040-24 line 3284 [ 956.149792] binder: undelivered TRANSACTION_ERROR: 29201 [ 956.156341] binder_alloc: 25800: binder_alloc_buf size 167125767422064 failed, no address space 16:16:43 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="115a51f77000000000000000000000000000000000000000000000000000000000000000580000ff070000001810000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a62730000000000000000000000000000000000000000852a747000"/88], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 956.165525] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 956.175633] binder: 25800:25803 transaction failed 29201/-28, size 167125767422040-24 line 3284 [ 956.185501] binder: undelivered TRANSACTION_ERROR: 29201 16:16:43 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 956.210791] binder: 25807:25809 unknown command -145663471 [ 956.216700] binder: 25807:25809 ioctl c0306201 20000180 returned -22 [ 956.240920] binder: 25807:25810 unknown command -145663471 [ 956.248212] binder: 25807:25810 ioctl c0306201 20000180 returned -22 16:16:46 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:46 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:46 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x66, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="116348400000000000000000000000000000000000000000000000000000000000000000580000000000000018010000000000001dd3740be16cc5876659cf5e0994a531eb2d48cc64d3fef4", @ANYRES32, @ANYRES16=0x0, @ANYRESDEC=r2], 0x0, 0x0, 0x0}) 16:16:46 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:46 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0863104000000000000000000000000000000000006340400000000004000000000000000000000a9474f0000000000000000000000000000000000000000000000000000000000000000000000000000000dcc8d8000000"], 0x0, 0x0, 0x0}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0xffffffffffffff98) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = fcntl$dupfd(r0, 0x0, r1) mkdirat$cgroup(r2, &(0x7f00000000c0)='syz1\x00', 0x1ff) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:46 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$TIOCSRS485(r1, 0x542f, &(0x7f00000000c0)={0xfffffffb, 0x7fff, 0x7}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:46 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000400)=ANY=[@ANYBLOB="852a627314030000020000000000000000b82359aa2e6ca6c6e20d5de4d53e8200000000000000852a62730000000000000000000000000000000000000000852a747000000000000000000000000000000000000000000000000000000075cd9529c3b068ffa57d276e7bbb9c99cedfd30ada42b31ad61701c2ff4a7dde4fc4ff0dcdeb48fe24b19c56dae416982fb09c767fecac3853a81ac4f8a5d1201f5935ee8bc804822f61fd4ba9534e6351449f470f26550fb89686a9af7d6f06d99b8e85643e24b41e43d452e3138206b0a06ba43f67f96ce2c6692e0909b9ee2d92f468229225279a9ce78db6235be321322e98a60998fc9dcd736d6bae718c4a2f60ede678fef8aa14436d24d1312ec47408944aeaf028d5f6"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018002713000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r2 = accept4$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, &(0x7f0000000100)=0x10, 0x81000) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_mreqsrc(r3, 0x0, 0x26, &(0x7f0000000280)={@rand_addr=0x1, @local, @rand_addr=0x4}, 0xc) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000000200)={0x1, 0xacbb, 0x100, 0x9, 0x4, 0xfda}) setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000140)={0x62, @multicast2, 0x4e24, 0x1, 'wlc\x00', 0x2, 0x40, 0x41}, 0x2c) [ 958.968366] binder_alloc: 25825: binder_alloc_buf size -792964054493155488 failed, no address space [ 958.981686] binder: release 25826:25829 transaction 2142 out, still active 16:16:46 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000400)=ANY=[@ANYBLOB="852a627314030000020000000000000000b82359aa2e6ca6c6e20d5de4d53e8200000000000000852a62730000000000000000000000000000000000000000852a747000000000000000000000000000000000000000000000000000000075cd9529c3b068ffa57d276e7bbb9c99cedfd30ada42b31ad61701c2ff4a7dde4fc4ff0dcdeb48fe24b19c56dae416982fb09c767fecac3853a81ac4f8a5d1201f5935ee8bc804822f61fd4ba9534e6351449f470f26550fb89686a9af7d6f06d99b8e85643e24b41e43d452e3138206b0a06ba43f67f96ce2c6692e0909b9ee2d92f468229225279a9ce78db6235be321322e98a60998fc9dcd736d6bae718c4a2f60ede678fef8aa14436d24d1312ec47408944aeaf028d5f6"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018002713000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r2 = accept4$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, &(0x7f0000000100)=0x10, 0x81000) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_mreqsrc(r3, 0x0, 0x26, &(0x7f0000000280)={@rand_addr=0x1, @local, @rand_addr=0x4}, 0xc) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PIO_CMAP(r4, 0x4b71, &(0x7f0000000200)={0x1, 0xacbb, 0x100, 0x9, 0x4, 0xfda}) setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000140)={0x62, @multicast2, 0x4e24, 0x1, 'wlc\x00', 0x2, 0x40, 0x41}, 0x2c) 16:16:46 executing program 3: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) ftruncate(0xffffffffffffffff, 0x208200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000280)=""/137, &(0x7f0000000100)=0x89) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007fff) keyctl$assume_authority(0x10, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lsetxattr$trusted_overlay_redirect(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000094440000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000005000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000edffffffffffffff00000003000000000000000000000000000000000000000000000000000000eeffffff00000000e2ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000c4d300000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000080000000000000000000000000000000000000000000000000040ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000404110061ca7c55a5e42d81d1e234c789375b23d36d0b7bd15e04e813cd723f47ce56dffa04c1f203e51942829b769c021a132a47ccf4ac88c150bfed88c8aa4db6efaf6839814663b22c44fc5c577657253c50de4d1797c8a8195d482f8537d4f9aeaf495c01d5a31348917325b55b4136f49a20b50d881350d03870439d9759097585033743069099a0c14b7ca9b9fdbba4b31e8658d38d801fc074013102247ae529fe94b9529742c76d1825a441f8205c765deabf008b3e6ac5064c0c2ca8030c651abbfe7fe8803ff6a2a5de91470a21ed3a29fbe853bf2625e00600d9e32fdac5c79c83d19c110c2cccfc32f7f99ea69994f81d903641120915cdcf49efeed42a2054e0544b5f53f43e4f7ab5b6037071e14229606aa0c3d7b7313232a904dbaedc6bd9fe7a1e54afc699624941b6c58fe24ca2338d97bbae7b60c350e72039f84328e39fdf444997aa080a882a81da917d4739bcbb223be6d19106fa4a239fa48a231a9786875523675a7058bc9135228354b3c161cd1c0d0e38d3e1514182f02f3a3a5273fa134e2756aee14acf52e878855b3c2d10bcc65caa785eb923078eebe9a92a0010fd0d9d4175cac3fa4c2ffa948ef6ace5b105904f91733855793c9e18e122e47a5cbf17b194016d3f938504c682a6e79af70f6028f13657100e36d31586511114091a8155a90889521a35f3997b6aa2e120fc6f1d8d38960e3659620e0c6192950e94000000000000000000000000000000003eb09ed9381be96996002d301735aa505e22a9336b362a1a28c3a0f70cc499152a43db91fa9e1569083a5d522702cd13ccba06629a50b3c11482cf9a948bcadbdae6da92f4d1a9b6bbea4b5faa8a9661ee1ccc6ef24efeafa4e233e36dfba0d7cba9be865b767c409cc5d90dfdd6ff9fe276fbf345b8af202eb993eb2548bdd841a4bb28e65b4125da980f6419f80eef639d7b90243b8fb9717755408f551411af115da7cf3e52d99a30bdc09d58cdbb55d997d51a57fb71a77b05ea854cb2675ab5cfc537a999fd49e671aae1109e23d79c9ee4c8e5dc476458537142b0"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) fcntl$setpipe(r2, 0x407, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 958.981692] binder: unexpected work type, 4, not freed [ 958.981694] binder: unexpected work type, 4, not freed [ 958.981696] binder: undelivered TRANSACTION_COMPLETE 16:16:46 executing program 4: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='c', 0x300, 0xfffffffffffffffc) keyctl$update(0x2, r0, &(0x7f0000000080)="e5", 0x1) keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f00000000c0)={r0, 0x78, 0x27}, &(0x7f0000000140)={'enc=', 'pkcs1', ' hash=', {'sha3-256-ce\x00'}}, &(0x7f00000001c0)="0dac440cc73c1c839d04874b23e161b95b71625cd68407928263359679d6c909c2a229bab9deb96b9ba4c6a8b684776692211b9f69c4b9f097dc75fc7918449ba74bc99da6ec203d2b0af4005b77e371f93ff42cb94e2aec57d8a31202c4ceb43bdc905122a924fcc5b95cf4b03ca20e99554360379cc501", &(0x7f0000000240)=""/39) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/enforce\x00', 0x0, 0x0) [ 958.988930] binder: 25824:25831 BC_INCREFS_DONE node 2147 has no pending increfs request [ 958.988943] binder: 25824:25831 got transaction to context manager from process owning it [ 958.988957] binder: 25824:25831 transaction failed 29201/-22, size 0-0 line 3129 [ 958.989217] binder: send failed reply for transaction 2142, target dead [ 959.017041] binder: 25836:25838 got transaction with invalid offset (321323032, min 24 max 88) or object. [ 959.017087] binder: 25836:25838 transaction failed 29201/-22, size 88-24 line 3379 16:16:46 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) [ 959.023915] binder: undelivered TRANSACTION_ERROR: 29201 [ 959.054959] binder: undelivered TRANSACTION_ERROR: 29201 [ 959.058724] binder: 25840:25841 got transaction with invalid offset (321323032, min 24 max 88) or object. [ 959.058929] binder: 25840:25841 transaction failed 29201/-22, size 88-24 line 3379 [ 959.060768] binder: undelivered TRANSACTION_ERROR: 29201 [ 959.066203] binder: 25824:25831 BC_INCREFS_DONE node 2157 has no pending increfs request 16:16:46 executing program 4: ioctl$void(0xffffffffffffffff, 0xc0045878) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000002c0)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f40885b2007d67485aaf6a89ed3a13d2dfe1fca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1ade001f3031e5cd8c1ac5926609fc943d6c97351e0f0662155258b8940d36892d9fc3ee6b6d4293bf43ff9f0ab941cb632e0e4247917200129553007836b5ba7587456474f735988a8b5a8093997233454f3a8598faf8a8662544f97d03b07c299b90ad424a7d72792fa67d09492812271abadde16eaaf09dd9d9038ea1cfedba488b90e1d753ceca650cdb52e279627f9f7fb221d95fa44366a0ade67cb3dfb65d589ab57a797fba658564700254598288c675b9ccae6cdfb25256d52513b465aa85c29a80ea2f422c187ff397ca5fe4c50ff421f049088da4a7ac41c3d99a6e1bd74fbca00000000000000000073805121529e29e660df45f236cb226298168863b99bc4c669a67c974308a08f2051b9bce12286b31f22b9e726c8a2b7af2ab24f3edcedd9bd840fca72933ce96111753193d3cd9fb8670ff722b205b5d167512f8eece68eb7ba70427b7e52563668169de42f28c617c10c5612a5c15fcd"], 0x9d}}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r1 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/relabel\x00', 0x2, 0x0) r2 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r4 = syz_open_pts(r3, 0xa7f7c65ce3976aea) r5 = getpid() r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r8, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r8, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) socketpair(0x10, 0x1, 0x90, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r10, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r10, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r11 = openat(r10, &(0x7f00000004c0)='./file1\x00', 0x80800, 0x10) r12 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000500)='/selinux/context\x00', 0x2, 0x0) r13 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r13, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r13, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r14 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r15 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r15, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r15, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r16 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x3, &(0x7f0000000540)=[{0x3, 0x8, 0x9, 0x8001}, {0x3f, 0x7f, 0x5f, 0x8}, {0x7ff, 0x8, 0xf8, 0x7}]}) r17 = signalfd4(0xffffffffffffffff, &(0x7f00000005c0)={0x1}, 0x8, 0x800) r18 = getpid() sched_setattr(r18, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r19 = pidfd_open(r18, 0x0) r20 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r20, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r20, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r21 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000600)='/selinux/validatetrans\x00', 0x1, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r22, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r22, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$TIOCGSID(r22, 0x5429, &(0x7f00000007c0)=0x0) r24 = getuid() r25 = getegid() setgroups(0x1, &(0x7f0000000200)=[r25]) r26 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r26, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r26, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r27 = accept$packet(0xffffffffffffffff, &(0x7f0000000800)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000840)=0x14) r28 = getpid() sched_setattr(r28, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) r30 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r30, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r30, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r31 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r31, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r31, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r32 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000900)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r33 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r33, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r33, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r34 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r34, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r34, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r35 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r35, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r35, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r36 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000940)='/dev/fuse\x00', 0x2, 0x0) r37 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r37, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r37, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r38 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r39 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r39, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r39, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r40 = getpid() sched_setattr(r40, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r41 = pidfd_open(r40, 0x0) r42 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r42, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r42, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r43 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r43, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r43, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r44 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000980)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r45 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r45, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r45, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r46 = getpgid(0x0) fstat(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r48 = getpid() sched_setattr(r48, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) stat(&(0x7f0000000ec0)='./file0\x00', &(0x7f0000000f00)={0x0, 0x0, 0x0, 0x0, 0x0}) r50 = getegid() setgroups(0x1, &(0x7f0000000200)=[r50]) r51 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r51, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r51, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r52 = eventfd2(0x3a, 0xc0001) r53 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r53, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r53, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r54 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r54, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r54, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r55 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) r56 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r56, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r56, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r57 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r57, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r57, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r58 = getpid() sched_setattr(r58, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r59 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r59, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r59, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r59, 0x0, 0x10, &(0x7f0000001c40)={{{@in=@empty, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@local}}, &(0x7f0000001d40)=0xe8) r61 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r61, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r61, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) fstat(r61, &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r63 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r63, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r63, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r64 = memfd_create(&(0x7f0000001e00)='ext4\x00', 0x0) r65 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r65, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r65, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r66 = socket$nl_generic(0x10, 0x3, 0x10) r67 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r67, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r67, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r68 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r68, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r68, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r69 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r69, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r69, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r70 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r70, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r70, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r71 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r71, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r71, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r72 = accept4$packet(r71, &(0x7f0000001e40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001e80)=0x14, 0x80800) r73 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r73, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r73, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r74 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r74, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r74, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r75 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r75, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r75, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r76 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r76, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r76, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r77 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001f00)={&(0x7f0000001ec0)='./file0\x00', 0x0, 0x10}, 0x10) r78 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r78, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r78, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r79 = socket$netlink(0x10, 0x3, 0x0) r80 = socket(0x10, 0x803, 0x0) getsockname$packet(r80, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r79, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x30, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r81}, [@IFLA_LINKINFO={0x10, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4}}}]}, 0x30}}, 0x0) r82 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r82, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r82, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r83 = bpf$MAP_CREATE(0x0, &(0x7f0000001f40)={0x6, 0x2, 0x577, 0x0, 0x0, r78, 0x6, [], r81, r82, 0x3, 0x5}, 0x3c) [ 959.066219] binder: 25824:25831 got transaction to context manager from process owning it [ 959.066232] binder: 25824:25831 transaction failed 29201/-22, size 0-0 line 3129 [ 959.070062] binder: undelivered TRANSACTION_ERROR: 29201 sendmmsg$unix(r0, &(0x7f0000003240)=[{&(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000040)=[{&(0x7f0000000140)="9d7815eb40df49a7d5d9b5fdd24c04a385edc876ecc6208d954ef0b550e732da176e2c49056d3ee0f7ddc767fb89f3fddb46bb9efeef3d9c2dcadd9e53a795729f4ccc1a32229a557879e51e5765aea16c94a632241b1c8daafb8b79b88fea07c0fa8bd4044062259deac46e36d3f9dc065e88ef2454c146d724590702f9066d89064180accc1e35399ae147cc7c5f702c880776f9e310b774a9095c0db3d5fe7b8d5298b5dd950c1d0ea7915a228e07ae7ef04e42c44066fc494bdfb2f22ad2c103681649d078be63bc8f1b4a72da14c6cd404377b9cc5763dd57b3767e3a931d4e23f5da4083bbc7d1d157b0771b5828b038", 0xf3}], 0x1, &(0x7f0000000640)=[@rights={{0x1c, 0x1, 0x1, [r1, r2, r4]}}, @cred={{0x1c, 0x1, 0x2, {r5, r7, 0xee01}}}, @rights={{0x28, 0x1, 0x1, [r8, r9, 0xffffffffffffffff, r11, r12, r13]}}, @rights={{0x20, 0x1, 0x1, [r14, r15, r16, r17]}}, @rights={{0x1c, 0x1, 0x1, [r19, r20, r21]}}], 0xa8, 0x8000}, {&(0x7f0000000700)=@abs={0x2, 0x0, 0x4e23}, 0x6e, &(0x7f0000000780), 0x0, &(0x7f0000000a40)=[@cred={{0x1c, 0x1, 0x2, {r23, r24, r25}}}, @rights={{0x1c, 0x1, 0x1, [r26, r27, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r28, r29, 0xffffffffffffffff}}}, @rights={{0x2c, 0x1, 0x1, [r30, r31, r32, r33, r34, r35, r36]}}, @rights={{0x30, 0x1, 0x1, [r37, r38, r39, r41, r42, r43, r44, r45]}}, @cred={{0x1c, 0x1, 0x2, {r46, r47, 0xffffffffffffffff}}}], 0xe0, 0x2000}, {&(0x7f0000000b40)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000e80)=[{&(0x7f0000000bc0)="c93eb1c243958cdaee851e038b3a7752cc38e7608bc77a270669d4bd98ccc5b9a5a13d95282c6e5c9c9c146aeaeed602b6875aa5c460683f1c9be478ecae7ab97e993634d0b25bdbedd0799dc926c121c5d58daa257d83d143ab2032bba9d389d74c4a04e66f19ff77347b1baa23590bc7264388186c84d98e724244b7f098c2868745b3cfff9ebc078ab248ac517c038fd8d445abb8e4c8f818e9c86480bd00dd2f7294da5feaa242fa9b63343f8c8fdc30c91cfde2e81614aaf43c855b0be0fda3462cb4690428fdb802a9fad35cf8153813", 0xd3}, {&(0x7f0000000cc0)="9007cbc90802578a31a0fc97a84092c1af6401da44876ad0156b9b78eb3c28117a27cb1323f0247821e8c99732d58e21ea1707c54cc5fe05cdd06d9dd7f1e50ea8107affe2cd3e9804dc069364765273d493f8e11f907779a621f1", 0x5b}, {&(0x7f0000000d40)="b3f3b00dd22dcaba363f681e2e1b4eec2577ef32819eb90f26f7526dc639b7e3bef2e2b190a01d10299dc4373db4acac0ac1b5774e101d3ad86631cf205c3dc76d20be2ff5d3332b570131a68974c12ab47fa6bf6598f3240af2acc740f88be86863031375e5651f5a586cb7c3609f80a45b18179667390e6792d1dcd2b7e4cbedaac436e44c8b7aabeb3b8e3b896db5322634cafc46080d8477fa03f7eb3a0a3c62c2c8ace5ab693fe57a28c9a900cadea9b1fa2f6937ae6698136f7bc9fe64f42e57eb38e4925f97b68052f8f961243721be3a5356868647f9c0ff1ca223f0c428b7dd0dbf", 0xe6}, {&(0x7f0000000e40)="7427f0c93e319b0bc433ba7bfa8384aa271009d50033bb1933506b4743875b32be143623673b5b0c66f105cacf91", 0x2e}], 0x4, &(0x7f0000000f80)=[@cred={{0x1c, 0x1, 0x2, {r48, r49, r50}}}, @rights={{0x20, 0x1, 0x1, [r51, r52, r53, r54]}}], 0x40, 0x8000}, {&(0x7f0000000fc0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001400)=[{&(0x7f0000001040)="8220c4c1be1517aa3c7db92f30a78dbdc219a0659010e7c8dde06192e99679e426497ad86798ddcec1c0b3ef38463af23d450935d464357d3a119e50640643c259536f10b4b26438991f4cecea4196e8a2749804cf6ae9076b2c34b1ab6a55cbadf4e9a7585046aa49b293b7d85556bc65784330c90ba73e3aa75b33eb08028144bebbb5855818a594c7aa237b", 0x8d}, {&(0x7f0000001100)="4a27ad7fdd8ec88f39cc18f7bd807675ec725e74cb1873d7e9558cc40e74f1251f7f2b34338f133e1e1e6df897e80c6d861ac571ac1d6f02cd4b948629b43598", 0x40}, {&(0x7f0000001140)="3acd564f9a746715c00286af8cec3902cf674edca0783601b64a6d8c1921a70dc87d516837a41e6e71478cdf515f63c764f8af1623ca873ab8828a33acc68c63e8c53fe6226642b8965b91d3f94747dfb3706a083180c14667c8523f0c62047ba3f3cd07741397c11f15b75247272aea5ee981bf4fad8387fb053da19b58ff49ee375368702fb9381aefaaa77a", 0x8d}, {&(0x7f0000001200)="6d43e072c8ca72e0eb3447eb0d9d1f263eca8e6dc6feeadda21e10192ef080e33549cb09d7931deabf06be7ceece2d3b881b312e53d313482b6e3f06a20a3045c23a7e02f308d5fc0e88d57217d25446dacd0d9b05a0219a9f580142b32fa165348f7475f7630abd43b5c1e60e1224cf21d47a3255c289fb751dc32697fee5462bd5b88c139cff7dbfc3c5e339a9dadb54f5c040b4f169968d5b340f549f72e799a61368102a7109a85ba041e3f3262412b5d0d5069ccc518f9f606a061e4158b2169f2ab62a4764fc63324e85c7df954db8e184298afea01ee1db0130655d013c25246036486b3b", 0xe8}, {&(0x7f0000001300)="00b3a44a61e53931580c0f287fc4b308ca24bb1cc008034efea5eee8e968c17d676a946613797d2aa950a92c04ca81ad2c125718f88dd7a85d2f87b1d915e858035674fab6b8997f4843e8326d4fc64980d6423e3def3b7f69c8731f00326d0427a817a235152c23856d203c87a778dda11f0cbbfc9e2b14b8e4b834d973f4aebda82c73d12e4036b2b09ebe3ea84cb7432acdcdd9557aed1fc71c6dad763f0e0370bfab6423ba9d47c5e0b5f73b3f393ad0ac074fa66c69982a0a7d2ea5014c5a2ed3cba71a29ba", 0xc8}], 0x5, &(0x7f0000001880)=[@rights={{0x20, 0x1, 0x1, [r55, 0xffffffffffffffff, r56, r57]}}], 0x20, 0x40000}, {&(0x7f00000018c0)=@file={0x0, './file1\x00'}, 0x6e, &(0x7f0000001c00)=[{&(0x7f0000001940)="bcfffec2570993103b4290cc0f74d2fcb54dbec5aaf2f246179260010f5c1cf1068a50e582366301c791aace44eda1ad537971b438d6bd592f8dd84bdd990acee2d405ae891a5948ecb70ae2722d668815d8f6e9d886ebd30c9ffb3301928ed16ed229625134567e5916e6dfa7499b0ef660d47b7d66c053b067f8bd1e0cf5d175", 0x81}, {&(0x7f0000001a00)="ac2c603b5444aa95caae6a312734c7b2085690cf90056f32f48a8dc352033b278d29eb00645d7a688303052627989fb973715bebd1dc8ef67ed925efe7bca150aebbd7653e89ebb65973eb7c323c713b1b97fd38a1b4e39c9ce0ee2a87a6c728013a3881b25b2d37c911875d0c599fc9809c004a9c5975e11a5a10a340d16f74f7061739f680b3321de3dc9d9a6ee00dde6d0a460a66b612f02481ddb6329c8756979dad7d70cccbb95b9f0fca8b33b7b3d54312ff451a829e13a8aac9d52fc4b419bd02d12f0573ab793b16e02cd75103f7ec4eb878b5ca8660cbfcea20ee5ed41356587efdd87f5911a48f9916842bcaaa6768092c90dcd8c9", 0xfa}, {&(0x7f0000001b00)="c509f62a2d0bb44354f5b14767eb1dbf7220b5f6754c8cf8d4de04f440346de77dd1b49a25ac8d086f8209659e", 0x2d}, {&(0x7f0000001b40)="3f411bcd74bd015e681e6a55a06ce79d8ecaaa2c6140082f441607b34d9e270a4e88ceb96774bf6a2b45710b23e62e1b0972904e55718aba6db9843efcbc25f586ffb4c59d8bcdfc181d74b25faaccc126a6a71e1a29c3afd2a7b424b5a8b6f33daf4e34256b0862cebb6a854ef6de3ddc55a5bc20b4a746ff9e13b3e1af303193901a48a1d2fd1dad1490989fb79d28998c19039dd66cf7e9e36aa1abb6d7", 0x9f}], 0x4, &(0x7f0000001f80)=[@cred={{0x1c, 0x1, 0x2, {r58, r60, r62}}}, @rights={{0x34, 0x1, 0x1, [r63, r64, r65, r66, r67, r68, r69, r70, r72]}}, @rights={{0x28, 0x1, 0x1, [r73, r74, r75, r76, r77, r83]}}], 0x80, 0x4801}, {&(0x7f0000002000)=@abs={0x0, 0x0, 0x4e20}, 0x6e, &(0x7f0000003200)=[{&(0x7f0000002080)="48d5c597f27604ad634abaec8ec6173b6a49e2b0864c6f8d04dfc1d72e3117048a49bcd05e3ca9b6664a7d7e3d04d49152045ca5830a86de412b726fca769bd6355b868f388b0bc9fbd7e525eb2f9b120573d8d0e6cc5c8d768cfad1880e30a65b5439cd41b63a28bed101e659b5b52c309b505191bece479a60c77f31e15dd1a3825f6934f0565f45b4bb4f8e79a48ae774f8fa3ef97f01d5110d506dff68107847b16329346a82c27d0f883df2732d6a9a97db757b03ff07f1e7354cbd9b7afd3b05b759f4db33178dca9f209f2bdf55b2d39b891cc0f38768a0f15a508418cdf2c366a73aaf8b2e", 0xe9}, {&(0x7f0000002180)="e508b8c2877a09ce9775d825b078ede3d34c75231d566d04b5383cb42b151ed17641d70400745838b72bea254a5d7daa7304db4b2a32bece0411bffbedee3a1462ca29df6eda8829122e5b1e196c0d6adedbf8e11d8d5963919dad87516e9be21e31accf8bfeb6432f6449322a81fddd", 0x70}, {&(0x7f0000002200)="9ffa0df68ddf2387a4a55e55987869f86c47fb7eb1b6301de8b76589120471f88ce3cd572ef357c4648d1cbce0214f1ffbdca944a5475edf782f714bca53beedb30ed7a51bb8bd0b2a85684b5e16e482eeff454ff9d95b2f01d408eff80968f9c6f33003288d2db55eeb7251f9d43d265888a7d81b8ace4426c444b941b6d0ba7906a2eca592db5ac0e063e18e934a5133d2ba9097c846e310b8c72c759dbb17798761da850230318e8ebab2d0b1b8a05d9eb1c5c4f790791a16cc5db5316a5411232991de22aee7134ff1f0a3d56885805d7e02efb8085631baad8e1bf6d868f24efa27f449e96fd1758dd31682b65b5af0867a645ddbb172da1901f6807c1af5a55095a9ba3411ad7de56d8ca3d7c99fe8dcbd7dd94fb18c83673584c98f6d82b504ccdded5fe7843334e3c617d9034b903f73db397a35068f008b8757bc25545762387d305228db50149636faefd1f327e6a78ce7154b81b78039d46c468bdd42381290b01483edd3d5ee48aebe942a62448294e65b7450bfb2f283db310fc9dbe7110d0ce02d8ada809447ba5b5ba1eeff9c2a9f11dd30d1eeb34f8dfb5bca7b831db9cc32c8a68ec8506a6810e882131e3d5000062f387f76f0fe8d4d329e98a3691fb8d2c390a7e16c7d555c49a9c3f6c51afae2a26f7bf0e24bf45981527320e5aa2a689384c49a1e7324ae9af06c58c9be69210e1f496370a763f8da78b05d8b2f9d9a90dc88f8eb773757801b6afd894cd4a4595c0afa8fe1907f22f4d1a7abc28f984a9e7abe7c974ef36edc5c3e2ddf0b497e00f1419ec2a20fba21d9eaa20479e60287742ae2aab8038cb1530da668e17a85525c4df257c42e8ecc001d7487b06fbaf1e00d18b13d65b2d2d9c1e9c9c1cefc3a535ce8f3baa74a78f7ba7275ebabbf026c7b9213d3fa2deb731f8c586beb585dfc264be706a80e6978941a55e8aa3c62981d4cc93410e95a0fca7cf715fb349cae7dc159d362d7dcb31746ca7eb6641aabd16fc43cb3a5ba4671bff3edfdf888d56122234e0fd64f4bb09b57f655a383d25d7e7595458d530d04b8adf00d794c4cf110bb2f3c28215147ddcbee9ab09ddafb33225f0455782a762282bf16b4a6a9e5ae1ce28c69a445fbdcacfbbcb8a84dfb9d654a15ff7f73d49664cae5ca054c09da726fb7e5bcd7833277c87b1af48dc5582078fd6aaba8534e00df2a59dca176206226d3f93101e9b7609cf3270238cad9952e8dcd76a9be9b4dd761fb3e581691e241aae768d7a59ed629a853306e3623ffccbef3dbb76b95acf021b14f02f702e9d0f84f844eac9cbdab93c6a972935c45d7d79b36502020016b332cf3e2d2f1b910bfed2c92225a2d0b99e907729cc66f18688c392035ac2d26f30624cd9d544af64b7d80a1577ecbd41b88d30969a8dd7ea9b1c44fe8da3a68d385747186ac0c71f11008d62bbd85e0b8b407149c5c78cc18be3b3f8f97ded11dd32f13cafac06f91a2ee1c9395db5583a75c88166203792c362d9a0a16d78f9d2b3499304791bfcb6872a0587ec1cd5e6a8e9f6a7dfe200aa75115a0429c99d69a6357fe6cbb1852761b093382ec9a6f07e1d58cee58baa7ee632f8b358c05f54f32fdc7ac6a1451819f1e54802ae6210076fcd5ade0d6b08744a70484aa20a7a944720df9c50f87dfccc55a6f0e92f2a9257ae5a2bbed5caaa292f4147e3830e623f664ea217465a39c54c4a8d17125240d00fb842e1fc392c6ed7cec1cfc08d33c645a90801763e084f393aa97d8e6f6739f60b127442436f09f2eb0eab72d7884f95450ae868d122a58693ec3e5a4361e92be50e01c5b4b20d25322d38014556284d5f62fdaa3f47153865a169536387e00828f3774154ce860db8782d84e0b7cbdaa39b1124f7c82dd36610c2c3220fe9117a6ddd74c1e767659066fcf46aab780af26ad3b482bf998f36c30374974755f8a21ccc06ecba0912cb642034f16b1c783a9d0e5244c335e0c373148bd9e9d2e9a2cf78014d1f473b5b94b10b0264c80d7471d98bc6d5fc8da7c4d253a9c370aca2e72c27932881f145b4e39ebce4a9c9b48c98ee78eac8b4955b07160321eeecffa19ae41dc4c5aef117f326d637d2392dec5d9062c696c8c5315c54f394273875a5c3e0a3f98f0883f9ab98a35f86aa24a812093a8859d3cec5b7e7ed6ea175699288622c3634b796ba9f6129719f0837860a00988de432d812d6c691bc7fe4a450f9867dd15a6ffb380099c5a051c55cc8582f195ee40dea75b9e602215e56588b75ac413cb6ab871cadfb2a792843e2318cee854f5a134dee727834dbe54dc27f2c5f9846b8930d13e4d0a79883f5a4b915e625ce73426070cc5aaab9ec72a8722fc1b51e63e74e3c7cf73f138ce752cebc2e887724df27686a97a3fc6b6fed668283f0e82ff0a761524c09ef336768647c539953cbca200f5be41cda4d68af403717c4abe37c1d55aa6c1922fe59b390e6a30e1fba1db19f8a133e46053d172b575614bd36ef13673bd6e94ab506c4c69e31ed704f35f97d28d63b0afde0d5e38ddcb363b79b1ba248b64a2cc4f01770d8d2abe1727f34adccf1b1f981475b2972332d0765a2f4a7d3540a67f218ecb5c7379ecd0a951978c66ff0ffa66cd7d11a9b9e2351cf0c95e8917e51c6936140e456dee6c34a97b566f15d03951d41f407319082748c4085ffb7de5d2944a0c0296ba6bd8f1e34667748688790ace91bfa6aa4bbcc3bca9e05bd127684801db9a71789d2f1ca08010f9ef72834f74520438e15ffecb546145cd5332bf75ddab11b15339a6756b3bad5f9835fd7e574346b590d9266873e50444d4f394287f5ad927bdb0a8ca6ff21e17455fc1ca1292ba233b2555b05b262aa8c87f64379bee0a71e3c014adea3e5cad59a59e757ede0fe316a7f7184eaed1be5cad4c4b26d6ec1f6c77c184ce622c84be83909c491a254f6a76190739727d4a3399422af33b8c9e4f9c3c02ad440fcc6e8319067ceb0a67b212dc59e9ec51169cf87a9db04e9ea4523e7f71094b47dc5f02fc72035e9a3008d039e69f537269062ec1bdca34bf4afbf74b55c9f174c81644e41dd95aa46973cf11d7a4645003cf8ca4cfd75413b03c988b9b6a1748417ee60dced0b9365e854308e78e6a60c2a182f6c1738c20ec8cd60033aa3b89c81b12869b9dcf700a36bfc2d746a989b8d8217557c9e9a1a811780e4d6f80aaaff072babeafa257f479a3ee1cae36c292097d2d36f7fe55a3aaae734726e1d0a4e88e36620d03174a7f65bf1f24ff621c4b4cdb15fbc5a3487852639919446c128b0084d63f2a4769692aae835a2909ee17ee682cd6588556306518f5213114b02f94ec139da8b1edea230a2e3920017e601ad38653e6cf283eb6053bf1bb79b4c64cd787fbe82c69da8db8302c2dd7ab7e2b51feea10ecc4ee20f82c307c228e889f4336706258f21a72527a9f4627b56f966673e836cd1e554479636e31cb5012c9f2714de8fecd9272b57b64c8a05f269a5043e2dffea44cf278b162e4d97692dbd4cae1b3003af5b41ec43b093706adeda7d0a89f662a750eb0a61ead1e0f40522b43e9888f4cf4ce3bcaf650dc7cd659bbbc9a4a13d092a8c08f9dbe30b2048ccda189fc363602a879c7a96baf24d6a704130e1eb56b8426da2b5ad25efb5249ca3358427a34229fbbd67f1d894005202904311851041a11f51e7578414e4dd8b87bbf907bc17b8515731b4bdadc3094cb8702a81a94adffd1f46c95ce5a23fe8f516462c9e5d035cf54eac27ad6611397fe5de80798e09c12879359b2952e0fc89a191060573b0827319faec65527cbc93772fc00a88e5774ffbfae139638889de25ef39d7f30329e624fbf4767488d67a2c0eb8d510c12e4bec7aca50061220d53a27d0f077486d81704d54ee0a554989effa1fdfc314009e8b6b0d24d4a910b812a4d09dafa87e5550a6eb1ed9be5210398fd39cce47f69a6e23e915a63e3278c75d0a899149a8f4ef9fe80d134fa4e402ea9e9c30c03dc23033333ca365c43a1e37e29eb2a47fd21d5e38a361cc7a0931cfaeb8cac31ec2a5729cc79b3c0dfd9a6880dcba8092ea354380a4acc7a0fb0791433266feecd3c55ecf0c26a66f7d98b19f399f96d1ef5f4cfb219a7ff138b1608ab423833cfe89856d505d7e6e9d628a55171c38f1f6db09c47c983973b9ef29e6691bd54fd4863b35ff5ea14df67e023e9ebcb9885ad20c02c73b00b0ef0c82d1cdb35366d8f1dc9730eb42014638bec5568dec44210eb9e58242cb320f7648e41fd276cb309932763d77fe98a08005893186e83bba82ede6541e4b104f4b7f86b5f1f73eb5486d6bfc4b78d576fec96cacc3e9afbce6e839eb7f5b3270a6b7374f58b8c4cf233d27412ac08c52ff42ee3de772ac8172c3a3ae0b8de2deb4149a99ff9dbed1ccff3f3cb88480b8a1cac46df5ae8fce37a33a6a3d26f7c7923ba599f736898cc6184ea0ed7991b98adb04a35cfe9b677a70410c7696f7a05f8408577c0d49879c853cb056271336cce913dcee2f30a4e062197da2600ea1aef7aaa6b83b9ae95e5f1ea94a23c13fb2e6e60e116d3c819943d908f89b69ce20ffab797ea9c8df243ee1b5072405c73539213ec11048a5752979fd5214b1e724b93853604f14cd6699e338733f44d3907c4e57d054f9e53b75a7d8ba34921fc050100226fe3837a5742749dca819363e755779c91bdd53a14ce3e08511e2f175a7ae7d6de2258c37a148300da0206c9877a7be97b63a451c881b31a6645a6c5d0f12b151f81137ec7fe888572c35f58384b24a327df30f88b80e18eb0aa4ca48756782b5fc48edf220c8d0986fafbf249cc536d3a03b791cae1561e0925da4a4296735638ab0cbaaadbce4723ad105d83222cafbebdf56e5d528ae7cc03054f66b91deaffce1e6178d29a4b9b05da91a3fc455274b25c02cdf03cb70eb2ed8d0f6194cfd0e40f1d058400fbf6808f28fc0294b104099282c1f608c25086cc737cffd44b20e0ed22ae279d76bb0b2146179c0449c6235efd72b068b71e6f9240d86d55a2d103980106175067a082b00120eeeccbbbf490a33a84b525a9d9725b900331add2ff4cf30487dcf2286581bb04b0e2c69b21334461d238b0b3fbf96a57c978a2562e6c38782b593303f14ea71d64099999da2a415d2d406d3677b81750a4aa43161234b6ce4a44981b0719383b5222b7c55a92fd62c0c382bcad046665bdc1defa87f6eb643ff40227cf55ce792675eb8101c239f4e4bc8725519852a72cc1268aacdac562501d1330d88e22fcad9878d2fbb199941e766dba187efd4bfd9cb9bb0d7ebe87b7ff13502a4a9a3d599763b8865bb722154b6a6a70858868817954859d835ad58cfb6a3483f29a04b9cdb63f2a2ef3444602c477a62610c1c208870274b944ef5d440bf3326ac0af384f6c76991c2c3f97a6da1d3c64c0fcd886d76848e7d49156d42866064cc6eda3f042b25c579f8ba45dfe3d46d8cd4e89e6e7b8e7f79de295596ca40134012e3d477df2f4812492f6b7fc7c24ee53a81e86797c1c548183d1cb0aeec9da9f6cc7403c00ec4c48850c5295b74b1f74b2232900da1e1d0d11e6c09e85c3778ce1e1a73c419ed9be6c18595b48ce9426bfa43b946d947f8a387d692e4a84aad19ecbd0e806bba4654543dfcebd7c7d157875d8f73c61dad4a52228fd67b50ac7c99e6ad7bc739e499fddd609392a748d30b1b0d00ec5400692f15c6f177acd09aa953038127b0be0ad5f74c86e3ad3595322a3cc855d", 0x1000}], 0x3, 0x0, 0x0, 0x40000080}], 0x6, 0x8000) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x4, 0x0, &(0x7f00000000c0), 0x5, 0x0) [ 959.424599] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 959.433981] binder: 25825:25828 transaction failed 29201/-28, size 88-280 line 3284 [ 959.444955] binder: undelivered TRANSACTION_ERROR: 29201 [ 960.194765] binder: 25857:25860 BC_INCREFS_DONE u0000000000000000 no match [ 960.202602] binder: 25857:25860 transaction failed 29189/-22, size 0-0 line 3138 [ 960.213523] binder: 25857:25864 BC_INCREFS_DONE u0000000000000000 no match [ 960.220856] binder: 25857:25864 got transaction to context manager from process owning it [ 960.229380] binder: 25857:25864 transaction failed 29201/-22, size 0-0 line 3129 [ 960.237586] binder: release 25845:25855 transaction 2160 out, still active [ 960.237592] binder: unexpected work type, 4, not freed [ 960.237595] binder: unexpected work type, 4, not freed [ 960.237598] binder: undelivered TRANSACTION_COMPLETE [ 960.241713] binder: send failed reply for transaction 2160, target dead [ 960.263436] binder: 25857:25860 BC_INCREFS_DONE u0000000000000000 no match [ 960.263464] binder_alloc: 25857: binder_alloc_buf, no vma [ 960.263482] binder: 25857:25860 transaction failed 29189/-3, size 0-0 line 3284 [ 960.265829] binder: 25857:25858 BC_INCREFS_DONE u0000000000000000 no match [ 960.265851] binder_alloc: 25857: binder_alloc_buf, no vma [ 960.265865] binder: 25857:25858 transaction failed 29189/-3, size 0-0 line 3284 [ 960.266680] binder: 25857:25860 BC_INCREFS_DONE u0000000000000000 no match [ 960.266697] binder_alloc: 25857: binder_alloc_buf, no vma [ 960.266711] binder: 25857:25860 transaction failed 29189/-3, size 0-0 line 3284 [ 960.272987] binder: undelivered TRANSACTION_ERROR: 29189 [ 960.273011] binder: undelivered TRANSACTION_ERROR: 29189 [ 960.343234] binder: undelivered TRANSACTION_ERROR: 29201 [ 960.350975] binder: undelivered TRANSACTION_ERROR: 29189 [ 960.362592] binder: undelivered TRANSACTION_ERROR: 29189 16:16:49 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:49 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000100)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000280], 0x0, &(0x7f00000000c0), &(0x7f0000000280)=[{0x0, '\x00', 0x0, 0x7fffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) dup3(r2, r0, 0x80000) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0xbafbd02957c15865, 0x0, &(0x7f0000000540)=[@decrefs={0x40046307, 0x2}], 0xfffffffffffffcb4, 0x0, 0x0}) 16:16:49 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:49 executing program 3: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) ftruncate(0xffffffffffffffff, 0x208200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000280)=""/137, &(0x7f0000000100)=0x89) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007fff) keyctl$assume_authority(0x10, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lsetxattr$trusted_overlay_redirect(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000094440000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000005000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000edffffffffffffff00000003000000000000000000000000000000000000000000000000000000eeffffff00000000e2ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000c4d300000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000080000000000000000000000000000000000000000000000000040ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000404110061ca7c55a5e42d81d1e234c789375b23d36d0b7bd15e04e813cd723f47ce56dffa04c1f203e51942829b769c021a132a47ccf4ac88c150bfed88c8aa4db6efaf6839814663b22c44fc5c577657253c50de4d1797c8a8195d482f8537d4f9aeaf495c01d5a31348917325b55b4136f49a20b50d881350d03870439d9759097585033743069099a0c14b7ca9b9fdbba4b31e8658d38d801fc074013102247ae529fe94b9529742c76d1825a441f8205c765deabf008b3e6ac5064c0c2ca8030c651abbfe7fe8803ff6a2a5de91470a21ed3a29fbe853bf2625e00600d9e32fdac5c79c83d19c110c2cccfc32f7f99ea69994f81d903641120915cdcf49efeed42a2054e0544b5f53f43e4f7ab5b6037071e14229606aa0c3d7b7313232a904dbaedc6bd9fe7a1e54afc699624941b6c58fe24ca2338d97bbae7b60c350e72039f84328e39fdf444997aa080a882a81da917d4739bcbb223be6d19106fa4a239fa48a231a9786875523675a7058bc9135228354b3c161cd1c0d0e38d3e1514182f02f3a3a5273fa134e2756aee14acf52e878855b3c2d10bcc65caa785eb923078eebe9a92a0010fd0d9d4175cac3fa4c2ffa948ef6ace5b105904f91733855793c9e18e122e47a5cbf17b194016d3f938504c682a6e79af70f6028f13657100e36d31586511114091a8155a90889521a35f3997b6aa2e120fc6f1d8d38960e3659620e0c6192950e94000000000000000000000000000000003eb09ed9381be96996002d301735aa505e22a9336b362a1a28c3a0f70cc499152a43db91fa9e1569083a5d522702cd13ccba06629a50b3c11482cf9a948bcadbdae6da92f4d1a9b6bbea4b5faa8a9661ee1ccc6ef24efeafa4e233e36dfba0d7cba9be865b767c409cc5d90dfdd6ff9fe276fbf345b8af202eb993eb2548bdd841a4bb28e65b4125da980f6419f80eef639d7b90243b8fb9717755408f551411af115da7cf3e52d99a30bdc09d58cdbb55d997d51a57fb71a77b05ea854cb2675ab5cfc537a999fd49e671aae1109e23d79c9ee4c8e5dc476458537142b0"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) fcntl$setpipe(r2, 0x407, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:49 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYRESDEC=r0, @ANYPTR64=&(0x7f0000000300)=ANY=[@ANYRES16=r1, @ANYPTR, @ANYRESDEC=r2]], 0x1c}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b4785, &(0x7f0000000100), 0x5, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f0000000040)=0x100) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.opaque\x00', &(0x7f0000000100)='y\x00', 0x2, 0xaccac73f6b823af0) r4 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) write$selinux_validatetrans(r4, &(0x7f0000000240)={'system_u:object_r:dlm_control_device_t:s0', 0x20, 'system_u:object_r:mount_tmp_t:s0', 0x20, 0xfffffffffffffff7, 0x20, 'system_u:system_r:kernel_t:s0\x00'}, 0x7e) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$SIOCGSTAMPNS(r5, 0x8907, &(0x7f00000001c0)) [ 962.005106] binder: 25872:25882 BC_INCREFS_DONE node 2173 has no pending increfs request [ 962.014111] binder: BINDER_SET_CONTEXT_MGR already set [ 962.020056] binder: 25874:25881 ioctl 40046207 0 returned -16 [ 962.027299] binder: 25872:25882 got transaction to context manager from process owning it 16:16:49 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:49 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 962.027318] binder: 25872:25882 transaction failed 29201/-22, size 0-0 line 3129 [ 962.027960] binder: BINDER_SET_CONTEXT_MGR already set 16:16:49 executing program 3: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) ftruncate(0xffffffffffffffff, 0x208200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000280)=""/137, &(0x7f0000000100)=0x89) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007fff) keyctl$assume_authority(0x10, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lsetxattr$trusted_overlay_redirect(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000094440000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000005000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000edffffffffffffff00000003000000000000000000000000000000000000000000000000000000eeffffff00000000e2ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000c4d300000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000080000000000000000000000000000000000000000000000000040ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000404110061ca7c55a5e42d81d1e234c789375b23d36d0b7bd15e04e813cd723f47ce56dffa04c1f203e51942829b769c021a132a47ccf4ac88c150bfed88c8aa4db6efaf6839814663b22c44fc5c577657253c50de4d1797c8a8195d482f8537d4f9aeaf495c01d5a31348917325b55b4136f49a20b50d881350d03870439d9759097585033743069099a0c14b7ca9b9fdbba4b31e8658d38d801fc074013102247ae529fe94b9529742c76d1825a441f8205c765deabf008b3e6ac5064c0c2ca8030c651abbfe7fe8803ff6a2a5de91470a21ed3a29fbe853bf2625e00600d9e32fdac5c79c83d19c110c2cccfc32f7f99ea69994f81d903641120915cdcf49efeed42a2054e0544b5f53f43e4f7ab5b6037071e14229606aa0c3d7b7313232a904dbaedc6bd9fe7a1e54afc699624941b6c58fe24ca2338d97bbae7b60c350e72039f84328e39fdf444997aa080a882a81da917d4739bcbb223be6d19106fa4a239fa48a231a9786875523675a7058bc9135228354b3c161cd1c0d0e38d3e1514182f02f3a3a5273fa134e2756aee14acf52e878855b3c2d10bcc65caa785eb923078eebe9a92a0010fd0d9d4175cac3fa4c2ffa948ef6ace5b105904f91733855793c9e18e122e47a5cbf17b194016d3f938504c682a6e79af70f6028f13657100e36d31586511114091a8155a90889521a35f3997b6aa2e120fc6f1d8d38960e3659620e0c6192950e94000000000000000000000000000000003eb09ed9381be96996002d301735aa505e22a9336b362a1a28c3a0f70cc499152a43db91fa9e1569083a5d522702cd13ccba06629a50b3c11482cf9a948bcadbdae6da92f4d1a9b6bbea4b5faa8a9661ee1ccc6ef24efeafa4e233e36dfba0d7cba9be865b767c409cc5d90dfdd6ff9fe276fbf345b8af202eb993eb2548bdd841a4bb28e65b4125da980f6419f80eef639d7b90243b8fb9717755408f551411af115da7cf3e52d99a30bdc09d58cdbb55d997d51a57fb71a77b05ea854cb2675ab5cfc537a999fd49e671aae1109e23d79c9ee4c8e5dc476458537142b0"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) fcntl$setpipe(r2, 0x407, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 962.027968] binder: 25872:25882 ioctl 40046207 0 returned -16 [ 962.028068] binder: 25872:25882 BC_INCREFS_DONE u0000000000000000 no match [ 962.028097] binder_alloc: 25872: binder_alloc_buf, no vma [ 962.028115] binder: 25872:25882 transaction failed 29189/-3, size 0-0 line 3284 [ 962.063239] binder: 25874:25885 BC_INCREFS_DONE u0000000000000000 no match 16:16:49 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000140)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="74002ae981008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737e3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1c675b83849fbab7cfbfccfe7dfa7aed92adde066b0f45339a7dd88b4643cf5f5bde95aca41a447257f52e1474ee9a244ca145a12b1844809a4b1a35b199046c99ca25ab55e20bc8dc5000000"], 0x9d}}, 0x0) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/cache_stats\x00', 0x0, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000680)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0xe82b040b5108be76}, 0xc, &(0x7f0000000640)={&(0x7f0000000380)={0x2a4, r2, 0x383ff7fa01e57f63, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0x11c, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe0d0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}]}]}, @TIPC_NLA_SOCK={0x40, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffffd2d8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9b5}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x822}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x101}]}, @TIPC_NLA_MEDIA={0x48, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_MEDIA={0x94, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x27}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_SOCK={0x38, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xd8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x100}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8000}]}]}, 0x2a4}, 0x1, 0x0, 0x0, 0x48004}, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r4 = openat(r3, &(0x7f00000006c0)='./file0\x00', 0x2c0402, 0x80) r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000740)='SEG6\x00') sendmsg$SEG6_CMD_GET_TUNSRC(r4, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x58, r5, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x2}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x2}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x7f}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x808bf) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000280)=0x2, 0x4) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f00000000c0)=0x7, 0x4) r6 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000008c0)={&(0x7f0000000880)='./file0\x00', 0x0, 0x10}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a80)={r6, 0x0, 0x8, 0x1000, &(0x7f0000000900)="c8406235118ee6eb", &(0x7f0000001680)=""/4096, 0x6, 0x0, 0xc1, 0x13, &(0x7f0000000940)="55da5d3f4ba50c5f8061d73fa8463189f7b354b171e798447af389f6ed662604a2580c93e81689b43119cc646af671fe5fab0f8377244e7f66d98da689bfba0e6bcd568e5eb612852b0989b4e395cf35f2e16760a1b9aa17b50385055ab45cec68235329c129c3d1399649959d64bd88eb7ba1958a43aa7f265bb1f58f82191be2af5ee31597589e3d611c074520d11071c995831beed2084d07f21470a3187261767040b4b876616a0c55250cd1424acd7ce19486f44ee804c4d8da1d40109325", &(0x7f0000000a40)="6ce9bd3c48116091b0eafa04dc45753e94e93b"}, 0x40) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 962.113286] binder: release 25871:25875 transaction 2178 out, still active [ 962.113291] binder: unexpected work type, 4, not freed [ 962.113294] binder: unexpected work type, 4, not freed [ 962.113297] binder: undelivered TRANSACTION_COMPLETE [ 962.118393] binder: undelivered TRANSACTION_ERROR: 29189 [ 962.118420] binder: undelivered TRANSACTION_ERROR: 29201 16:16:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) [ 962.121825] binder: send failed reply for transaction 2178, target dead [ 962.122036] binder: 25872:25886 BC_INCREFS_DONE u0000000000000000 no match [ 962.122050] binder: 25872:25886 transaction failed 29189/-22, size 0-0 line 3138 [ 962.129763] binder: BINDER_SET_CONTEXT_MGR already set [ 962.129774] binder: 25872:25894 ioctl 40046207 0 returned -16 [ 962.131936] binder: 25872:25882 unknown command 135266304 [ 962.131953] binder: 25872:25882 ioctl c0306201 200006c0 returned -22 [ 962.184337] binder: undelivered TRANSACTION_ERROR: 29189 [ 962.389726] binder: release 25874:25885 transaction 2176 out, still active [ 962.392237] binder: BINDER_SET_CONTEXT_MGR already set 16:16:49 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 962.392244] binder: 25874:25885 ioctl 40046207 0 returned -16 [ 962.396713] binder: 25874:25885 BC_INCREFS_DONE u0000000000000000 no match [ 962.396746] binder_alloc: 25874: binder_alloc_buf, no vma [ 962.396767] binder: 25874:25885 transaction failed 29189/-3, size 0-0 line 3284 [ 962.396828] binder: BINDER_SET_CONTEXT_MGR already set [ 962.396835] binder: 25874:25881 ioctl 40046207 0 returned -16 [ 962.477149] binder: undelivered TRANSACTION_COMPLETE [ 962.498202] binder: release 25895:25896 transaction 2186 out, still active [ 962.521097] binder: unexpected work type, 4, not freed [ 962.526441] binder: unexpected work type, 4, not freed [ 962.535661] binder: undelivered TRANSACTION_COMPLETE [ 962.541276] binder: send failed reply for transaction 2186, target dead [ 962.548808] binder: undelivered TRANSACTION_ERROR: 29189 [ 962.554482] binder: send failed reply for transaction 2176, target dead 16:16:52 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:52 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) setfsuid(r2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r3, 0x8982, &(0x7f0000000000)) lsetxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.selinux\x00', &(0x7f0000000400)='system_u:object_r:devtty_t:s0\x00', 0x1e, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="11634840001e970d6b00020400000000000000000000feff57040000e2ffffff180000000000000082109b11d36174b674ddaba122f6a10789ca1e10141e733c85037097bbfd02e0eaa2dacbbf0189616c4e66ffe4ee627cdea0c19565a62749601832d34ac13506d553328fba0be2c20449d9e09930681c223bd546e613d66ebb788e34c4e9dbafd3dc5d288e4ef07479c6f1ee7b884b878855abcf9e948a0e8961194383520ecd14b456282af30d3e284a06b61e211687c5b55de9cf1f008cec40cdcea7f4650673be8830d5913eca46ec2fab809d9206b914", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a62730000000000000000000000000000000000000000852a747000"/88], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) lsetxattr(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)=@known='system.advise\x00', &(0x7f00000004c0)='/dev/binder#\x00', 0xd, 0x2) 16:16:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:52 executing program 3: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) ftruncate(0xffffffffffffffff, 0x208200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000280)=""/137, &(0x7f0000000100)=0x89) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007fff) keyctl$assume_authority(0x10, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lsetxattr$trusted_overlay_redirect(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000094440000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000005000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000edffffffffffffff00000003000000000000000000000000000000000000000000000000000000eeffffff00000000e2ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000c4d300000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000080000000000000000000000000000000000000000000000000040ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000404110061ca7c55a5e42d81d1e234c789375b23d36d0b7bd15e04e813cd723f47ce56dffa04c1f203e51942829b769c021a132a47ccf4ac88c150bfed88c8aa4db6efaf6839814663b22c44fc5c577657253c50de4d1797c8a8195d482f8537d4f9aeaf495c01d5a31348917325b55b4136f49a20b50d881350d03870439d9759097585033743069099a0c14b7ca9b9fdbba4b31e8658d38d801fc074013102247ae529fe94b9529742c76d1825a441f8205c765deabf008b3e6ac5064c0c2ca8030c651abbfe7fe8803ff6a2a5de91470a21ed3a29fbe853bf2625e00600d9e32fdac5c79c83d19c110c2cccfc32f7f99ea69994f81d903641120915cdcf49efeed42a2054e0544b5f53f43e4f7ab5b6037071e14229606aa0c3d7b7313232a904dbaedc6bd9fe7a1e54afc699624941b6c58fe24ca2338d97bbae7b60c350e72039f84328e39fdf444997aa080a882a81da917d4739bcbb223be6d19106fa4a239fa48a231a9786875523675a7058bc9135228354b3c161cd1c0d0e38d3e1514182f02f3a3a5273fa134e2756aee14acf52e878855b3c2d10bcc65caa785eb923078eebe9a92a0010fd0d9d4175cac3fa4c2ffa948ef6ace5b105904f91733855793c9e18e122e47a5cbf17b194016d3f938504c682a6e79af70f6028f13657100e36d31586511114091a8155a90889521a35f3997b6aa2e120fc6f1d8d38960e3659620e0c6192950e94000000000000000000000000000000003eb09ed9381be96996002d301735aa505e22a9336b362a1a28c3a0f70cc499152a43db91fa9e1569083a5d522702cd13ccba06629a50b3c11482cf9a948bcadbdae6da92f4d1a9b6bbea4b5faa8a9661ee1ccc6ef24efeafa4e233e36dfba0d7cba9be865b767c409cc5d90dfdd6ff9fe276fbf345b8af202eb993eb2548bdd841a4bb28e65b4125da980f6419f80eef639d7b90243b8fb9717755408f551411af115da7cf3e52d99a30bdc09d58cdbb55d997d51a57fb71a77b05ea854cb2675ab5cfc537a999fd49e671aae1109e23d79c9ee4c8e5dc476458537142b0"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) fcntl$setpipe(r2, 0x407, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:52 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x1, 0x8}, 0x800}}, 0xffffffffffffffed) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) linkat(r0, &(0x7f00000000c0)='./file0\x00', r1, &(0x7f0000000140)='./file0\x00', 0xa00) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:52 executing program 2: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) ftruncate(0xffffffffffffffff, 0x208200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000280)=""/137, &(0x7f0000000100)=0x89) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007fff) keyctl$assume_authority(0x10, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lsetxattr$trusted_overlay_redirect(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000094440000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000005000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000edffffffffffffff00000003000000000000000000000000000000000000000000000000000000eeffffff00000000e2ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000c4d300000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000080000000000000000000000000000000000000000000000000040ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000404110061ca7c55a5e42d81d1e234c789375b23d36d0b7bd15e04e813cd723f47ce56dffa04c1f203e51942829b769c021a132a47ccf4ac88c150bfed88c8aa4db6efaf6839814663b22c44fc5c577657253c50de4d1797c8a8195d482f8537d4f9aeaf495c01d5a31348917325b55b4136f49a20b50d881350d03870439d9759097585033743069099a0c14b7ca9b9fdbba4b31e8658d38d801fc074013102247ae529fe94b9529742c76d1825a441f8205c765deabf008b3e6ac5064c0c2ca8030c651abbfe7fe8803ff6a2a5de91470a21ed3a29fbe853bf2625e00600d9e32fdac5c79c83d19c110c2cccfc32f7f99ea69994f81d903641120915cdcf49efeed42a2054e0544b5f53f43e4f7ab5b6037071e14229606aa0c3d7b7313232a904dbaedc6bd9fe7a1e54afc699624941b6c58fe24ca2338d97bbae7b60c350e72039f84328e39fdf444997aa080a882a81da917d4739bcbb223be6d19106fa4a239fa48a231a9786875523675a7058bc9135228354b3c161cd1c0d0e38d3e1514182f02f3a3a5273fa134e2756aee14acf52e878855b3c2d10bcc65caa785eb923078eebe9a92a0010fd0d9d4175cac3fa4c2ffa948ef6ace5b105904f91733855793c9e18e122e47a5cbf17b194016d3f938504c682a6e79af70f6028f13657100e36d31586511114091a8155a90889521a35f3997b6aa2e120fc6f1d8d38960e3659620e0c6192950e94000000000000000000000000000000003eb09ed9381be96996002d301735aa505e22a9336b362a1a28c3a0f70cc499152a43db91fa9e1569083a5d522702cd13ccba06629a50b3c11482cf9a948bcadbdae6da92f4d1a9b6bbea4b5faa8a9661ee1ccc6ef24efeafa4e233e36dfba0d7cba9be865b767c409cc5d90dfdd6ff9fe276fbf345b8af202eb993eb2548bdd841a4bb28e65b4125da980f6419f80eef639d7b90243b8fb9717755408f551411af115da7cf3e52d99a30bdc09d58cdbb55d997d51a57fb71a77b05ea854cb2675ab5cfc537a999fd49e671aae1109e23d79c9ee4c8e5dc476458537142b0"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) fcntl$setpipe(r2, 0x407, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 965.011693] binder: BINDER_SET_CONTEXT_MGR bad uid 255 != 0 [ 965.028363] binder: 25921:25926 ioctl 40046207 0 returned -1 16:16:52 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3515bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:52 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x2400, 0x8) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) dup(r0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) 16:16:52 executing program 3: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) ftruncate(0xffffffffffffffff, 0x208200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000280)=""/137, &(0x7f0000000100)=0x89) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007fff) keyctl$assume_authority(0x10, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lsetxattr$trusted_overlay_redirect(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000094440000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000005000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000edffffffffffffff00000003000000000000000000000000000000000000000000000000000000eeffffff00000000e2ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000c4d300000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000080000000000000000000000000000000000000000000000000040ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000404110061ca7c55a5e42d81d1e234c789375b23d36d0b7bd15e04e813cd723f47ce56dffa04c1f203e51942829b769c021a132a47ccf4ac88c150bfed88c8aa4db6efaf6839814663b22c44fc5c577657253c50de4d1797c8a8195d482f8537d4f9aeaf495c01d5a31348917325b55b4136f49a20b50d881350d03870439d9759097585033743069099a0c14b7ca9b9fdbba4b31e8658d38d801fc074013102247ae529fe94b9529742c76d1825a441f8205c765deabf008b3e6ac5064c0c2ca8030c651abbfe7fe8803ff6a2a5de91470a21ed3a29fbe853bf2625e00600d9e32fdac5c79c83d19c110c2cccfc32f7f99ea69994f81d903641120915cdcf49efeed42a2054e0544b5f53f43e4f7ab5b6037071e14229606aa0c3d7b7313232a904dbaedc6bd9fe7a1e54afc699624941b6c58fe24ca2338d97bbae7b60c350e72039f84328e39fdf444997aa080a882a81da917d4739bcbb223be6d19106fa4a239fa48a231a9786875523675a7058bc9135228354b3c161cd1c0d0e38d3e1514182f02f3a3a5273fa134e2756aee14acf52e878855b3c2d10bcc65caa785eb923078eebe9a92a0010fd0d9d4175cac3fa4c2ffa948ef6ace5b105904f91733855793c9e18e122e47a5cbf17b194016d3f938504c682a6e79af70f6028f13657100e36d31586511114091a8155a90889521a35f3997b6aa2e120fc6f1d8d38960e3659620e0c6192950e94000000000000000000000000000000003eb09ed9381be96996002d301735aa505e22a9336b362a1a28c3a0f70cc499152a43db91fa9e1569083a5d522702cd13ccba06629a50b3c11482cf9a948bcadbdae6da92f4d1a9b6bbea4b5faa8a9661ee1ccc6ef24efeafa4e233e36dfba0d7cba9be865b767c409cc5d90dfdd6ff9fe276fbf345b8af202eb993eb2548bdd841a4bb28e65b4125da980f6419f80eef639d7b90243b8fb9717755408f551411af115da7cf3e52d99a30bdc09d58cdbb55d997d51a57fb71a77b05ea854cb2675ab5cfc537a999fd49e671aae1109e23d79c9ee4c8e5dc476458537142b0"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) fcntl$setpipe(r2, 0x407, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 965.237322] binder: release 25924:25930 transaction 2193 out, still active [ 965.253963] binder: unexpected work type, 4, not freed [ 965.259227] binder: 25944:25945 BC_INCREFS_DONE node 2198 has no pending increfs request [ 965.259241] binder: 25944:25945 got transaction to context manager from process owning it [ 965.259252] binder: 25944:25945 transaction failed 29201/-22, size 0-0 line 3129 16:16:52 executing program 2: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x208200) ftruncate(0xffffffffffffffff, 0x208200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000280)=""/137, &(0x7f0000000100)=0x89) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f00000003c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) keyctl$instantiate(0xc, 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007fff) keyctl$assume_authority(0x10, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x8000000000080001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) lsetxattr$trusted_overlay_redirect(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)='trusted.overlay.redirect\x00', &(0x7f0000000780)='./file0\x00', 0x8, 0x2) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000094440000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000005000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000edffffffffffffff00000003000000000000000000000000000000000000000000000000000000eeffffff00000000e2ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000c4d300000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000080000000000000000000000000000000000000000000000000040ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c6000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000001c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000404110061ca7c55a5e42d81d1e234c789375b23d36d0b7bd15e04e813cd723f47ce56dffa04c1f203e51942829b769c021a132a47ccf4ac88c150bfed88c8aa4db6efaf6839814663b22c44fc5c577657253c50de4d1797c8a8195d482f8537d4f9aeaf495c01d5a31348917325b55b4136f49a20b50d881350d03870439d9759097585033743069099a0c14b7ca9b9fdbba4b31e8658d38d801fc074013102247ae529fe94b9529742c76d1825a441f8205c765deabf008b3e6ac5064c0c2ca8030c651abbfe7fe8803ff6a2a5de91470a21ed3a29fbe853bf2625e00600d9e32fdac5c79c83d19c110c2cccfc32f7f99ea69994f81d903641120915cdcf49efeed42a2054e0544b5f53f43e4f7ab5b6037071e14229606aa0c3d7b7313232a904dbaedc6bd9fe7a1e54afc699624941b6c58fe24ca2338d97bbae7b60c350e72039f84328e39fdf444997aa080a882a81da917d4739bcbb223be6d19106fa4a239fa48a231a9786875523675a7058bc9135228354b3c161cd1c0d0e38d3e1514182f02f3a3a5273fa134e2756aee14acf52e878855b3c2d10bcc65caa785eb923078eebe9a92a0010fd0d9d4175cac3fa4c2ffa948ef6ace5b105904f91733855793c9e18e122e47a5cbf17b194016d3f938504c682a6e79af70f6028f13657100e36d31586511114091a8155a90889521a35f3997b6aa2e120fc6f1d8d38960e3659620e0c6192950e94000000000000000000000000000000003eb09ed9381be96996002d301735aa505e22a9336b362a1a28c3a0f70cc499152a43db91fa9e1569083a5d522702cd13ccba06629a50b3c11482cf9a948bcadbdae6da92f4d1a9b6bbea4b5faa8a9661ee1ccc6ef24efeafa4e233e36dfba0d7cba9be865b767c409cc5d90dfdd6ff9fe276fbf345b8af202eb993eb2548bdd841a4bb28e65b4125da980f6419f80eef639d7b90243b8fb9717755408f551411af115da7cf3e52d99a30bdc09d58cdbb55d997d51a57fb71a77b05ea854cb2675ab5cfc537a999fd49e671aae1109e23d79c9ee4c8e5dc476458537142b0"], 0x310) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000600)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0) fcntl$setpipe(r2, 0x407, 0x0) seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f00000006c0)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x801, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x40000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x48811}, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:52 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31b0700000000000000c22ee20ce70f39885b200770af71bee3cba6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) [ 965.338915] binder: BINDER_SET_CONTEXT_MGR already set 16:16:52 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 965.338925] binder: 25944:25950 ioctl 40046207 0 returned -16 [ 965.339281] binder: 25944:25950 BC_INCREFS_DONE u0000000000000000 no match [ 965.339315] binder_alloc: 25944: binder_alloc_buf, no vma [ 965.339337] binder: 25944:25950 transaction failed 29189/-3, size 0-0 line 3284 [ 965.458917] binder: BINDER_SET_CONTEXT_MGR already set [ 965.459038] binder: 25946:25948 ioctl 40046207 0 returned -16 [ 965.463626] binder_alloc: 25924: binder_alloc_buf, no vma [ 965.463982] binder: 25946:25948 transaction failed 29189/-3, size 88-24 line 3284 [ 965.507183] binder: unexpected work type, 4, not freed [ 965.515973] binder: BINDER_SET_CONTEXT_MGR already set [ 965.516028] binder: 25957:25958 ioctl 40046207 0 returned -16 [ 965.522964] binder_alloc: 25937: binder_alloc_buf, no vma [ 965.523029] binder: 25957:25958 transaction failed 29189/-3, size 88-24 line 3284 [ 965.548421] binder: undelivered TRANSACTION_COMPLETE [ 965.553668] binder: undelivered TRANSACTION_ERROR: 29189 [ 965.559211] binder: undelivered TRANSACTION_ERROR: 29189 [ 965.564780] binder: undelivered TRANSACTION_ERROR: 29189 [ 965.570312] binder: release 25937:25938 transaction 2201 out, still active [ 965.577478] binder: unexpected work type, 4, not freed [ 965.582781] binder: unexpected work type, 4, not freed [ 965.588044] binder: undelivered TRANSACTION_COMPLETE [ 965.593284] binder: send failed reply for transaction 2201, target dead [ 965.600187] binder: undelivered TRANSACTION_ERROR: 29201 [ 965.605761] binder: send failed reply for transaction 2193, target dead [ 966.780592] ip6_tunnel: j xmit: Local address not yet configured! 16:16:55 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:55 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:55 executing program 3: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x5, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:55 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x444}], 0x400005, 0x0) 16:16:55 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:55 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x800) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, 0xfffffffffffffffd, 0x200, 0x0) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f0000000000)={0x7, 0x10000, 0x4c, 0x84b, 0x4, 0x7}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) 16:16:55 executing program 4: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) fcntl$getflags(r0, 0x401) 16:16:55 executing program 2: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000140)=ANY=[@ANYBLOB="693335e6ff03005488edbe40a8a46a0f3e7e3376f845e3afc391c6864386dbda8ddd57a0f485f17398942a2f5c4d6fe201a2122ab70000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f00000007c0)={0x7f, 0x5, 0x3000}, 0x4) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000340), 0x5, 0x0) r3 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x230000, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000240)='./file0\x00', 0x100000000, 0x8, &(0x7f00000006c0)=[{&(0x7f0000000280)="8bf11f704455b67ee9191f0649fbc9a943eb66981fb34a7f7a93a5fc042827991eb7945924d43e9927e359093ac33171acdb873dbfe9227605d4aa93546128f90f8457e59f0788c80162da5ba45fd974b16d3f2900ad3cf8c3af222c1cd1c91ce2ca07a961", 0x65}, {&(0x7f0000000300)="8e8b0a3ca829951e24caf77fd7f0af474c29", 0x12}, {&(0x7f0000000400)="d8a816c2dd50ddff05e9f67164fc2f0224be77803896c4cb5d83802b8b2d962a45a122e47638058ec5e3d352881c0aa1175c18ffd3fc511754c85d1425a809e27f29268d4019417424635b57a0e28e213dfc237ae1ca8d0997ebf10f54376d11a811242c237480", 0x67, 0x3ff}, {&(0x7f0000000480)="086264078de7e559cd16cdf76e198c9f3c49dd4df8cedcd35d5801e625bde6ed392ac9c4369e769600484b376f7b7f744fec48cc309a7dcf6f8b53cfe2e1f8d11d6c95e5500990f03847ff10e01b59a095dbccd694f204c395400d2efb4ecd855fd92e5adeada850ec2466dff1262d3084ae34f5ddd36bdea09d60f2c033a4339de59d43be97cb58049f7f045bd2e7648f9da7c430c7bcd2b65c4842e83a", 0x9e, 0x8000}, {&(0x7f0000000540)="a573a2e064c8ee75636bc9216de02c0c5f", 0x11, 0xfffffffffffffff7}, {&(0x7f0000000580)="7bfa3781fb0a5ac0b5216f0db7a71fe03edc66f1266143a99bf81e313922bbb6e7a4335b1d315f7aa37b0dc19319839260", 0x31, 0x207}, {&(0x7f00000005c0)="012ba9f1cf6d18cd52e04820fc80c3cfc958cb0d8c5f4da1bd7f767cd2189aeabbbcc21fc78cd1861296e266aed472f26405edc5387a0222c2a428fe12f931e2253cd063b542d2eaebcb33b0bfcb22fc4f84212a5d85ce1e99b4a5fc8698db9931fcea08b96a13b9098bf1c20ec1faccfe4d6b92233cdec2487ae5", 0x7b, 0xe0}, {&(0x7f0000000640)="e17b0429c89ad9d893053abc18871a587971370c809dc8d28e8a764b5a8c9892d08705a37b6fc31b1efbb06bcd9aceda7134bfe396052198707fe7534da3f2ee239f638dd1", 0x45, 0x7f}], 0x1321002, &(0x7f0000000780)={[{@grpid='grpid'}, {@grpquota='grpquota'}], [{@dont_appraise='dont_appraise'}]}) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x480, 0x0) write$FUSE_POLL(r4, &(0x7f0000000100)={0x18, 0x0, 0x3, {0x6}}, 0x18) fchdir(r3) [ 968.083312] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 968.096188] binder: 25978:25982 BC_INCREFS_DONE node 2210 has no pending increfs request [ 968.105733] binder: 25978:25982 got transaction to context manager from process owning it [ 968.124241] binder: 25978:25982 transaction failed 29201/-22, size 0-0 line 3129 16:16:55 executing program 3: open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000001240)='./file0\x00', 0x0) r0 = getpid() sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x0, 0x2, 0x0, 0x2, 0x0, 0x70bd2c, 0x25dfdbfe}, 0x10}}, 0x40) sched_setscheduler(r0, 0x5, &(0x7f00000001c0)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='rpc_pipefs\x00WD%l\x8c\x8e3\xf1vS\xdeK8\xd6R\xbd\xd3\x199\'\x95J[>u\xd4l\x8c\xd3\xa6\xcf\xc99\xe0\xed^OM\x9a\xd8\xa2\xef\xee]\x11\xadD\xbe\xf7P:\xc5\xf4\xc2q', 0x0, 0x0) umount2(&(0x7f0000000240)='./file0\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r1, &(0x7f0000000740)=""/142, 0xffed) bind(r1, &(0x7f0000000000)=@in6={0xa, 0x4e24, 0xffff, @empty, 0xfffffff7}, 0x80) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001640)={'team0\x00'}) 16:16:55 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) socket(0x0, 0x0, 0x20) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) pipe(&(0x7f0000000080)) r1 = eventfd2(0x7fff, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00') write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="4f5f3976d291ee6134f11f4cfa7390ea22de2b8f1752da2433622bb337c84406e1c8960054a08792380d4cb6a90f604dc3819c9f9ce0e11b47f89392660d8c8bad0458205df643e6f8d930567b201dcf873178d2ac99f8ee9b30ca"], 0x5b) writev(0xffffffffffffffff, 0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000500)) unshare(0x40000000) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0) epoll_create(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffd}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x200004) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) fallocate(0xffffffffffffffff, 0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8031, 0xffffffffffffffff, 0x0) ioctl$UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8923, &(0x7f0000000200)={'ip_vti0\x00', 0x3001}) r3 = syz_open_dev$binderN(0x0, 0x0, 0x805) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a62730000000000000000000000000000000000000000852a747000"/88], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB="e8d030562b475c8ba5a77fc049d0a55264d520a00a4f146365319f718c0dc8d0ca2ccbd4c7adf9c8deed7755e738429c09a3fd1f59102d00"/78], 0x0, 0x0, 0x0}) 16:16:55 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 968.138414] binder: undelivered TRANSACTION_ERROR: 29201 16:16:55 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f00000000c0)={@empty, @multicast1}, &(0x7f0000000140)=0x8) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001280)=ANY=[@ANYBLOB="e6ff0300544500000000000000000000080000000000", @ANYBLOB="740081008ca31d3f003b54c91df8a31be46a014d43e66871c22ee20ce70f39885b200736932eb27eceb52aec5737ca70af71bee3b7a6117929e7b1d46d38b6a6b6c3285bb01e4d5d627b0f0911da0beb35118732bb0cbf909651c8c600fbde031f3161edefb1ba0706eb9644ce21b8e89e5300004c001f00ff6a4518c96e417975eb8dbfcd05c1"], 0x9d}}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x898fd13755b449c, &(0x7f0000000100)=[{&(0x7f0000000040)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0xff66, 0x400}], 0x5, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) lseek(r1, 0x1, 0x4) [ 968.289277] binder: 25998:26008 BC_INCREFS_DONE node 2213 has no pending increfs request [ 968.299079] binder: 25998:26008 got transaction to context manager from process owning it [ 968.308450] binder: 25998:26008 transaction failed 29201/-22, size 0-0 line 3129 [ 968.316564] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 968.316571] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 968.316577] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 968.333619] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 968.427058] binder: undelivered TRANSACTION_ERROR: 29201 [ 968.763675] : renamed from ip_vti0 16:16:58 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:16:58 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:16:58 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37c, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x17}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:58 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x200080) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x30, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x10, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4}}}]}, 0x30}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in6=@local, 0x4e20, 0x4, 0x4e23, 0x100, 0xa, 0x20, 0xa0, 0xc, r3, 0xee00}, {0x48000000000, 0x0, 0x1, 0x8, 0x1, 0x6, 0x2, 0x1}, {0x0, 0x8, 0x9, 0x9}, 0xffffff7f, 0x6e6bb6, 0x2, 0x2, 0x2, 0x2}, {{@in=@loopback, 0x4d6, 0x3c}, 0x7, @in6=@dev={0xfe, 0x80, [], 0x14}, 0x0, 0x2, 0x1, 0x1f, 0x7fff, 0xfff, 0x1a}}, 0xe8) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:58 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:16:58 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:16:58 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x802, 0x0) ioctl$TCSETA(r2, 0x5406, &(0x7f0000000280)={0xd123, 0x0, 0x240, 0x6, 0x16, 0x3f, 0x80, 0x2, 0x401, 0x7}) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0x50000008}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 16:16:58 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 971.055326] binder: release 26022:26026 transaction 2217 out, still active [ 971.065994] binder: unexpected work type, 4, not freed [ 971.070717] binder: BINDER_SET_CONTEXT_MGR already set 16:16:58 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda={0x66646185, 0x0, 0x2, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:16:58 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x800) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 971.070726] binder: 26021:26031 ioctl 40046207 0 returned -16 [ 971.075443] binder: 26021:26031 BC_INCREFS_DONE u0000000000000000 no match 16:16:58 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x189) r3 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x2, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r6, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r6, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ppoll(&(0x7f00000001c0)=[{r3, 0x1000}, {r4}, {r5, 0x100}, {r6, 0x2}], 0x4, &(0x7f0000000200)={0x77359400}, &(0x7f0000000280)={0x9}, 0x8) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r7, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r7, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r7) r8 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r9, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r9, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$EVIOCGMASK(r9, 0x80104592, &(0x7f0000000040)={0x2, 0x25, &(0x7f0000000000)="57d752507857fb6bede41f3cf067dd5b4826dcb1eebf1a9d8dd5134643e735ca8c0ed109c4"}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000000) 16:16:58 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x800) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x252480, 0x1) getsockopt$inet6_buf(r1, 0x29, 0x2c, &(0x7f0000000100)=""/118, &(0x7f0000000280)=0x76) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/zero\x00', 0x8000, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000300)=0x4, 0x4) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r4) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r5, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r5, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PPPIOCSNPMODE(r5, 0x4008744b, &(0x7f0000000340)={0x283}) [ 971.076402] binder: 26021:26031 got new transaction with bad transaction stack, transaction 2222 has target 26021:0 [ 971.076416] binder: 26021:26031 transaction failed 29201/-71, size 892-24 line 3165 [ 971.118287] binder: BINDER_SET_CONTEXT_MGR already set [ 971.118295] binder: 26033:26036 ioctl 40046207 0 returned -16 [ 971.122292] binder_alloc: 26022: binder_alloc_buf, no vma [ 971.122311] binder: 26033:26036 transaction failed 29189/-3, size 88-24 line 3284 [ 971.123397] binder: BINDER_SET_CONTEXT_MGR already set [ 971.123404] binder: 26034:26037 ioctl 40046207 0 returned -16 [ 971.124783] binder_alloc: 26021: binder_alloc_buf, no vma [ 971.124800] binder: 26034:26037 transaction failed 29189/-3, size 96-24 line 3284 [ 971.180800] binder: BINDER_SET_CONTEXT_MGR already set [ 971.180810] binder: 26039:26041 ioctl 40046207 0 returned -16 [ 971.181598] binder_alloc: 26022: binder_alloc_buf, no vma [ 971.181616] binder: 26039:26041 transaction failed 29189/-3, size 96-24 line 3284 [ 971.191455] binder: BINDER_SET_CONTEXT_MGR already set [ 971.191463] binder: 26040:26042 ioctl 40046207 0 returned -16 [ 971.191911] binder_alloc: 26021: binder_alloc_buf, no vma [ 971.191931] binder: 26040:26042 transaction failed 29189/-3, size 88-24 line 3284 [ 971.224633] binder: BINDER_SET_CONTEXT_MGR already set [ 971.224642] binder: 26044:26047 ioctl 40046207 0 returned -16 [ 971.224783] binder: 26044:26047 BC_INCREFS_DONE u0000000000000000 no match [ 971.224816] binder_alloc: 26022: binder_alloc_buf, no vma [ 971.224837] binder: 26044:26047 transaction failed 29189/-3, size 0-0 line 3284 [ 971.230948] binder: BINDER_SET_CONTEXT_MGR already set [ 971.230957] binder: 26046:26048 ioctl 40046207 0 returned -16 [ 971.231399] binder_alloc: 26021: binder_alloc_buf, no vma [ 971.231421] binder: 26046:26048 transaction failed 29189/-3, size 88-24 line 3284 [ 971.576729] binder: unexpected work type, 4, not freed [ 971.596008] binder: undelivered TRANSACTION_COMPLETE [ 971.610574] binder: undelivered TRANSACTION_ERROR: 29189 [ 971.616457] binder: undelivered TRANSACTION_ERROR: 29189 [ 971.622295] binder: undelivered TRANSACTION_ERROR: 29189 [ 971.627872] binder: undelivered TRANSACTION_ERROR: 29189 [ 971.633814] binder: undelivered TRANSACTION_ERROR: 29189 [ 971.639414] binder: release 26021:26031 transaction 2222 out, still active [ 971.646810] binder: undelivered TRANSACTION_COMPLETE [ 971.651982] binder: undelivered TRANSACTION_ERROR: 29201 [ 971.657683] binder: send failed reply for transaction 2222, target dead [ 971.665261] binder: send failed reply for transaction 2217, target dead [ 972.050662] binder: undelivered TRANSACTION_ERROR: 29189 [ 973.395970] binder: 26285:26286 got transaction with invalid parent offset or type [ 973.404266] binder: 26285:26286 transaction failed 29201/-22, size 96-24 line 3454 [ 973.415914] binder: undelivered TRANSACTION_ERROR: 29201 16:17:01 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:01 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000200)=0x3, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$packet(0x11, 0x3, 0x300) getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f0000000280)={'broute\x00', 0x0, 0x3, 0xb, [], 0x1, &(0x7f00000000c0)=[{}], &(0x7f0000000100)=""/11}, &(0x7f0000000140)=0x78) 16:17:01 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:01 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x189) r3 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x2, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r6, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r6, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ppoll(&(0x7f00000001c0)=[{r3, 0x1000}, {r4}, {r5, 0x100}, {r6, 0x2}], 0x4, &(0x7f0000000200)={0x77359400}, &(0x7f0000000280)={0x9}, 0x8) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r7, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r7, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r7) r8 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r9, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r9, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$EVIOCGMASK(r9, 0x80104592, &(0x7f0000000040)={0x2, 0x25, &(0x7f0000000000)="57d752507857fb6bede41f3cf067dd5b4826dcb1eebf1a9d8dd5134643e735ca8c0ed109c4"}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2000000) 16:17:01 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 974.058922] binder: 26292:26295 BC_INCREFS_DONE node 2234 has no pending increfs request [ 974.063811] binder: 26291:26298 got transaction with invalid offset (918, min 24 max 88) or object. [ 974.063849] binder: 26291:26298 transaction failed 29201/-22, size 88-24 line 3379 [ 974.066422] binder: undelivered TRANSACTION_ERROR: 29201 [ 974.097356] binder: 26292:26295 got transaction to context manager from process owning it 16:17:01 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:01 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000200)=0x3, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$packet(0x11, 0x3, 0x300) getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f0000000280)={'broute\x00', 0x0, 0x3, 0xb, [], 0x1, &(0x7f00000000c0)=[{}], &(0x7f0000000100)=""/11}, &(0x7f0000000140)=0x78) 16:17:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 974.104143] binder: 26293:26297 got transaction with invalid parent offset or type [ 974.104192] binder: 26293:26297 transaction failed 29201/-22, size 96-24 line 3454 16:17:01 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:01 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000200)=0x3, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$packet(0x11, 0x3, 0x300) getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f0000000280)={'broute\x00', 0x0, 0x3, 0xb, [], 0x1, &(0x7f00000000c0)=[{}], &(0x7f0000000100)=""/11}, &(0x7f0000000140)=0x78) [ 974.104622] binder: undelivered TRANSACTION_ERROR: 29201 [ 974.156256] binder: 26308:26311 got transaction with invalid offset (918, min 24 max 88) or object. [ 974.156296] binder: 26308:26311 transaction failed 29201/-22, size 88-24 line 3379 [ 974.160085] binder: undelivered TRANSACTION_ERROR: 29201 [ 974.172638] binder: 26310:26313 got transaction with invalid parent offset or type [ 974.172682] binder: 26310:26313 transaction failed 29201/-22, size 96-24 line 3454 [ 974.173048] binder: undelivered TRANSACTION_ERROR: 29201 [ 974.227459] binder: 26320:26322 got transaction with invalid offset (918, min 24 max 88) or object. [ 974.227510] binder: 26320:26322 transaction failed 29201/-22, size 88-24 line 3379 [ 974.229358] binder: undelivered TRANSACTION_ERROR: 29201 [ 974.307157] binder: 26292:26295 transaction failed 29201/-22, size 0-0 line 3129 [ 974.856129] binder: undelivered TRANSACTION_ERROR: 29201 16:17:04 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:04 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:04 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000200)=0x3, 0x4) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$packet(0x11, 0x3, 0x300) 16:17:04 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:04 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:04 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:04 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) [ 977.076867] binder: 26334:26338 got transaction with invalid offset (918, min 24 max 88) or object. [ 977.094363] binder: 26334:26338 transaction failed 29201/-22, size 88-24 line 3379 16:17:04 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:04 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000200)=0x3, 0x4) socket$inet_icmp_raw(0x2, 0x3, 0x1) [ 977.134956] binder: undelivered TRANSACTION_ERROR: 29201 [ 977.194384] binder: 26356:26359 transaction failed 29189/-22, size 96-24 line 3138 [ 977.219485] binder: undelivered TRANSACTION_ERROR: 29189 [ 977.229867] binder: 26362:26365 got transaction with invalid offset (918, min 24 max 88) or object. [ 977.239619] binder: 26362:26365 transaction failed 29201/-22, size 88-24 line 3379 [ 977.254545] binder: undelivered TRANSACTION_ERROR: 29201 16:17:07 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, 0x0) getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:07 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:07 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:07 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000200)=0x3, 0x4) 16:17:07 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, 0x0) getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:07 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) 16:17:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, 0x0) getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 980.095884] binder: 26374:26376 transaction failed 29189/-22, size 96-24 line 3138 [ 980.108477] binder: 26375:26379 got transaction with invalid offset (918, min 24 max 88) or object. 16:17:07 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, &(0x7f00000001c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:07 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) [ 980.108516] binder: 26375:26379 transaction failed 29201/-22, size 88-24 line 3379 [ 980.109075] binder: undelivered TRANSACTION_ERROR: 29201 [ 980.164759] binder: 26385:26390 got transaction with invalid offset (918, min 24 max 88) or object. [ 980.164799] binder: 26385:26390 transaction failed 29201/-22, size 88-24 line 3379 [ 980.166600] binder: undelivered TRANSACTION_ERROR: 29201 [ 980.226581] binder: 26397:26399 got transaction with invalid offset (918, min 24 max 88) or object. [ 980.226626] binder: 26397:26399 transaction failed 29201/-22, size 88-24 line 3379 [ 980.244473] binder: undelivered TRANSACTION_ERROR: 29201 [ 980.263860] binder: undelivered TRANSACTION_ERROR: 29189 16:17:10 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 16:17:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(0xffffffffffffffff, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:10 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') 16:17:10 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:10 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) 16:17:10 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:10 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:10 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(0xffffffffffffffff, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) [ 983.110982] binder: 26406:26410 got transaction with invalid offset (918, min 24 max 88) or object. [ 983.116074] binder: 26409:26413 transaction failed 29189/-22, size 96-24 line 3138 16:17:10 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(0xffffffffffffffff, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:10 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 983.116221] binder: undelivered TRANSACTION_ERROR: 29189 [ 983.123274] binder: 26407:26415 got transaction with invalid offset (918, min 24 max 88) or object. [ 983.123311] binder: 26407:26415 transaction failed 29201/-22, size 88-24 line 3379 [ 983.123954] binder: undelivered TRANSACTION_ERROR: 29201 [ 983.162489] binder_alloc: 26422: binder_alloc_buf, no vma [ 983.162507] binder: 26422:26425 transaction failed 29189/-3, size 96-24 line 3284 [ 983.162868] binder: undelivered TRANSACTION_ERROR: 29189 [ 983.170434] binder: 26420:26427 got transaction with invalid offset (918, min 24 max 88) or object. [ 983.170796] binder: 26420:26427 transaction failed 29201/-22, size 88-24 line 3379 [ 983.171164] binder: undelivered TRANSACTION_ERROR: 29201 [ 983.219868] binder_alloc: 26430: binder_alloc_buf, no vma [ 983.219888] binder: 26430:26433 transaction failed 29189/-3, size 96-24 line 3284 [ 983.220172] binder: undelivered TRANSACTION_ERROR: 29189 [ 983.323768] binder: 26406:26410 transaction failed 29201/-22, size 88-24 line 3379 [ 983.340300] binder: undelivered TRANSACTION_ERROR: 29201 16:17:13 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 16:17:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, 0x0, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) 16:17:13 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) 16:17:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, 0x0, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 986.127963] binder_alloc: 26447: binder_alloc_buf, no vma [ 986.128043] binder: 26444:26448 got transaction with invalid offset (918, min 24 max 88) or object. 16:17:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, 0x0, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000001680)={0x0, @loopback, @empty}, 0xc) 16:17:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) [ 986.128078] binder: 26444:26448 transaction failed 29201/-22, size 88-24 line 3379 [ 986.129313] binder: undelivered TRANSACTION_ERROR: 29201 [ 986.183683] binder: 26457:26461 got transaction with invalid offset (918, min 24 max 88) or object. [ 986.183717] binder: 26457:26461 transaction failed 29201/-22, size 88-24 line 3379 [ 986.185067] binder: undelivered TRANSACTION_ERROR: 29201 [ 986.226015] binder: 26468:26470 transaction failed 29189/-22, size 88-24 line 3138 [ 986.226157] binder: undelivered TRANSACTION_ERROR: 29189 [ 986.232873] binder: 26471:26473 got transaction with invalid offset (918, min 24 max 88) or object. [ 986.232909] binder: 26471:26473 transaction failed 29201/-22, size 88-24 line 3379 [ 986.235103] binder: undelivered TRANSACTION_ERROR: 29201 [ 986.297224] binder: 26447:26451 transaction failed 29189/-3, size 96-24 line 3284 [ 986.307942] binder: undelivered TRANSACTION_ERROR: 29189 16:17:16 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 16:17:16 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) 16:17:16 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:16 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') 16:17:16 executing program 4: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:16 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:16 executing program 4: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:16 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00', 0x0}) bind$packet(r2, &(0x7f00000001c0)={0x11, 0x800, r3, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r2, &(0x7f0000000d00), 0x400004e, 0x0) 16:17:16 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 989.137974] binder: 26480:26482 transaction failed 29189/-22, size 88-24 line 3138 [ 989.159112] binder: undelivered TRANSACTION_ERROR: 29189 16:17:16 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:16 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 989.193468] binder: 26483:26489 got transaction with invalid offset (918, min 24 max 88) or object. [ 989.200218] binder: 26494:26496 transaction failed 29189/-22, size 88-24 line 3138 16:17:16 executing program 4: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 989.200352] binder: undelivered TRANSACTION_ERROR: 29189 [ 989.241733] binder_alloc: 26501: binder_alloc_buf, no vma [ 989.241750] binder: 26501:26503 transaction failed 29189/-3, size 88-24 line 3284 [ 989.242036] binder: undelivered TRANSACTION_ERROR: 29189 [ 989.270689] binder_alloc: 26505: binder_alloc_buf, no vma [ 989.270707] binder: 26505:26507 transaction failed 29189/-3, size 88-24 line 3284 [ 989.271170] binder: undelivered TRANSACTION_ERROR: 29189 [ 989.340338] binder: 26483:26489 transaction failed 29201/-22, size 88-24 line 3379 [ 989.351609] binder: undelivered TRANSACTION_ERROR: 29201 16:17:19 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 16:17:19 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:19 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:19 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) close(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000005c0)) clone(0x0, 0x0, 0x0, &(0x7f0000000300), 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x7ffff000}], 0x1}, 0x0) r2 = memfd_create(&(0x7f0000000000), 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x0, 0x2011, r2, 0x0) 16:17:19 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:19 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 992.159075] binder: 26516:26518 got transaction with invalid offset (918, min 24 max 88) or object. [ 992.173331] binder: 26516:26518 transaction failed 29201/-22, size 88-24 line 3379 16:17:19 executing program 2: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:19 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:19 executing program 2: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 992.189254] binder_alloc: 26517: binder_alloc_buf, no vma [ 992.189278] binder: 26517:26526 transaction failed 29189/-3, size 88-24 line 3284 [ 992.189719] binder: undelivered TRANSACTION_ERROR: 29189 16:17:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 992.261300] binder: undelivered TRANSACTION_ERROR: 29201 [ 992.320592] binder_alloc: 26547: binder_alloc_buf, no vma [ 992.331854] binder: 26547:26548 transaction failed 29189/-3, size 96-24 line 3284 [ 992.346542] binder: undelivered TRANSACTION_ERROR: 29189 16:17:22 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 16:17:22 executing program 2: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:22 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:22 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:22 executing program 5: r0 = socket$unix(0x1, 0x3, 0x0) bind$unix(r0, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x3, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 16:17:22 executing program 2: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:22 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x20000002, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10) sendto$inet(r1, &(0x7f0000000000)='\x00', 0xffffffffffffff7f, 0x8000204087ffd, 0x0, 0x138) recvfrom$inet(r1, 0x0, 0xffffffffffffffda, 0x10120, 0x0, 0xffffffffffffff73) 16:17:22 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:22 executing program 2: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 995.216523] binder_alloc: 26561: binder_alloc_buf, no vma [ 995.233579] binder: 26561:26568 transaction failed 29189/-3, size 96-24 line 3284 16:17:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:22 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 995.273370] binder: undelivered TRANSACTION_ERROR: 29189 [ 995.314441] binder_alloc: 26585: binder_alloc_buf, no vma [ 995.325377] binder: 26587:26590 transaction failed 29189/-22, size 88-24 line 3138 [ 995.325549] binder: undelivered TRANSACTION_ERROR: 29189 [ 995.367419] binder: 26585:26588 transaction failed 29189/-3, size 96-24 line 3284 [ 995.380434] binder: undelivered TRANSACTION_ERROR: 29189 16:17:25 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001380)="6653070000053376003639405cb4aed12f0000000000ae47a825d86800278dcff47d01000080", 0x26}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 16:17:25 executing program 2: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:25 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, 0x0) socketpair(0x1d, 0x3, 0x1, &(0x7f0000000000)) 16:17:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:25 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:25 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:25 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 998.231388] binder: 26599:26606 transaction failed 29189/-22, size 96-24 line 3138 [ 998.245489] binder: 26596:26605 transaction failed 29189/-22, size 88-24 line 3138 [ 998.245649] binder: undelivered TRANSACTION_ERROR: 29189 16:17:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:25 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 998.267643] binder_alloc: 26609: binder_alloc_buf, no vma [ 998.267663] binder: 26609:26614 transaction failed 29189/-3, size 88-24 line 3284 [ 998.267897] binder: undelivered TRANSACTION_ERROR: 29189 [ 998.288875] binder: 26613:26616 transaction failed 29189/-22, size 88-24 line 3138 [ 998.289103] binder: undelivered TRANSACTION_ERROR: 29189 [ 998.319841] binder_alloc: 26619: binder_alloc_buf, no vma [ 998.319859] binder: 26619:26622 transaction failed 29189/-3, size 88-24 line 3284 [ 998.320111] binder: undelivered TRANSACTION_ERROR: 29189 [ 998.342913] binder_alloc: 26625: binder_alloc_buf, no vma [ 998.342939] binder: 26625:26627 transaction failed 29189/-3, size 88-24 line 3284 [ 998.343261] binder: undelivered TRANSACTION_ERROR: 29189 [ 998.369331] binder_alloc: 26631: binder_alloc_buf, no vma [ 998.369349] binder: 26631:26632 transaction failed 29189/-3, size 88-24 line 3284 [ 998.369628] binder: undelivered TRANSACTION_ERROR: 29189 [ 998.447734] binder: undelivered TRANSACTION_ERROR: 29189 16:17:28 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:28 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:28 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:28 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:28 executing program 0: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x19, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x3c) bpf$MAP_UPDATE_ELEM(0x15, &(0x7f0000000180)={r0, &(0x7f0000000340), 0x0}, 0x20) 16:17:28 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:28 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1001.250084] binder: 26642:26645 transaction failed 29189/-22, size 96-24 line 3138 [ 1001.250253] binder_alloc: 26638: binder_alloc_buf, no vma [ 1001.259007] binder: undelivered TRANSACTION_ERROR: 29189 16:17:28 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:28 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x4000000000002) fcntl$dupfd(r0, 0x0, r1) ppoll(&(0x7f0000000080)=[{r1}], 0x1, 0x0, 0x0, 0x0) r2 = dup3(r1, r0, 0x0) write$char_usb(r2, 0x0, 0x0) 16:17:28 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1001.259248] binder: 26640:26646 transaction failed 29189/-22, size 88-24 line 3138 [ 1001.259581] binder: undelivered TRANSACTION_ERROR: 29189 [ 1001.302252] binder: 26652:26654 transaction failed 29189/-22, size 88-24 line 3138 16:17:28 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1001.302392] binder: undelivered TRANSACTION_ERROR: 29189 [ 1001.317565] binder: 26649:26653 transaction failed 29189/-22, size 96-24 line 3138 [ 1001.326777] binder: undelivered TRANSACTION_ERROR: 29189 [ 1001.361585] binder: 26662:26666 transaction failed 29189/-22, size 88-24 line 3138 [ 1001.361751] binder: undelivered TRANSACTION_ERROR: 29189 [ 1001.423584] binder: 26638:26647 transaction failed 29189/-3, size 88-24 line 3284 [ 1001.442073] binder: undelivered TRANSACTION_ERROR: 29189 16:17:29 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:29 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:29 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:29 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x314, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:29 executing program 3: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1001.532620] binder_alloc: 26674: binder_alloc_buf, no vma [ 1001.542660] binder: 26674:26679 transaction failed 29189/-3, size 88-24 line 3284 [ 1001.565625] binder: undelivered TRANSACTION_ERROR: 29189 16:17:31 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 16:17:31 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 16:17:31 executing program 3: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:31 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:31 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) pipe(&(0x7f0000000000)) socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000380)) pipe(&(0x7f0000000380)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) socket(0x10, 0x803, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) socket(0x10, 0x803, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) open(&(0x7f0000000240)='./bus\x00', 0x141042, 0x0) pipe(&(0x7f00000002c0)) pipe(&(0x7f0000000040)={0xffffffffffffffff}) clone(0x7f8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4034f6dad2bf2041010014a70f34"], 0xe}}, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x40) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]}) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000000c0)={0x0, 0x0, 0x0, r0}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 16:17:31 executing program 3: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 16:17:31 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:31 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 1004.351736] binder: 26699:26703 ioctl c0306201 0 returned -14 [ 1004.370055] binder: 26698:26708 ioctl c0306201 0 returned -14 16:17:31 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 16:17:31 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1004.426267] binder: 26719:26723 ioctl c0306201 0 returned -14 [ 1004.432448] binder: 26724:26726 ioctl c0306201 0 returned -14 [ 1004.472936] binder: 26729:26730 ioctl c0306201 0 returned -14 16:17:34 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:34 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 16:17:34 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16:17:34 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:34 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) ftruncate(0xffffffffffffffff, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r1 = open(&(0x7f0000001ac0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000080)={0x0, 0x7}) 16:17:34 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:34 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16:17:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) socketpair$unix(0x1, 0x0, 0x0, 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0x20) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) fcntl$setstatus(r0, 0x4, 0x80000000002c00) 16:17:34 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:34 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1007.414074] binder: 26739:26752 ioctl c0306201 0 returned -14 [ 1007.424028] binder_alloc: 26751: binder_alloc_buf, no vma [ 1007.424048] binder: 26751:26757 transaction failed 29189/-3, size 88-24 line 3284 16:17:35 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1007.424295] binder: undelivered TRANSACTION_ERROR: 29189 [ 1007.481141] binder_alloc: 26763: binder_alloc_buf, no vma [ 1007.481160] binder: 26763:26767 transaction failed 29189/-3, size 88-24 line 3284 [ 1007.481504] binder: undelivered TRANSACTION_ERROR: 29189 [ 1007.527527] binder_alloc: 26770: binder_alloc_buf, no vma [ 1007.527546] binder: 26770:26772 transaction failed 29189/-3, size 88-24 line 3284 [ 1007.527796] binder: undelivered TRANSACTION_ERROR: 29189 16:17:37 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:37 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 16:17:37 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:37 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16:17:37 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:17:37 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:37 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 16:17:37 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16:17:37 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:37 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1010.407538] binder: 26781:26788 transaction failed 29189/-22, size 88-24 line 3138 [ 1010.424706] binder: undelivered TRANSACTION_ERROR: 29189 16:17:38 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 16:17:38 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) [ 1010.489184] binder: 26805:26808 transaction failed 29189/-22, size 88-24 line 3138 [ 1010.518758] binder: undelivered TRANSACTION_ERROR: 29189 16:17:40 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:40 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) 16:17:40 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 16:17:40 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:40 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:40 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:17:40 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 16:17:40 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1013.415817] binder: 26820:26826 got transaction with invalid offset (0, min 0 max 0) or object. [ 1013.437621] binder: 26821:26831 transaction failed 29189/-22, size 88-24 line 3138 16:17:41 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:41 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) 16:17:41 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) [ 1013.437757] binder: undelivered TRANSACTION_ERROR: 29189 [ 1013.476266] binder: 26820:26826 transaction failed 29201/-22, size 0-24 line 3379 [ 1013.498112] binder: undelivered TRANSACTION_ERROR: 29201 16:17:41 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1013.521118] binder: 26845:26846 got transaction with invalid offset (0, min 0 max 0) or object. [ 1013.531160] binder: 26845:26846 transaction failed 29201/-22, size 0-24 line 3379 [ 1013.552990] binder: 26848:26852 got transaction with invalid offset (0, min 0 max 0) or object. [ 1013.553019] binder: 26848:26852 transaction failed 29201/-22, size 0-24 line 3379 [ 1013.553315] binder: undelivered TRANSACTION_ERROR: 29201 [ 1013.596407] binder: undelivered TRANSACTION_ERROR: 29201 16:17:43 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:43 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 16:17:43 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) 16:17:43 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) 16:17:43 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:43 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:17:43 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 16:17:44 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) 16:17:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 1016.435648] binder: 26861:26863 got transaction with invalid offset (0, min 0 max 0) or object. [ 1016.448364] binder: 26859:26862 ioctl c0306201 0 returned -14 [ 1016.451467] binder: 26864:26872 got transaction with invalid offset (0, min 0 max 0) or object. 16:17:44 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x0, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1016.451490] binder: 26864:26872 transaction failed 29201/-22, size 0-24 line 3379 [ 1016.451620] binder: undelivered TRANSACTION_ERROR: 29201 [ 1016.490667] binder: 26875:26876 ioctl c0306201 0 returned -14 16:17:44 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda={0x66646185, 0x0, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 1016.513251] binder: 26878:26881 got transaction with invalid offset (0, min 0 max 0) or object. [ 1016.513279] binder: 26878:26881 transaction failed 29201/-22, size 0-24 line 3379 [ 1016.513509] binder: undelivered TRANSACTION_ERROR: 29201 [ 1016.525549] binder: 26880:26882 ioctl c0306201 0 returned -14 [ 1016.562639] binder: 26886:26887 got transaction with invalid parent offset or type [ 1016.562673] binder: 26886:26887 transaction failed 29201/-22, size 96-24 line 3454 [ 1016.562877] binder: undelivered TRANSACTION_ERROR: 29201 [ 1016.597872] binder: 26890:26891 got transaction with invalid parent offset or type [ 1016.597911] binder: 26890:26891 transaction failed 29201/-22, size 96-24 line 3454 [ 1016.598261] binder: undelivered TRANSACTION_ERROR: 29201 [ 1016.664514] binder: 26861:26863 transaction failed 29201/-22, size 0-24 line 3379 [ 1016.674559] binder: undelivered TRANSACTION_ERROR: 29201 16:17:46 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:46 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16:17:46 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:17:46 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:46 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:46 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:17:47 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1019.460053] binder: 26899:26906 got transaction with invalid parent offset or type [ 1019.466960] binder: 26903:26909 got transaction with invalid offset (918, min 24 max 88) or object. 16:17:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 16:17:47 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) 16:17:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 16:17:47 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 1019.467001] binder: 26903:26909 transaction failed 29201/-22, size 88-24 line 3379 [ 1019.467138] binder: undelivered TRANSACTION_ERROR: 29201 [ 1019.519455] binder: 26912:26917 got transaction with invalid offset (918, min 24 max 88) or object. [ 1019.519501] binder: 26912:26917 transaction failed 29201/-22, size 88-24 line 3379 [ 1019.519752] binder: undelivered TRANSACTION_ERROR: 29201 [ 1019.546468] binder: release 26920:26923 transaction 2438 out, still active [ 1019.546472] binder: unexpected work type, 4, not freed [ 1019.546475] binder: undelivered TRANSACTION_COMPLETE [ 1019.556475] binder: send failed reply for transaction 2438, target dead [ 1019.602026] binder: release 26924:26928 transaction 2443 out, still active [ 1019.602031] binder: unexpected work type, 4, not freed [ 1019.602033] binder: undelivered TRANSACTION_COMPLETE [ 1019.612965] binder: send failed reply for transaction 2443, target dead [ 1019.668802] binder: 26899:26906 transaction failed 29201/-22, size 96-24 line 3454 [ 1019.678972] binder: undelivered TRANSACTION_ERROR: 29201 16:17:49 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:49 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) 16:17:49 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) 16:17:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:49 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) 16:17:49 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$cont(0x7, r0, 0x0, 0x0) 16:17:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) 16:17:50 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) 16:17:50 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x0, 0x0, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1022.475907] binder: release 26936:26940 transaction 2447 out, still active [ 1022.490956] binder: unexpected work type, 4, not freed 16:17:50 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) 16:17:50 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) 16:17:50 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x0, 0x0, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1022.534061] binder: BINDER_SET_CONTEXT_MGR already set [ 1022.534070] binder: 26949:26952 ioctl 40046207 0 returned -16 [ 1022.535229] binder_alloc: 26935: binder_alloc_buf, no vma [ 1022.535250] binder: 26949:26952 transaction failed 29189/-3, size 0-24 line 3284 [ 1022.555199] binder: BINDER_SET_CONTEXT_MGR already set [ 1022.555208] binder: 26956:26958 ioctl 40046207 0 returned -16 [ 1022.555667] binder_alloc: 26936: binder_alloc_buf, no vma [ 1022.555687] binder: 26956:26958 transaction failed 29189/-3, size 88-24 line 3284 [ 1022.558425] binder: BINDER_SET_CONTEXT_MGR already set [ 1022.558433] binder: 26955:26957 ioctl 40046207 0 returned -16 [ 1022.558667] binder_alloc: 26938: binder_alloc_buf, no vma [ 1022.558685] binder: 26955:26957 transaction failed 29189/-3, size 96-0 line 3284 [ 1022.594932] binder: BINDER_SET_CONTEXT_MGR already set [ 1022.594940] binder: 26960:26961 ioctl 40046207 0 returned -16 [ 1022.595233] binder_alloc: 26935: binder_alloc_buf, no vma [ 1022.595253] binder: 26960:26961 transaction failed 29189/-3, size 0-24 line 3284 [ 1022.608268] binder: BINDER_SET_CONTEXT_MGR already set [ 1022.608277] binder: 26962:26964 ioctl 40046207 0 returned -16 [ 1022.608541] binder_alloc: 26936: binder_alloc_buf, no vma [ 1022.608559] binder: 26962:26964 transaction failed 29189/-3, size 88-24 line 3284 [ 1022.613378] binder: BINDER_SET_CONTEXT_MGR already set [ 1022.613389] binder: 26966:26967 ioctl 40046207 0 returned -16 [ 1022.613828] binder_alloc: 26938: binder_alloc_buf, no vma [ 1022.613848] binder: 26966:26967 transaction failed 29189/-3, size 96-0 line 3284 [ 1022.770815] binder: undelivered TRANSACTION_COMPLETE [ 1022.775954] binder: undelivered TRANSACTION_ERROR: 29189 [ 1022.781542] binder: undelivered TRANSACTION_ERROR: 29189 [ 1022.787276] binder: undelivered TRANSACTION_ERROR: 29189 [ 1022.792874] binder: undelivered TRANSACTION_ERROR: 29189 [ 1022.798555] binder: undelivered TRANSACTION_ERROR: 29189 [ 1022.804363] binder: undelivered TRANSACTION_ERROR: 29189 [ 1022.809942] binder: send failed reply for transaction 2447, target dead [ 1022.816965] binder: release 26938:26941 transaction 2452 out, still active [ 1022.824046] binder: undelivered TRANSACTION_COMPLETE [ 1022.829202] binder: send failed reply for transaction 2452, target dead 16:17:53 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:53 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, 0x0}) 16:17:53 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x0, 0x0, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:53 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$cont(0x7, r0, 0x0, 0x0) 16:17:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1025.491488] binder: 26972:26976 got transaction with invalid offset (0, min 0 max 0) or object. [ 1025.509560] binder: 26975:26980 got transaction with invalid offset (918, min 24 max 88) or object. 16:17:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) 16:17:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) [ 1025.509597] binder: 26975:26980 transaction failed 29201/-22, size 88-24 line 3379 [ 1025.509883] binder: undelivered TRANSACTION_ERROR: 29201 [ 1025.549890] binder: 26988:26989 got transaction with invalid offset (918, min 24 max 88) or object. 16:17:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) [ 1025.550147] binder: 26988:26989 transaction failed 29201/-22, size 88-24 line 3379 [ 1025.550422] binder: undelivered TRANSACTION_ERROR: 29201 [ 1025.587065] binder: release 26991:26992 transaction 2470 out, still active [ 1025.587069] binder: undelivered TRANSACTION_COMPLETE 16:17:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1025.595566] binder: send failed reply for transaction 2470, target dead [ 1025.645308] binder: release 26994:26995 transaction 2472 out, still active [ 1025.645313] binder: undelivered TRANSACTION_COMPLETE 16:17:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat=@binder={0x73622a85, 0x314}, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1025.645358] binder: send failed reply for transaction 2472, target dead [ 1025.673088] binder: release 26997:26998 transaction 2474 out, still active [ 1025.673093] binder: undelivered TRANSACTION_COMPLETE [ 1025.686475] binder: send failed reply for transaction 2474, target dead [ 1025.720426] binder: 27000:27001 got transaction with invalid offset (918, min 24 max 88) or object. [ 1025.721096] binder: 27000:27001 transaction failed 29201/-22, size 88-24 line 3379 [ 1025.721436] binder: undelivered TRANSACTION_ERROR: 29201 [ 1025.761229] binder_alloc: 27003: binder_alloc_buf, no vma [ 1025.761248] binder: 27003:27004 transaction failed 29189/-3, size 88-24 line 3284 [ 1025.761683] binder: undelivered TRANSACTION_ERROR: 29189 [ 1025.822716] binder: 26972:26976 transaction failed 29201/-22, size 0-24 line 3379 [ 1025.832563] binder: undelivered TRANSACTION_ERROR: 29201 16:17:56 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:56 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:56 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:56 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:56 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() sched_setscheduler(0x0, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') getdents(r0, &(0x7f0000000740)=""/142, 0xffed) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) 16:17:56 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$cont(0x7, r0, 0x0, 0x0) 16:17:56 executing program 4: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:56 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:56 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1028.514741] binder: 27012:27014 got transaction with invalid offset (918, min 24 max 88) or object. [ 1028.538652] binder: 27012:27014 transaction failed 29201/-22, size 88-24 line 3379 [ 1028.548415] binder: undelivered TRANSACTION_ERROR: 29201 16:17:56 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:56 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 1028.597099] binder: 27031:27033 got transaction with invalid offset (918, min 24 max 88) or object. [ 1028.617901] binder: 27031:27033 transaction failed 29201/-22, size 88-24 line 3379 [ 1028.635690] binder: undelivered TRANSACTION_ERROR: 29201 16:17:56 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 1028.672684] binder: release 27036:27038 transaction 2490 out, still active [ 1028.684434] binder: unexpected work type, 4, not freed [ 1028.702147] binder: undelivered TRANSACTION_COMPLETE [ 1028.722835] binder: send failed reply for transaction 2490, target dead [ 1028.745859] binder: release 27040:27042 transaction 2494 out, still active [ 1028.753312] binder: unexpected work type, 4, not freed [ 1028.758693] binder: undelivered TRANSACTION_COMPLETE [ 1028.764462] binder: send failed reply for transaction 2494, target dead 16:17:59 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:17:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) 16:17:59 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="852a62731403000002000000000000000000000000000000852a62730000000000000000000000000000000000000000852a747000"/88], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB="00e4000032000200"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f00000000c0)) 16:17:59 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:17:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x0, 0x0, 0xf}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:17:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) [ 1031.545063] binder_alloc: 27050: binder_alloc_buf size 563164701844592 failed, no address space [ 1031.555175] binder: release 27047:27055 transaction 2500 out, still active [ 1031.555181] binder: unexpected work type, 4, not freed [ 1031.555183] binder: undelivered TRANSACTION_COMPLETE [ 1031.558557] binder: send failed reply for transaction 2500, target dead 16:17:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) [ 1031.581983] binder: 27061:27063 got transaction with invalid offset (918, min 24 max 88) or object. [ 1031.582023] binder: 27061:27063 transaction failed 29201/-22, size 88-24 line 3379 [ 1031.582290] binder: undelivered TRANSACTION_ERROR: 29201 [ 1031.601544] binder: BINDER_SET_CONTEXT_MGR already set 16:17:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup(r0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) 16:17:59 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) [ 1031.601552] binder: 27050:27065 ioctl 40046207 0 returned -16 [ 1031.602344] binder: 27050:27065 BC_INCREFS_DONE u0000000000000000 no match [ 1031.630086] binder: 27067:27071 got transaction with invalid offset (918, min 24 max 88) or object. [ 1031.630124] binder: 27067:27071 transaction failed 29201/-22, size 88-24 line 3379 [ 1031.630615] binder: undelivered TRANSACTION_ERROR: 29201 [ 1031.687324] binder: release 27073:27075 transaction 2513 out, still active [ 1031.687329] binder: undelivered TRANSACTION_COMPLETE [ 1031.691538] binder: send failed reply for transaction 2513, target dead [ 1031.719611] binder: release 27078:27081 transaction 2515 out, still active [ 1031.719616] binder: undelivered TRANSACTION_COMPLETE [ 1031.723889] binder: send failed reply for transaction 2515, target dead [ 1031.784846] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1031.794462] binder: 27050:27054 transaction failed 29201/-28, size 88-24 line 3284 [ 1031.812435] binder: undelivered TRANSACTION_ERROR: 29201 [ 1031.817973] binder: release 27050:27065 transaction 2507 out, still active [ 1031.827757] binder: undelivered TRANSACTION_COMPLETE [ 1031.832986] binder: send failed reply for transaction 2507, target dead 16:18:02 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) 16:18:02 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}}], 0x0, 0x0, 0x0}) 16:18:02 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @flat=@weak_binder={0x77622a85, 0x1, 0x3}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0xfffffedf, 0x0, 0x0}) 16:18:02 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0xd8, 0x0, &(0x7f0000000340)=[@release={0x40046306, 0x3}, @acquire_done={0x40106309, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@fda={0x66646185, 0x5, 0x0, 0x13}, @flat=@weak_binder={0x77622a85, 0x10f, 0x2}, @fda={0x66646185, 0x8, 0x0, 0x32}}, &(0x7f0000000140)={0x0, 0x20, 0x38}}}, @decrefs={0x40046307, 0x1}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000280)={@fda={0x66646185, 0x5, 0x0, 0x3e}, @fda={0x66646185, 0x8, 0x1, 0x28}, @flat=@binder={0x73622a85, 0x2000, 0x3}}, &(0x7f0000000300)={0x0, 0x20, 0x40}}}, @acquire, @clear_death={0x400c630f, 0x3}, @clear_death={0x400c630f, 0x1}, @register_looper], 0x56, 0x0, &(0x7f0000000440)="26d1588ec1faea35d68b01d71b2a789ce059bb4b439a0c289fec4e1d0cf4950235579c41150f23f2f06e570c9db3bdf850bdd15a324557fe9292845a6041c5aaf70751267b71033456ebe2ac4adac38473b0ebdaa26b"}) 16:18:02 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = add_key$keyring(&(0x7f0000000000)='\x01\x00\x00\x00\x00\x00V\x0f', &(0x7f0000000080)={'\xa9\x00'}, 0x0, 0x0, 0xffffffffffffffff) r3 = add_key$keyring(&(0x7f0000000580), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, r3) keyctl$unlink(0x9, r2, r3) r4 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, r3) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000200)="f256807a11e49fd1ee8479c4a9c7d1cbb85e73b0cedcfa5c1bd7579009e303ad45d56b4a2c58f261d33c9b48ee2cd109c9a7b291fec628a6c542515f366669d4917dd3c8d867a6", 0x47, r4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000001380)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x2a7, 0xfffffffffffffe1b, 0x30}}}], 0x0, 0x0, 0x0}) [ 1034.551454] binder: release 27086:27088 transaction 2517 out, still active [ 1034.564769] binder: undelivered TRANSACTION_COMPLETE [ 1034.589187] binder: release 27087:27094 transaction 2519 out, still active 16:18:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x314, 0x2}, @flat, @flat=@weak_binder={0x77622a85, 0x1, 0x3}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0xfffffedf, 0x0, 0x0}) 16:18:02 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/validatetrans\x00', 0x1, 0x0) fchmod(r1, 0x1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) fsetxattr(r2, &(0x7f0000000100)=@known='system.posix_acl_default\x00', &(0x7f00000001c0)='/selinux/validatetrans\x00', 0x17, 0x1ca124607a8a912f) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={0x0, r4, 0xc}, 0x10) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0}) setrlimit(0xa, &(0x7f0000000040)={0x3, 0x8}) [ 1034.606021] binder: undelivered TRANSACTION_COMPLETE [ 1034.612303] binder: 27090:27096 ioctl c0306201 20000180 returned -14 16:18:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:02 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000000c0)={0x0, 0x18, 0x40}}, 0x17390a070c3c3819}], 0x0, 0x0, 0x0}) [ 1034.637693] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.637703] binder: 27100:27105 ioctl 40046207 0 returned -16 [ 1034.638400] binder_alloc: 27086: binder_alloc_buf, no vma [ 1034.638421] binder: 27100:27105 transaction failed 29189/-3, size 88-24 line 3284 [ 1034.639058] binder: 27100:27105 Release 1 refcount change on invalid ref 3 ret -22 [ 1034.639067] binder: 27100:27105 BC_ACQUIRE_DONE u0000000000000003 no match [ 1034.639075] binder: 27100:27105 got reply transaction with no transaction stack [ 1034.639083] binder: 27100:27105 transaction failed 29201/-71, size 88-24 line 3046 [ 1034.639146] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.639153] binder: 27107:27109 ioctl 40046207 0 returned -16 [ 1034.642098] binder_alloc: 27090: binder_alloc_buf, no vma [ 1034.642118] binder: 27107:27109 transaction failed 29189/-3, size 72-24 line 3284 [ 1034.642135] binder: 27107:27109 ioctl c0306201 20000180 returned -14 [ 1034.645385] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.645392] binder: 27104:27108 ioctl 40046207 0 returned -16 [ 1034.646226] binder_alloc: 27087: binder_alloc_buf, no vma [ 1034.646243] binder: 27104:27108 transaction failed 29189/-3, size 88-24 line 3284 [ 1034.651043] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.651054] binder: 27104:27110 ioctl 40046207 0 returned -16 [ 1034.651589] binder_alloc: 27087: binder_alloc_buf, no vma [ 1034.651609] binder: 27104:27110 transaction failed 29189/-3, size 88-24 line 3284 [ 1034.699592] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.699602] binder: 27112:27117 ioctl 40046207 0 returned -16 [ 1034.704256] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.704265] binder: 27115:27118 ioctl 40046207 0 returned -16 [ 1034.704538] binder_alloc: 27087: binder_alloc_buf, no vma [ 1034.704557] binder: 27115:27118 transaction failed 29189/-3, size 104-24 line 3284 [ 1034.705829] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.705838] binder: 27112:27119 ioctl 40046207 0 returned -16 [ 1034.707441] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.707452] binder: 27115:27120 ioctl 40046207 0 returned -16 [ 1034.707706] binder_alloc: 27087: binder_alloc_buf, no vma [ 1034.707726] binder: 27115:27120 transaction failed 29189/-3, size 104-24 line 3284 [ 1034.750816] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.750828] binder: 27116:27121 ioctl 40046207 0 returned -16 [ 1034.750965] binder: 27116:27121 BC_INCREFS_DONE u0000000000000000 no match [ 1034.750999] binder_alloc: 27090: binder_alloc_buf, no vma [ 1034.751020] binder: 27116:27121 transaction failed 29189/-3, size 0-0 line 3284 [ 1034.751437] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.751445] binder: 27116:27121 ioctl 40046207 0 returned -16 [ 1034.751515] binder: 27116:27121 BC_INCREFS_DONE u0000000000000000 no match [ 1034.751538] binder_alloc: 27090: binder_alloc_buf, no vma [ 1034.751555] binder: 27116:27121 transaction failed 29189/-3, size 0-0 line 3284 [ 1034.752312] binder_alloc: 27090: binder_alloc_buf, no vma [ 1034.752329] binder: 27116:27121 transaction failed 29189/-3, size 96-24 line 3284 [ 1034.765445] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.765457] binder: 27116:27125 ioctl 40046207 0 returned -16 [ 1034.765675] binder: BINDER_SET_CONTEXT_MGR already set [ 1034.765681] binder: 27116:27124 ioctl 40046207 0 returned -16 [ 1034.773042] binder: 27116:27121 BC_INCREFS_DONE u0000000000000000 no match [ 1034.773080] binder_alloc: 27090: binder_alloc_buf, no vma [ 1034.773102] binder: 27116:27121 transaction failed 29189/-3, size 0-0 line 3284 [ 1035.065383] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.071271] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.076764] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.082269] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.087797] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.093504] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.099184] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.104750] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.110290] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.115876] binder: undelivered TRANSACTION_ERROR: 29189 [ 1035.121464] binder: release 27090:27096 transaction 2521 out, still active [ 1035.128463] binder: unexpected work type, 4, not freed [ 1035.133792] binder: unexpected work type, 4, not freed [ 1035.139095] binder: unexpected work type, 4, not freed [ 1035.144400] binder: undelivered TRANSACTION_COMPLETE [ 1035.149584] binder: send failed reply for transaction 2521, target dead [ 1035.156520] binder: send failed reply for transaction 2519, target dead [ 1035.163424] binder: send failed reply for transaction 2517, target dead 16:18:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:05 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a7470000000000000000000000000000000000000000000000000000000000000000000000000e086ae68642204cbf92897c3a23857fce2f42de4b77ecc85fddde63fdb997d73f5608c71"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:05 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r1 = dup2(r0, 0xffffffffffffffff) ioctl$KDDISABIO(r1, 0x4b37) r2 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000009e03000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$TCGETA(r1, 0x5405, &(0x7f0000000200)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:05 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:05 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x501400, 0x0) keyctl$describe(0x6, 0x0, &(0x7f00000000c0)=""/24, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x10, 0x0, &(0x7f0000000000)=[@request_death={0x400c630e, 0x2}], 0x0, 0x0, 0x0}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x0, 0x10001}) 16:18:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1037.587926] binder: 27132:27135 BC_INCREFS_DONE node 2539 has no pending increfs request [ 1037.598775] binder_alloc: 27129: binder_alloc_buf, no vma [ 1037.605291] binder: 27129:27137 transaction failed 29189/-3, size 88-24 line 3284 [ 1037.614160] binder: 27132:27135 got transaction to context manager from process owning it 16:18:05 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/checkreqprot\x00', 0x24000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001440)={0x60, 0x0, &(0x7f0000001380)=[@acquire={0x40046305, 0x2}, @increfs_done={0x40106308, 0x42fe}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/14, 0xe, 0x1, 0x3b}, @fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r3}}, &(0x7f00000002c0)={0x0, 0x28, 0x40}}}], 0x16, 0x0, &(0x7f0000001400)="37d024e804a96c240f1a8e02e320e50b9cb4e0c774ce"}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x6, &(0x7f0000000100)={0x0, &(0x7f00000000c0)}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1037.614175] binder: 27132:27135 transaction failed 29201/-22, size 0-0 line 3129 16:18:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:05 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f00000000c0)=0x3, 0x4) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) 16:18:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) write$binfmt_misc(r2, &(0x7f0000000480)={'syz0', "6b3e1f04337122dcac3a6d8d9d94c489f5a71259b724342484805db43b82ab147e3928fad4dfacb819998f2ef896201cf1614d68b6c92354f3cbed8f92891b0a0b566496fed89732d6312c902d9a8c412088a0f2c0ea3fbef2bde6f5aee88a57455fa008d1163f2b56436990f4864faa1eb499d46bf9f175d798f853cd8044"}, 0x83) ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f0000000140)=0x1) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getegid() setgroups(0x1, &(0x7f0000000200)=[r5]) mount$fuseblk(&(0x7f0000000200)='/dev/loop0\x00', &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='fuseblk\x00', 0x8, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r4, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB="2c64656661756c745f7065726d697373696f6e732cb9a26661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030372c616c6c6f775f6f746865722c616c6c6f775f6f746865722c6d6561737572012c6673757569643d33310000323648372d615232362d596556372d323536642d373732309d6464612c00ff2e19c3f10c166d92fee82fa49d00822bea4fb815aed230f54d4def6eb8f5ad0fc39c1c3ea12b2ec40c1a7320e851cfd5526bd035f3ac3f1ab655557d3dfce48ce41898476983a10bfd98f21d8c7bb101065abba72f5c6cce7433b442bb2e65a462"]) [ 1037.615067] binder: BINDER_SET_CONTEXT_MGR already set [ 1037.615075] binder: 27132:27135 ioctl 40046207 0 returned -16 [ 1037.615410] binder_alloc: 27132: binder_alloc_buf, no vma 16:18:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1037.615428] binder: 27132:27135 transaction failed 29189/-3, size 88-24 line 3284 [ 1037.615609] binder: undelivered TRANSACTION_ERROR: 29189 [ 1037.615628] binder: undelivered TRANSACTION_ERROR: 29201 [ 1037.616036] binder: 27132:27145 BC_INCREFS_DONE node 2546 has no pending increfs request [ 1037.616049] binder: 27132:27145 got transaction to context manager from process owning it [ 1037.616060] binder: 27132:27145 transaction failed 29201/-22, size 0-0 line 3129 [ 1037.616528] binder: BINDER_SET_CONTEXT_MGR already set [ 1037.616535] binder: 27132:27135 ioctl 40046207 0 returned -16 [ 1037.616838] binder: undelivered TRANSACTION_ERROR: 29201 [ 1037.645131] binder: 27146:27148 ioctl 401c5820 20000040 returned -22 [ 1037.678333] binder: 27153:27155 BC_INCREFS_DONE node 2550 has no pending increfs request [ 1037.678344] binder: 27153:27155 got transaction to context manager from process owning it [ 1037.678355] binder: 27153:27155 transaction failed 29201/-22, size 0-0 line 3129 [ 1037.678646] binder: BINDER_SET_CONTEXT_MGR already set [ 1037.678653] binder: 27153:27155 ioctl 40046207 0 returned -16 [ 1037.678873] binder_alloc: 27153: binder_alloc_buf, no vma [ 1037.678888] binder: 27153:27155 transaction failed 29189/-3, size 88-24 line 3284 [ 1037.679231] binder: undelivered TRANSACTION_ERROR: 29201 [ 1037.679306] binder: undelivered TRANSACTION_ERROR: 29189 [ 1037.681102] binder: 27153:27155 BC_INCREFS_DONE node 2553 has no pending increfs request [ 1037.681112] binder: 27153:27155 got transaction to context manager from process owning it [ 1037.681123] binder: 27153:27155 transaction failed 29201/-22, size 0-0 line 3129 [ 1037.681405] binder: BINDER_SET_CONTEXT_MGR already set [ 1037.681413] binder: 27153:27155 ioctl 40046207 0 returned -16 [ 1037.681648] binder: undelivered TRANSACTION_ERROR: 29201 [ 1037.729100] binder: 27160:27162 got transaction with invalid offset (918, min 24 max 88) or object. [ 1037.729138] binder: 27160:27162 transaction failed 29201/-22, size 88-24 line 3379 [ 1037.729903] binder: undelivered TRANSACTION_ERROR: 29201 [ 1037.735273] binder: 27163:27166 BC_INCREFS_DONE node 2559 has no pending increfs request [ 1037.735283] binder: 27163:27166 got transaction to context manager from process owning it [ 1037.735294] binder: 27163:27166 transaction failed 29201/-22, size 0-0 line 3129 [ 1037.735685] binder: BINDER_SET_CONTEXT_MGR already set [ 1037.735691] binder: 27163:27166 ioctl 40046207 0 returned -16 [ 1037.735906] binder_alloc: 27163: binder_alloc_buf, no vma [ 1037.735920] binder: 27163:27166 transaction failed 29189/-3, size 96-24 line 3284 [ 1037.736790] binder: undelivered TRANSACTION_ERROR: 29201 [ 1037.736869] binder: undelivered TRANSACTION_ERROR: 29189 [ 1037.759648] binder: 27163:27168 BC_INCREFS_DONE node 2563 has no pending increfs request [ 1037.759667] binder: 27163:27168 got transaction to context manager from process owning it [ 1037.759679] binder: 27163:27168 transaction failed 29201/-22, size 0-0 line 3129 [ 1037.760131] binder: BINDER_SET_CONTEXT_MGR already set [ 1037.760138] binder: 27163:27168 ioctl 40046207 0 returned -16 [ 1037.760735] binder_alloc: 27163: binder_alloc_buf, no vma [ 1037.760754] binder: 27163:27168 transaction failed 29189/-3, size 96-24 line 3284 [ 1037.761330] binder: undelivered TRANSACTION_ERROR: 29189 16:18:05 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000400000000000000000000852a747000000000", @ANYPTR=&(0x7f0000001380)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007fd2b3970000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000462f3d87e7c7000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000098ef5cae000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3d7f7c572be6e7e5fda08e0133e32f76aef7f0c3b749391268aa77c3f7f480a6de2da59bf98b7d9fb1165a8fbc135a3216c9749c9c25de825616e26cf28ea22e1bd2e6298c77c8aa8de1f466baf68a1de3820abff0bddc43c69fcd51b247a527659017c956621d0f1422bb684d0"], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:05 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) creat(&(0x7f0000000140)='./file0\x00', 0x10) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000200)='/dev/binder#\x00') 16:18:05 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1037.761355] binder: undelivered TRANSACTION_ERROR: 29201 [ 1038.078192] binder: undelivered TRANSACTION_ERROR: 29189 [ 1038.094625] binder: 27177:27179 got transaction with invalid offset (918, min 24 max 88) or object. [ 1038.107178] binder: 27177:27179 transaction failed 29201/-22, size 88-24 line 3379 [ 1038.116128] binder: 27180:27184 got transaction with invalid parent offset or type [ 1038.116166] binder: 27180:27184 transaction failed 29201/-22, size 96-24 line 3454 [ 1038.116691] binder: 27182:27185 got transaction with invalid offset (918, min 24 max 88) or object. [ 1038.116720] binder: 27182:27185 transaction failed 29201/-22, size 88-24 line 3379 [ 1038.116874] binder: undelivered TRANSACTION_ERROR: 29201 [ 1038.117514] binder: undelivered TRANSACTION_ERROR: 29201 [ 1038.133859] binder: 27180:27187 got transaction with invalid parent offset or type [ 1038.133898] binder: 27180:27187 transaction failed 29201/-22, size 96-24 line 3454 [ 1038.150565] binder: undelivered TRANSACTION_ERROR: 29201 [ 1038.201587] binder: undelivered TRANSACTION_ERROR: 29201 16:18:08 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:08 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x1032c0, 0x0) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000200)={0x7ff, 0x9, 0x9af, 0x6, 0x8, 0x5}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000080852a74701f0000000244e13d443d9407dc43eb5e", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a627300000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000000000000000852a747000"/96], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="007ccf3e76708bcd4500004000000000380000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:08 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "5b8ec56eff628eb4", "2449350d3c74a912ed7d90fda8179e24", "fc88053c", "cb27dfff62215275"}, 0x28) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000a22a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:08 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040), 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:08 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) msync(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000020000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 1040.603034] binder: 27193:27197 got transaction with invalid offset (-3635688621009306624, min 0 max 96) or object. [ 1040.604870] audit: type=1400 audit(1575044288.120:29): avc: denied { write } for pid=27194 comm="syz-executor.3" name="net" dev="proc" ino=88764 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 16:18:08 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$nbd(r3, &(0x7f0000001380)={0x67446698, 0x0, 0x4, 0x4, 0x4, "f0723e6ff0951829405e093d984a3e38b4d902fb493d708ae248dff5911a9d2b404ba89eed79b76499590690d2d56a52a11d4302b0f761f0ae5d0b9b3dace97664fb8495ec08fd1013f01563444110e5a7e39c1ca0e56389071ca96d62b223cda5bbf3d46ac3fc579fbf6e86f94cb82a250935be121a959b0b3375ec904a52339190989d84bf8e14ab6ea8297c4d7876d27e96b5ca34eca6f86b54b815e4df895058c61b3ecd020a0c00f5ab5631a477478adf0e1ec95d71ab4df6a55bd3683b565d9b9476d0499c9a8beaa15b83a80f05215eb7eb1d683241f13e168936827d4ddb29b6d6fe0e0f94256cf9e1ba339d5371286a4645a63170d79df96eb83df6818dfda884675bf710bc003c1317d053a4999682da45d5c2db213c3399e5e4e6d99b23269bf00f48390bb16c9582d0d9f9d8e0c989d785dee38781f2dd4f4d0395fe940aae53734bdbec1a0670e620c251c7595ab0fdbf575a68eb490ec72e270756dbe415ceae04fdb39c96c7b68b249cfa7eb023c50b7ca8b1a4cbaf4b4453ffe303e5e64408984b20960412b6c3896a5777966fa62e1909128ec0301b2a591fb29ad8c125b28d2336b380b227d50aad6ea4f1508c253ef81c582ab1ae075f036bd4755ea443c4c892b220fb8815792d8dde9120f19214a33aac6ad990de64cd03b56258c0197f5671ec5c89e7826d182056217f48690c500a04f766bbc6a1fa88889ce0de986866185933115e6c7059f5ba0bb3e0f4c5dabf3d817711a9396d9fd09e62472b117b0b0b165a3f58be9a60733b4a4b28345cefbafd8e1681b43b4f4a2088d88dc10cfec31a560faa1433291c747f245724f9490a001a801410348f364aefc926ffb563a583944dffe301095225228559904ddca82db164e1cc7044986c29db2aa5d6ae4276a1199de57043e5b3dd4734b6f656bcd3b0fb2c2784eeed649f6db642091e76d3014000d13cbbce3bbd25afb9a9cca31532d6f47ac5a1430fb44ce3c4fd67a351766ad92d69392ae790f3404ef73e7f436b4ebca70ac52b6250ae063d824b6428b75206b1e363b98096456611eaab2901406970d2c6df3b95ef8253750d45b55b290b320e2bda97a7663d4f43b65dbdb5067a99c2cdf48930dcfc7c8e51c46198051f20ae5bcc57bbbcca796c03ba21954cdcbca699c317493a585bbd59c8e99cb8c1b4d52664b991662f09fd99a9f832d294062ca230d1a0dbda1b67e1f9851d17ebd3b8a9cb11118fc58b0220f2973f697833d87f2430ee1632cd929bff483daf813edba4500e2144afba0d2d57a020c5ee1d33e4054d9406509210a3105d2cbad0bd7defde489d625ec410aaf567849b3068072818a0e3096b29ac6c45636bcbbefb9175435166d4c0c98b76a133529dbabdd9106c1e102b988b8b6f8d4291f92ed726fe825c9a087fc80f50110b9443e2ab26637e3c7aa649d289489d2bdc2816731e416bd08b2114c04b916670670a316a3679ff50f54baa0118d6697eb93d1cf4c750ab86a9226e1120c9fd2e3b28e484edb2102eb07cd649cfddef17ab7cce4ad4c6f0e59791a365acc85ec050577e62af5dae009970fe987016f2dd0a903e045f215c3c8580cfa0f6271e7bfd2ec024415879697358bad6070d2c08f17ec137ce39f25f7a393e672a8156fcd6543136792aef7197fad171c60cf171f72f7003505d0079cdb95d758c5aad1178adcee0f20d25283866895e79745079fcd29a1469117a3dc26962fc7788157314d0ad8a6bd50daf7a42fe669f39b918d46c3ba02e1cf61ffb57604f81e12b60f38c26555c14ebe6fb07bfc2d22ec6e50dd543b4e8e232b9fa9f55027c56ecb35eb21d9138bf847a84d704d9beb234b7e7d1e35ed36fa3e6e0e88bf8f95655ace907fac3fe8c7b0ed75828ac946c2d25e68d2f9568516b91c5f5e3e7347b06f05814eda110b30186d41ae41872f17dbae95b898c8e89f45567d7bf424ecdd3a7e3842a01d254ab8d1881fd5ef1ba88b7811d4f6f800db035263ed126d9c12fc154cd3b67d192513b99d395fcc1f26bf2b59809075cdde481d7c603cf0a700523448c369da6812ea155a8d5c55686dfcb286381878abd1e37b8fdf28b7f6b0b90e2750673938e416853f437f59876d15323950e882fbbe42ff429fc0c93f7dad9dec3896f85336a8b254cea70f2923f581bc34aa4453b5d89485accd06cc7964b803e3d4bdd008216c365c9016fc1b9577f1cadae067c10eb4e45a1905060e58755a18fbc6f3f8eb412787417688798e6a617df20c180e91617572138fda577c169c93956f9e68de5370ec76d30d2a6e3186e870ce27b838ca8e9db30aad862e5c41bc5c0068ed9eaa011d9d718b84b8de50079f1517dda55af87931d28eee9c3e065a13c21913c60b1fc88a104c8d9da3e23180f2ec277e9cd3d3841c420b2bb4a33fbb9650ade7ef1d55e73e5fd4e0fb4829096be03bdb4212548cbec7502ddf9e988c3e00427928f73d4f998ac74fc0fa3acd4ad86edbca2925b6176ef73a7a854cb87b21f2d7b29c59ac3188469d2094ec7dacc85ad384483c177caa0a3b706e9a43db16a6495f0d1b84544bd40921e1b53a65c583e447f2662418a8534cd282ca71884132b8b2d4dab41ca0978baf39042bdd9655f890c72c8f6f994e88b73cc6d3c35ac67e51ed619f366c48a8596ad7e22382ca087858c1144c31c85059535ffc0cb66f50864adc299e2df9049b7a879992faa74b9d32c09d22e6d643495dfc3777ecd8cb1add83327895514d05010fb0a8d8d22015694e3bc1c0bb931ef2cc528c32f484c03b155ab3341da9c16d4c089435a5f4556b117ad41b9a53194de8462ea6990d5361f843986742d83fa495808d190394dd0609aadbbc76dc9ca4a0b7e67fec1878f388e1d54e2e12840b25c276597a004422c95a5341ea8ad5f40ec6d5bfb2602e0194818feaa6bcc1b87702ffbcfa11c93e25c38b14f4d2307248ee7349ec19139b71bfab75bd9576336b4d6d468421fb52a593e38a4e3567d7d00c7f143f085d6f6e2bb8938ed034fbe71b2779236af3feaa685bbfd100bc4d4f85b22ba4264ed4e8e80057d74042142e3063cdc52444d063d12f9c866e5eb4665e8d9bd5e87324844725ac6540b4c750084f867e4a308cf1030cd01177d998a66f4f01b7259101e01148ec3eed19f7738a7a347bcf035dee1008395279fb7dc94c6171c4400562f8930658d468b310dcfd6e0c4bf405cc93dac2870370de99c85799a0df1eb4959029e7694a2acede2593940dee78fc4c879523d079d2b5b3b6bc132431692daa1a07aa2822d5d30efd6ab7119af482829e5358d008765b5a44a50332261319067dcf5e4264c5cc6b4f93c6d225a6323951892e92b0281ac2fbe67f601e46ce550ee72c3a277eda54458cc4d9f7c3508976ead5c2cf0f3ecf4fb221ddc282681f830eb43fc8f2e26177a54b360ffc28a4f8f18063a4b9c30c85b681968688091f847071c72825a762e043e4e38476af9fb3e3d064252c8d8bab135315f4c027921c377f55887ae2a17ac9e2091a3f8e62162c53014c883079f37040e9950219df778c4df14dede473176c3708cd6172d6002b79ecac2db6af5854da36d756c1890f1c7013c40881ee4a61306bc0f477f2d151fa930c692d8b20b1d69882aeb401a73ac9417a3b4ff1cc4ae1b91896c43f24ee23348b4c23cb452c01502efe567ac636ba9ba8482ae0dad1be16d7032912a1597bd52ef16a6d232613a2faaea9cb1b26d74cb534233085723ff960627997af522906c4fd62d91b2b4c873a25c4e51af6d57c7f80b7a5d24f6f1bff9bb08de30e23a901f9753b4ffaff274f23879a54a4773df92aed3e59f30d05c881daaeb3780ac00c8ffd776f6f6823ebd1d61dbb7c875f345a286496d29c8680f8ced20a77e7405634c822273cf5863f5904774a16842a518eac6eba574e160dd9d27db0a728c46f9ca24ac194f80cf13095f71d25c7ef2d50e506b7a7db588107e3b28c1bfc918b9da1284d9972e79161f668141a4e2980165091159ae6425795fca221bf742bbb75b9194e2dbcb5f92df9bcd22b36f7ad3e6cf0b8a3384d4424bafa5598bdce1c86e1e34874729d258ba8b94c98c2c60fedcf9000c723f22be6fb21504ef7411f7af7e9fca89671529e0c83af598a4bec980c6033c23cd77bcca8633863d6ddf2daeb0c5ad581953f08923e5d3140887ece64b4df16cd24dd815ce9237337276603fdd914d9531b5c86d6d985dfa2224ed6d442f434395fe73c6b5d08913f466e63297826b8a05f08e91841d0bea7a03348a64fd772730582680e0d78da7a38e4249b32253bfdc49e06e966ee227e40ea070f829eb6788c8390c059eafd99fd1baadc902a0abdd028a8aa0fe9fb61750c6e4f2bf23fa28d272fd40c84672b8ab1c080541156748b446175742e6fa0b2199fe8c07575368a277c0409d84c07d31563ddb54592ea0fa405bdca06c5bc81c6ae752c4478e03381ad8e7a1b373bcf2f2d78e041d75fb6a0dff8a25c2980718c6f7cb424ee51bf0816dd3161c29e05980053519c35125bc5d2477e99f30f8f262dbbc5de18ec58a8582b3387c9167f89d93b87dae2b9c7d3774c781ffabffc6b9944834b44c2c38dc61e862bbee6772fa1afef6e40bb7375bc217653de1dbed72618fbc795d4afeac976fb500467b9a9a873f63ad6a9b2291a0252a1e0086353d152e5352241b64668b59cdef8f27ac0e78e7ee1f6da646e59be8bc6625cce47441f6362b6814ed8e78aa477d14bb7b9d4906658e7c5d1e62b972e2308918d096e2f4aab5f6c825526df261b5734005ebbeaba657d8237babd63113fa03b35340a7a955d20fb6b1787c849d5f357381f77c6b2b5b76081a58805a2945960bbd58fce8e8b3829a75cad822a51c0554be73578bae1e1944add01c3af5c98ba3b33f5011c04d472568080cc9d0757b12c160800f43a50a611e4411177dc4a9f165d49793c4f0ee4e5bede98acc7174bdf675373412be1c615519a49bddfb60ad31f3c11d3a19b1837301e1f69ea2abc1089c22273d1492b03b88d07c43ca08cd6780e6d530d07fb774385f325d5e9177e7751aa77ce984d9e4d2d424b7c811b3141a52a82a31b46c1a0c9b6b71cf5b8bb3160cc362c13159a27e1395b632f817ef0601467e8cbed4839e4390ff8ad4175a1a4a05476a9240a994e8dcd5889982e175e3e8960ee0a05c87b075e0ed99d46e0009a94901b011413b187b245377863a65ea3c8f2684487a179849a09cfd4227c65d3dfd50fb37e18c221a09a02826edbd005fe20286bbbc6e10babeb647bcf9f11aa56beeee4265c4e4ad362b3d987ca8b34457d2a9427bf62cb2caf0809be33c639bb13aec595c5a770f4d64798c83ed417a82f7d90ce3c3ecbab807dbb92d3728dbe08b3f6ee19779cb96cf9a9d23e4588008cbd91c36be3b08f9d431006bfb3964845c6cfdeee900e032085d57307cbd4f5cc815bcb546bb37dfa63084ae2e18488c36e9ebc7dc2400a852aa48fd15a6c83cbf0b30063aedc896fdad92b2774564f3e828e06524c46daf0011095470489d576b86f7a735eeb6cb64b04690595dd20703b42686f8706ddb06b97e48aff73fd5b2159d9fb9e660f9380ff324846c4fca0b83a2ab34897b7a2ab4ced90abb08f3f419208a4e7f83d07ce02d11ac68a7b7bb250267929f24b4c1699afca19a70787aa59fbbe248820c6c9fbf90f914dfa0cedbc39bfc5155f761fb3ef3e0254c4e34d46224347d1c2c52b83700db78ef999c3c87"}, 0x1010) write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) sendto$inet(r2, &(0x7f0000000200), 0x0, 0x40000011, &(0x7f0000000240)={0x2, 0x9, @loopback}, 0x10) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet6_MRT6_ADD_MFC(r4, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e21, 0xab55, @dev={0xfe, 0x80, [], 0xb}, 0x9}, {0xa, 0x4e20, 0x2, @local, 0x5aa}, 0x8001, [0x5, 0x3, 0x9, 0xffffffff, 0x4, 0x100, 0x5, 0x100]}, 0x5c) [ 1040.605452] audit: type=1400 audit(1575044288.120:30): avc: denied { add_name } for pid=27194 comm="syz-executor.3" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=dir permissive=1 [ 1040.606833] audit: type=1400 audit(1575044288.120:31): avc: denied { create } for pid=27194 comm="syz-executor.3" name="pfkey" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:insmod_t:s0 tclass=file permissive=1 [ 1040.608710] binder: 27194:27202 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.608747] binder: 27194:27202 transaction failed 29201/-22, size 88-24 line 3379 16:18:08 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:08 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f00000000c0)=""/124) ioctl$NS_GET_NSTYPE(r1, 0xb703, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:08 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="001000000000000000000000000000000000000000000000852a646600000000", @ANYRES32=r2, @ANYBLOB="000000dc22000000000000750000"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000004000000000000000"], @ANYBLOB="0004000000000000"], 0x0, 0x0, 0x0}) 16:18:08 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = dup2(r0, r1) getsockopt$ARPT_SO_GET_INFO(r2, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000140)=0x44) [ 1040.608907] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.611164] binder: 27194:27205 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.611201] binder: 27194:27205 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.611421] binder: undelivered TRANSACTION_ERROR: 29201 16:18:08 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096020000000003003000002000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/fib_trie\x00') r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x30, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x10, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4}}}]}, 0x30}}, 0x0) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000100)={@mcast2, r5}, 0x14) [ 1040.617953] binder: 27195:27200 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.617986] binder: 27195:27200 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.618171] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.658000] binder: 27208:27210 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.658104] binder: 27208:27210 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.658270] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.695339] binder: 27212:27214 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.695415] binder: 27212:27214 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.696079] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.698393] binder: 27212:27215 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.698430] binder: 27212:27215 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.699047] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.783321] binder: 27219:27221 got transaction with too large buffer [ 1040.783363] binder: 27219:27221 transaction failed 29201/-22, size 88-24 line 3493 [ 1040.783624] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.784467] binder: 27217:27222 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.784517] binder: 27217:27222 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.784988] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.839850] binder: 27227:27229 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.839890] binder: 27227:27229 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.840188] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.852073] binder: 27227:27232 got transaction with invalid offset (918, min 24 max 88) or object. [ 1040.852114] binder: 27227:27232 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.852425] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.883489] binder: 27231:27233 got transaction with invalid offset (844424930132630, min 24 max 88) or object. [ 1040.883530] binder: 27231:27233 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.885200] binder: undelivered TRANSACTION_ERROR: 29201 [ 1040.896002] binder: 27231:27236 got transaction with invalid offset (844424930132630, min 24 max 88) or object. [ 1040.896045] binder: 27231:27236 transaction failed 29201/-22, size 88-24 line 3379 [ 1040.897417] binder: undelivered TRANSACTION_ERROR: 29201 [ 1041.066467] binder: 27193:27197 transaction failed 29201/-22, size 96-24 line 3379 [ 1041.076980] binder: undelivered TRANSACTION_ERROR: 29201 [ 1041.082607] binder: BINDER_SET_CONTEXT_MGR already set [ 1041.088268] binder: 27193:27238 ioctl 40046207 0 returned -16 16:18:11 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:11 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/mls\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f0000000200)={0x1, 0x70, 0xe0, 0x1, 0xff, 0x1, 0x0, 0x2, 0x98001, 0x4, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x3f, 0x6, @perf_bp={&(0x7f0000000100), 0x1}, 0x20000, 0xcfaf, 0x2, 0xb, 0x9, 0x0, 0x1000}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040), 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:11 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f00000000c0)={0xfffffffffffffcfd, 0xf, 0x3, {{0x39, 0x2}, 0x1}}, 0xffffffffffffff71) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) r2 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$TIOCSERGETLSR(r4, 0x5459, &(0x7f0000000000)) r5 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r6 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r7, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r7, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r8, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r8, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x20, 0x0, &(0x7f0000000200)=ANY=[@ANYPTR64=&(0x7f0000001500)=ANY=[@ANYBLOB="a2bae1d4e37d5f1ec574a8cf4be5b6996ad55c30fe88941058c3bd1d01388b11ae3cc4d0b1495cb3c5ab7f435ec28c55a6e90503f0eabf9ad25a3e2f3d397a3a696143fecf4b0ab91af149e8fc7fc1a38a395e64aaacc51d3294f1add6606b0e211c2a460bbd694b9ea0502a2c83fa9ffda17708252dc4d1039d3360026f0b5ef135e0f797be38f3c1fa3dfe80ff137ba7829b11a86bec2913ccb867373ece126dc8a0e9edd92e7fb1c3", @ANYRESHEX=r8], @ANYPTR=&(0x7f0000001380)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a74700000000025de0fbc9884c3154da6a41ec0790ed40ec87a3a1957541734f8af28112949b83c04dc0fbf2979d265b7a3eaa7526fbceced266f7d79974421626f2b34a28073b10a0876c528f3aaddbb55ac3bfb9d5c1245ff0855e6da9a7c8a09dc084980c6a9edfe4d9202903dfaa8c9c31e098f85ffc10bdba8501000183baaf6dc5ce0ea24", @ANYPTR=&(0x7f0000001480)=ANY=[@ANYRES32=r6, @ANYRESOCT, @ANYRES32=r7, @ANYRESDEC=r2, @ANYRESDEC=0x0, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYRESHEX]], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0xfffffffffffffffd) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:11 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000100000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 1043.623983] binder_alloc: 27244: binder_alloc_buf, no vma [ 1043.628523] binder: BINDER_SET_CONTEXT_MGR already set [ 1043.628532] binder: 27243:27247 ioctl 40046207 0 returned -16 [ 1043.628671] binder: 27243:27247 BC_INCREFS_DONE u0000000000000000 no match [ 1043.629086] binder: 27241:27248 got transaction with invalid offset (918, min 24 max 88) or object. [ 1043.629124] binder: 27241:27248 transaction failed 29201/-22, size 88-24 line 3379 16:18:11 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1043.629304] binder: undelivered TRANSACTION_ERROR: 29201 [ 1043.629548] binder: BINDER_SET_CONTEXT_MGR already set [ 1043.629555] binder: 27243:27247 ioctl 40046207 0 returned -16 16:18:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040), 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1043.629911] binder: 27243:27247 BC_INCREFS_DONE u0000000000000000 no match [ 1043.631270] binder: 27243:27247 unknown command 536876288 [ 1043.631277] binder: 27243:27247 ioctl c0306201 20000180 returned -22 [ 1043.631518] binder: release 27243:27247 transaction 2643 out, still active [ 1043.631522] binder: undelivered TRANSACTION_COMPLETE [ 1043.631606] binder: release 27243:27247 transaction 2647 out, still active [ 1043.631609] binder: undelivered TRANSACTION_COMPLETE [ 1043.634951] binder: send failed reply for transaction 2643, target dead [ 1043.634959] binder: send failed reply for transaction 2647, target dead [ 1043.636271] binder: BINDER_SET_CONTEXT_MGR already set [ 1043.636280] binder: 27243:27247 ioctl 40046207 0 returned -16 [ 1043.636315] binder: 27243:27251 BC_INCREFS_DONE u0000000000000000 no match [ 1043.636487] binder: BINDER_SET_CONTEXT_MGR already set [ 1043.636493] binder: 27243:27251 ioctl 40046207 0 returned -16 [ 1043.636683] binder: 27243:27247 BC_INCREFS_DONE u0000000000000000 no match [ 1043.637390] binder: 27241:27250 got transaction with invalid offset (918, min 24 max 88) or object. [ 1043.637425] binder: 27241:27250 transaction failed 29201/-22, size 88-24 line 3379 [ 1043.639914] binder: undelivered TRANSACTION_ERROR: 29201 16:18:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1043.640203] binder: 27243:27251 unknown command 536876288 [ 1043.640213] binder: 27243:27251 ioctl c0306201 20000180 returned -22 [ 1043.640638] binder: release 27243:27247 transaction 2651 out, still active [ 1043.640641] binder: undelivered TRANSACTION_COMPLETE [ 1043.640680] binder: release 27243:27251 transaction 2650 out, still active [ 1043.640683] binder: undelivered TRANSACTION_COMPLETE [ 1043.644605] binder: send failed reply for transaction 2650, target dead [ 1043.644613] binder: send failed reply for transaction 2651, target dead [ 1043.709473] binder: 27256:27257 got transaction with invalid offset (918, min 24 max 88) or object. [ 1043.709512] binder: 27256:27257 transaction failed 29201/-22, size 88-24 line 3379 [ 1043.709751] binder: undelivered TRANSACTION_ERROR: 29201 [ 1043.715814] binder: 27256:27258 got transaction with invalid offset (918, min 24 max 88) or object. 16:18:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1043.715857] binder: 27256:27258 transaction failed 29201/-22, size 88-24 line 3379 [ 1043.716166] binder: undelivered TRANSACTION_ERROR: 29201 [ 1044.269210] binder: 27244:27245 transaction failed 29189/-3, size 96-24 line 3284 [ 1044.279614] binder: undelivered TRANSACTION_ERROR: 29189 [ 1044.292810] binder_alloc: 27244: binder_alloc_buf, no vma 16:18:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:11 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1044.298588] binder: 27244:27276 transaction failed 29189/-3, size 96-24 line 3284 [ 1044.307483] binder: undelivered TRANSACTION_ERROR: 29189 [ 1044.373196] binder: 27280:27284 got transaction with invalid parent offset or type [ 1044.391338] binder: 27280:27284 transaction failed 29201/-22, size 96-24 line 3454 [ 1044.410567] binder: undelivered TRANSACTION_ERROR: 29201 16:18:14 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:14 executing program 4: openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/attr/current\x00', 0x2, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:14 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r5 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000340)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer={0x40086303, r5}], 0x0, 0x0, 0x0}) r6 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r7, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r7, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) sendmmsg$sock(r7, &(0x7f0000003d40)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000000)="da15", 0x2}, {&(0x7f0000000040)="135713b8440b611377210580193d10e5e62ea775376e6e4824", 0x19}, {&(0x7f0000000400)="506a82423677256d0ff56c7b03581cb012c5571c44a5cc8fe665a90c8611033a107f59b32379550330570a04ef9f24e64c76e3bf2a71fa7692e4ec06ce0f6f5dfc24d9033265973b6c98c10bfd57a196e1d244eb09a6da6c9c59f8a1bad4096dacf79f77c3cf92974a263d6201abc3e01db995a7715e5b9c83f6905dda248d5adb745308ad1b7da7321800806e655b41a89ef97f4af8f85086e4543a556bf1e800ecf83c4140e3e92d38a72bd82395639a8ad999ffec304c73736b34a94d04fdea843a3bb73dc4f486fead53dbd64816b74e3c474fd8078f399b20a602e38426781004c61d5b66b8ee77368b15ed393c135e0e713d", 0xf5}, {&(0x7f0000000500)="92cb77b797b2fdf11878300ed62ea754076cc8294715c906ed57a76a233b65ab1708920a19d41869e8272c5bb8454937edcba423da3848671e9be65365a65ffde040a52fea7538a041b5aa9ac08483cb64e24b5eb35d025913239d63743a7c0b7f4469c55b2ea4467ea9a6d951d1e64b83f90ebc6b36cead61f578958cc9754922ad7fb0f7e8a2c49344b56eaeaeb91cba317b3427dfcb981d911c8335b20854666cafa478ca4b8f417fba30f644a4c5c26bb4db3f3a539f0b5536bbd8bc0d9d69e06d551f2815c5745a337fb8f1e7b0cf0d53", 0xd3}, {&(0x7f0000003ec0)="2386476c9d8ffbb65ab484ad74534242d74680a9800c7f039ea773ebcb4f5baf3ba9aa10e72280c59a5ab1edfb4137cf0742b409e5c9edb8b59253ddb0b8c03d66bc59da88ee26ad290c44dbaeb9e46f3c142aa4b4a14a895adc3a1c595873622209dd2e8fcebabf407314a6811e53da414b3a586b233b977de85ecf15b14649f86bcaf93b1dc02aa4f4f05845220f4393f5eccff9ba5836b480777453b881e4f10aec94a0c5d5d7c501961a31a05145ca46180e2c02b38a3d027a57f18594e319adc2ce20f46ccb95b4aa5bf370558243a3dfbb22b0734f6558f76e9ee8a07a9999d2fae777796f1c7be37ce0ccd5e83341a8cbaaa9e577c73f43f9681698ac3566", 0x102}], 0x5, &(0x7f0000000700)=[@timestamping={{0x14, 0x1, 0x25, 0xd927}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @timestamping={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @timestamping={{0x14, 0x1, 0x25, 0x8000}}, @mark={{0x14, 0x1, 0x24, 0x80}}], 0x90}}, {{&(0x7f00000007c0)=@in={0x2, 0x4e20, @broadcast}, 0x80, &(0x7f0000000c00)=[{&(0x7f0000000840)="2372c9161da191c2b09fdc125e0447b4faaa795ea40841541c50f0f651dd529b90c967f9ba3ad22a6f84645352c49665d4da9aa78b00ebbf6c1d78dfb70bd6c5eb7f1d61ccb02d0694ce6f71de2cbaa89c0fe1cda6a02db16e501bceee3a7703e0e0a8254c01a7374943973dc8bdf6944fe8cced74ed2877adfb1a612c62856ac4d7d0b1411eba0c6eb049a7ff96abcdfa8a6b5357c3a7426f00e209337e0901a4de138d6aa7606b2ef55d88fffb9b754aab79658dcc852de2b89e8300e57a29cb047853ab", 0xc5}, {&(0x7f0000000940)="7436909073d8c48b9df03193d8488e4e583bf9a11668c6c3111e7fa337a1ea5a093c6f0e39dc92a080f3da3e51c1f09bfb837c65f4a0a38ae7a2969f22af4294a77804852e1a6795e37ed9810594d81cd79dd81926bc12b8f27fb04df06f80f9ebcf4ee20eca0e6172bf71bc002602fc72844e6b40aa6b0188104046bf9493f5d94036e1c8de38317e31c8554e985550e0cd16d78f79120d0e426fdfaee7455c9ce489bb10a4e511c3646374892e4c06eaa746f150eb5b59098a64d86cb956edd3dba060dfd6085fbb95bd1c353a2d7778a57ef6", 0xd4}, {&(0x7f0000001800)="4059c400b4750543573957a3a69c773478af529830489b2294930dc1f6a591171fabfcb3cdccf97c29a6ad042dc57fa0ab1f0fa93d1516ef9b14ae892f9bc90f7f6459fdcffcb9b6e36d8150bf16709b467b0205307244f5bc2a3660f656a67a219c3e4d8ec3fe3543de3ddac2e69d20af0aeac7ed0abccf0d334eebef517e7617e38d29e9692815ef81161ab60650cd45064943dfcc16cf7065fc1ea7397392c376bb8a33ff4846af2fc2c19fd28342359099f95568ad38287538f7404496a45ba44747e5f6df5a06efbce074dcd62e0db788a113e8f03b62ad8cdadb99623f76db2b5d1dae5c59bc8a4ffa99b5e7513034a431f0d95878c30b4bba576cb69cf3dfd8f68acc6240c245e8175c22c39dab503b92a754a3b6b2a8552691e1147a14585777e432efd36cd82a4a8ab49b25660778ea28baf4712925c10e308f4be96482f0c1ea5cd0235e4b5e5689c64696090acfac5593a3fb25e44f8a833d1f723f248f9070d7d3b023b288bf60f1f11cc5cd15a4db5b492c18fc7cc0daa760c7ecb4833e7329ca914344c3de5fc7150a130715210132f7776e2a7ab8301ecd13df6386ec7a81b771d8add40b5783cb1413b650fadbf5f0e34132ab28b53f750e29d826381b05aa42dfa179be265aab2c87da7dc94d7acefb32a4c8d60730ef8e218c68d5928368ea2731fc6ee9a5a8c3b1354ce85e44b158cb41d9ba3b4321e8da4075eaf1856d4e5104412c8335a4e71a25a72e452222b3208f5bbfa6d635d0aceebf1a408e99ff539631113735c7253e78bccb00127ff5be131e1b9b760ff52ff06c5157e111e24405c521ee0798aba5fa400cf6248a479c04ca545e7ed687efce0a83225ad6fb357d87f627fb72982192bdbfd90bfa674330737e64f10810c8c280e370d4d873d3c601aa8659480ce6fb5dc1548a1866a6f2cef37928d6956f6d05e41dbae8dbe4ef7b3acea1ba148fe168b65fbf76739b0f0dcb61fefeedb05104dfbdda2b34c27f0c6e0e5360251914a01443d8d4b8752d8c680fa4d1c21015036632758fbe7d49be7edd57fe34956ad048a2a952d84f244fa3a75d386b3a6dc080e7a78b60888e03798dbf8557787339cb529ebd95c38afb817019d9008b626c8c24247d29a3dd70cf9c7d054288348fd30231cafcade0710cab99753d0169d6da7a5d6b3c800d0eb7d182c73f2ad4225d2aaf5ad4ed8fc01d8ea4a38c8a7df0cbd958654c8c841b2676211b82d82b61b2d8c51189a38ba419d83b7587f07809a1f2c9df66406d7bfe3200176f1840aca99e6545019894d5323ad142ac8fd7bc481d24ae77b2044857b9c0bfe09f3e195b78c1b60ec0347afe78ee13fa381e72d88e326f9a2523ce6dbc531ac3bac5f6df3a060744303e3fe6166f1a4cda9d52133d0e6918fc390cec3024afe4ca253605992aecfde8f801ef9caa6bdd971b574aca591a2b86242fa72773714b228b689b76d78bcd9234b6b8b802ceaf2f9fab55d0fde19d363d4821dc1c4661da092cba07f320afcd6bb477008b0b27cff10a21576b1bf22da94e5ab2535d27734e51351e2bb5377d5ac84afbf26aa180a0be13e297fdabd82ebc4352338cbeb131ac35edfc0b86dce744c2fcacf2c7709845a14172c56520d59cdb4e9f61b3ffad440ab371bf9d7a5e88167442f546608591038aaf478a075eb6c439d27de7a6d0e4b36ca76b4a7c7c58a7d59047afafaac23cb64fbdec8c482ba1faea86358cf5de4be4889ab3cb99a2325fc564e3853aa866b4127ada0a31e8c63f5e7c0148385ea69e56740f0aca2c861507b91e51cf0a54c08206d1ed6432d09156bffbbf00d2b60a41cdb53b93ef91a52560219c276a2576a10b4d4c9fa2c50b1928e8c3cfb3ef2da5b557cbc3a657c5adde5676de6f5e2f96b29df88ce991cfffbfa0929f39accbaa446a167d4cf6b7eabf989434ce39dcaa8c3dc580d356098149e314ba6b11b2a02dc136d4af2d5d2c3318201ebed15a6a25ae634cb7e03f01ee7bfc006b48d30b6e724591e24775c4dd621dd687be671fad3fab89165a983b81201b83e3bcb3e484351ac87b4469dd5f0765979bbd0cd2f4f8cf98a2cfc9f1121fda105c9b02c8d86077306103dc6f7177ad9697d014c4efda204698d53376347d2331e346ccfa14126fe0632298820a0bd805807ccb4cce26145322e646d4e7595c6b2a83167690c6056762aabea551f71a31d861e87adbf3d90901abe5c0e81ae79206a42c7de53c8b8c85b9352666028516e3f0fd97bdb290d7b0d67c7492a97cade309891c949b95fa7c863c3adc56bce9ea0306e5d5ca8f462473692936e123fcd0441167771f717c398c59d8307982c00f3b0f943e63fe7ef58c49a38d0e214cd8c5c57a1af21a18c4b86c4a29be6c0622c3b3eefd9c1c94ec949bd3eb51b16f0ca6ea1d562b9974d3124c03dd02c0d997c653b1905d63d60bce77f59c103911cd89ba1758d0e0145a9f7bbbb883b820b29d0dc82df836140cb0a33e237124f2a04a42d3626a39a95c0c1728bd9503b5356ef614841b7125a49df5156ab1dbbcb8ed2437964aa26cfaf7778e8496031fa8e1d2d3621c0e31085c9545daddedf87cbde9822da78c7c3c617149a36d5590f9bbb6a758f06e7452c517b127ae3be3bd814672a7c87dbd5ec5dd3692e4798701a38b8fee81ffc7ca0dddfb369c568f9ff544d39b105e7ed7ca98c94ad3098d2246e61cb5c4be144145a581c1f44936b03de0c5eb0927a5d6bb3928fa04ec91ab085c7718127f04a993b72bebbb5da6b2ed6df8591419688ba47f5a6b80857fa8e850765a1cac6dcbdd9396e6f1bc2beb4a668072c731130368faab0ebc2ef8e327f4dfc6bc1d97f599a16a36b483236885a97b3b728a185b817481a04148acb00869ef130ef35003f4489948d818e671e8537b499ee3ec6a0d7b541dd048767ac4bf182f66e2453cc3e989ae5ea75fbaaaa9aa34da4d7035e5cc07bc887385c99181d95d4eed24516fd7a5c7c79f39d6c6b5cab9c7d0d297ea4822bc00b4bb6089ce1498bb1b9fa4a49ac58fef4fa40a171a1b56f4e9627288b22ef350cd2ff0886f20c6751a602abc8b81e432660f314fc4cc59405043cd766b0b84460b2d26aed59e777ce1d77b532fcbd177b1d09a3424f112ad0dfb8ae6ce9382a8a448aab8d343c2e85a3edcf5cdb53c8e7c55c4b950c895cc98e5f924b6c40f69b2cc66fbdea5e47145279f4c0c87ba2f0907bea8a10ed2e1d4e14f61e4ca28a3bba6e71c74a618570776adf7545fd351b054529a25c01aad83c76250f8259b08b2afacc49ae3d8ad74efbae203176557e215ff34dc18e8107a3de5b87fa10c667e59fcc772d6a26aee5920d923f078e17a14cf0c64e34496f74a316998953bca7cd5a7cdda3ae62aed756f8dffb2d397bc6ca984c0645f3b2816971c331e5c920ff785dceb7d386525f1bf08cd8d0ce1484aedda0b9cc753f157c19b062fef39c25fcbe8f61cbdc8b5a209e42792babf2ac8ae6d207c66f53a3f9d5989c2af4affb37426c412721175d70968e2042fd938433def8c6e542167310875bf1888451c9f9cabd6058c53e0d92a9ea577b9599f620a47c0c9af0c161ce2d974078ba7c1b50f1a1fb92151e57e75078cd08586496d935414cebb31c0921b2c51c0df58d1583da31180dcc71a4ea4f6e6df1758349ef913450caa0ac07858b48d11d4934fc53cf413a3d406a86fd78622b656908ae6dea543ae492d824adb945ac431c18d2a1c39fb77f238e6fb3e7902e16d53b0eebefa4824d8ca175882eae11d831c0e3731689cf0cb428165d980a5e17d03f2c9a22e871f5785d55ad78b0f8a157f6612db6fb468ebb57842c69941cdf68f72992680b3b0e48e9a4d8d5107e4926e7b8a517c82b9388295dfe4381e19b2ffee0acb8e411b075b73e85fbc96d554fd0928ccac0f52e36e8191ee94f6a34aee554eef60772f46dd97ae5095aa2abdc486c610dfe6374590e4927012a4467f3d775cea340b31672e4d7064439b0f7929cff3266697d7b6156f9c87e8e28d4f5cae96118d6ba64d74ac13725abaf648c9249a99d7b82a7ef03160c5653c4841dd9a0d6dde02e685a9e7f8d1bc514b5911367103534c5b0550a32f412ff32e16e115e0c542fa162475ff484b379f9ee920035db358de21d14dbad23a8502467465320d6b0e818500457f661d5922b248fb5cee9115042a8945dff633fa7c886c8f94361e3f53f8fee2ffa9ab5e2e7c977364196601ba9adbd2030ada8c04da7b4fdb240e12e1e2f460982cfb17567aacc1f773e6b60b7a812c4d32f02d49a2b79d47f603d749d7a5d5c5422cf5c3e5dc0c4e2036e67d34f8fc80a193772864e9e88d3534305b4c2c80d081ebf9d554907ef0ec82af477e42dc0556d84748cae8b16d0ce2b2d5ecf81e47781146016bd26bfc4a41e793f8fa2e4ed7b217d2734fe82c2ee259a16736950d13393a6cc7ef0393aa288c9824386a275dff5d8cd7d1a27fcac61821088dc5e2be5c92f0d387e73a5283d6c3d6dd3fc3a43f3216b6f71ebefd70f865892b91c61286c897d6dac32b6f017fb1558ba9b556ed3f0f7943d2e23b94d5c34d570c8fba8a8ebfae49fabab1701ab74530e4de3e23ae3f9bd048612314af259365f32a86f5bcaa88f789860c8dab02ad2476c672ada1f9d47d9e8b9aa16ed66300578725beffb85e221eb02265b73f348c1d188cdb6ec2ba754fa575a0ea9661c392490df39a5bbbd36473deb1b6e993cfc15fb4b9091387547f88bb7bc4ca4edab6c565126e1c9dc8f1da39b9f205b95a79af350d08e94b5a27baebabb917dad592dc9e6d5d418f38d5ae3c0ec890e7f81a277d25de80eb05675f7dde34beff5385da8ca19a6d0601a195a5315eefd81dfd626aa73f204030357e4ce0ef7d104b8a5335fef9285e801cb857d52923e47a5df28b77c310d8b375d1984d046537fe73a186123e8a688a7944e58fe130c99efa3cd0ea7ebdd5905eda80f36a31dcba302d2a75c34d29bcd3a5157cf3d0f6e11fc5640bf7031eed2997f21b0e3003f3a3dce3cbd05341cfda8d1cafa69860a8df4dbb1f3a8825eeb654cf62b8b03d178cc7c4eb09ea5a2dd9690c765b847233c69d249af875d70aae8981f19398def467ee5acc1083bf484cf26f72863f4b7a28e8b5935b11d43b0fe7dd1103c9aa8e20bcdc2bd0eec658a947f0d128ee0fd756336f1595c22b78c50be26d6915bd67c99c1377fa32116af553e22c25b301dc58dbb2d3e96555b76ead7858064ae8f6647673b0a8aaf2ab2c80bf3374e7783e9961054dd16d7846ad4b9bb07691597987702bc5e48bffdb4720fa25e6289da126d0a0e49f155c0a09440afeb0e9be8e81b99863da5144bdcab15d57b6410f1b7dd46c5c8b7a44477ad1160de17cfc88a7314c2da3cddee118989971cd63bcaca8faca22da499714b21521f173f4ef6c389ad749dee8d11fa967c4ea19fde122f6caea722ba5bba28ffd7dbb9cefe9655e4c92e044806c6191bb162df440bc54bada9cfbc5e5015dd4e694dd48ea3fa3014da6b54cba34f2ec324d95503856c8a6ac984aed8a6315fe1ee8db6889b1a22063270a71519590eba4bc9957fde47ec67e561c8a828790f2b1cea7f7748db7a1beed21f0872d4692a8676a5dc0a461a59a837c9af4041a66182c794b4ebd0a1b37ce638e60a54ef5e95964415d8a74a104960945cf90663bc4fe2ee3e67c227bb3713b51a516fda0af7568ed8807bbf1eb61d7831b817a3b16914cd4c78c996eb3d36685eafa6000", 0x1000}, {&(0x7f0000000300)="30c6f6597a32a90f3d7b8154b3b1e59ed70462304e2f0c08ad43d3115898a403223c92eaa909845507b47830f9295b2f1bf5b8114f203fadbf55618e48a47970", 0x40}, {&(0x7f0000000a40)="082ac3588ae3626e95f883d6245ef73360319ea56d4f07b4dbeaf0953a76a9921ff0bc6de13d71a9eb46bb9406458d50e28f6b98a23548b83c7e0a95445fdabd783f45fd1f7f495c44196d95503235f24c6d204a67a04acbd383612455e643eeb6a057524933c5c23d2e6fb96b33084fc51e82c5536a604dae6157ea54675b25133e8a4d6425bad96b59d757c279fec55310b47c913c573985b91df124e2e5c3d4fe2e865ba0a75d85ab18087cb3d57e6b31659c0a8276c7aefbfb4a06344d0526fb7400a4d4fe30a7ab9c821dd28a40", 0xd0}, {&(0x7f0000000b40)="f88d9a3d56c874add6ccc775a58900ef14ac1e0a4edd55629655ede0cb13a4426c5fa74b7143e1568012712a1135e6bc7dcb28049ddc5f5eb25bed881b783a76f0fb57c244862d92f5a3881aa4dc5afbc180b6e61b66f10ce2092f6515cbb9c7064bca0f9052520ba5ae0327b046ac7addc348f0eb473afcc5313349401cc4d225419febaaedff309a8991ef8aad26091b104ca1a79fb9173f6c3f25e6f003460c9e0467b7ae", 0xa6}], 0x6, &(0x7f0000000c80)=[@txtime={{0x18, 0x1, 0x3d, 0x50b}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0x95e}}], 0x78}}, {{&(0x7f0000000d00)=@nfc={0x27, 0x1, 0x0, 0x5}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000002800)="ef2e1382653c58372406b4e136fe87902dc627749654f258205dcad88f057a4d25910400c47a5cfee18360af3e5d2aa3918d73dcbab24398213c722a66513508ee8dcacb83ddf49bbcff051af07a29c5ad5973a355d9fdc380e9b92203b522649dae069ee322e3e196abe3862e77d916f7381330cca8eb4bf30c67046fc38af773ff96100445c150bfd43e1d0d00433f897cae3bc0a4bc39ff67ec289d18aa7f33ecb46d52c404526adf1d5c09a40d80a271d654f881c54fbc4bcc776b17007d928f4f52b515d245d6ad70284a0fad52fe6a05824a97f46c5f610a5902fc960af555628e912d9c903d8b7484140712ff6431a467a3e4b3aaebab1ccd7151df966a8e5bddaa2d87263cbce635833ca50b1d5fe77eb66d8b1d56a6cc084b974b35f284b07bdcf17a0596abaa2efd49dee5a6fde8c779c33fb00e96fff2ec9597b05daf7f97bea075189650c3ceca0dafbbb40795467e595c60cd219b0f9c6641d7c1a8a479d8a2df23bef5e95ef601e5ca0f3a3123716d6262ab3ca371206bcea18aa50edff7424d744ce22013237911684dd695ebfde510d5f501419ec559718620e0fcc0acebb6f21fbbe5b750a1b586df919e0f5adae07c8ce1d019b3cbe894ae34677add1326a2aab70c4c2d5132676e9e7258821b2b9dff9eb3bcf259a000a50a0fb38672473a18da3ecda1f3e7dd44f11b94c2db6eb8550fb1b624ffb100ff94cc2df9926f60d1f5c72c1913f87e5082cdc81dd014772983c98439ebf3547b9964f122403e818f0d7380e6180d97033cb6035af4efc17cfc4069e4b894a2f4bd6e9788d841cb8275670605af7cc3e7e57369302e3cdaab82a03ab198fc9ee9c88afa83d69180678202d10e24f76e9de81d3acecafa008189cd7863704e0b5c143af59ecd6c44e50cece1ce4b0e602ffd81c9923ada6fb1be0c8764588200f517a119c9f280cdd4fb1b3219ee1f1fe09484529aaaaf36dbd8dde86c73065334e53081313ebc76277068fe908de2e0ccc1643422c85e19ae11bc7b0fb849a66604af769e446cea713dbcc1bc35982a7c5345d05842ab47a20402dce64b721ac9f85e6d58c62dd897736bbb5a32805472d5e9c4aebee12bac9e6c32441a908a0e9fd583deef15ea249aac1494e73df2be801baf8916ac9ee29966767c7c2302ed65cb4830f6852d4cf1815571f7b8f9d49824117c3b832c779e43d957e546e75243c31e96b754799791b8237757a319fdd14640680ef3e726338a4e695a5ae9f34e64f92c48cf91ac2cb7cbc24155f50945dcb4b9de7d7bdae4fed87665fb6c0faf954069085270bf748dd695131336078a5e207225534eee700bb8985ac6e0c7840d5cf479ce6e2cc436d4ea523d168d6508a1ef94a068b3cbe188695f2e6c86dba15c76703daafbcf24dff52120967cfcf0ac5baf1961ecb3dc811a2ebcb90a7914f2bc0e34ca0387bc527e9bd152ac6708b9483842b9ba688c1f8643c62e89d950c6d8d4608be3b9ea9a847782ff2980f8579e0a8c1589d8579e6d34e7e3fcce34a221d151c57821670869635967f409f98d239faedb3cfea7a55423f7b78ea0c61da3eb9c54213fcb5cec5063966a200be0eeaa2f7efd6016f10f6aac1fb261c36981a79083f49ab4716776f15d26a951beee1c0a4c8ded959c8457e44ab377dc648cfaa900f041ea0488f329e3518218c56ea6e2fef35fae3f6f91b2fdfe9185e1f703a6bad0f14219dc90c964c9e5bfdc26ef794ff7f93d9a44395e9a2ac85ba66f5cd88574a0acafd378bf5e6a07a5349650dfee6908568937772116ae1e15b99fdc7cee5d07e5f5703a4d9c4e8fcbae9c6b4510a3e16f28c584ef0637dde93af804af6a2a22661dac692393f0ee0d728f37ee0f9d9f35fa52cd1de904d8f7969b0bf5fe52459a14d4065e6336419f8ce4cc18f3ca7bfe4d53dc7e2360537752535178464ea8b901d8d578698d776575dc851648f28e720f777dda71353fa3e9cf04955319a974aad84c5c6ba0ce104c7f2d45721c5b1030ed8a79dfc2f1f282b47349573d0e4207943c50b8e2d789589f0f27209e341a42e9ceda7b2615a1ae7dc3207a90ab83259713aaafce45d2edf0ebeacded5b40ab743679bcb22ddeeb24f680267bafc500db9a2e67df077c1485edd7b26a73782315cfe4ce0d00470f3ce9c09f62f7deeb9d4bae28a00d3f87dff22b6b5f68bf7e50361a15215bebc0276bd971d5dab55a7a039b7d6c407fd9ce996d63350babcf7cdbd5a96f924a83e3cce2eadfc17e2a1b73639ae5f4855245b56de1b22ec7b44390c069dc4a345b9b19971b7a86cd7ce8252e2b8b690dbf8b960b32aedbc840449f040142dd3e3d4a3d11fa02dd28f686f97c04f22d9742f35c191e2c7148e2dfc030593ad470321dd1f3bd948363799447f26ee8bc7f1521634e8655e4b4972b8bf3df58a9f52d443c644960699007924d64449b31f58f59ac421ddaa69c929043325c1191af5394806edf67a1cca7226693a06603eccd072f420e13114b4957c0e4e1dfbc6b090f2eedc8f4557800163fb2365125c6b6b51ee7b3fe11364e7c4f48adba25ef368b85acfc5da1819c0e199ae4fbe03712afa1bbd06b1274fa93d89ec645c7e7ef35a61fe103e2bb7f483b3a40b115c6e1d3c2bb4cf2364bb6a23d8912b8faae242fc1a4cae9972437ef902d0ef9a8f9d0c6e02a3bfceaae9301d82c660974a305c43a01355515f875a96832f4f0504fce75384cae9937d77bc3a4e380dce9c3324de85b6c64c6851ce83e24679ad96155fe36c4bd3892d1b656136a52c25f0ed36699aa9d2f0ee68c6ca3f58056be1ed1b25b8557d7d27908846dbf99843f1bc594ee005cc74f5175dfedaed32b21dd2f81daf38b3a78d2ba329c4555915885a1405186801c5519e085a879c7b969150b18364f8cfc0e9762cff1bad84bf2d4437ad698775f8237ce6127ff17f38c13df2176539a579d4cf6d288d64c12dacc5c0830c7377f30125094c2407dcdc1dc6cdc0c5989557c06d14f2c0a4840f92402ca94611e43d122e80251662a1ff8828e165a2d0332a816746d0aa64e6ae568203ca052ff15b24529979c5598a6884e729e319d374101e475517f12a2863ad3329b57222c6f1762f3ee273ec875613c09e7baca0d9b2b7bc8aca8a800b2ce34fc6f96523f44060fbadc843ef6bbcf1f996972cc5878f74e2a2b71a4385d95fb680fc3558734ffc800020071b1c71b810e22ad0d2dcd0f3131360f47e8a79b54fb007497880f9df26701240a2d12106ea7048fd7db65d1ed446b7987d170af9659477d7faff68d162aaf3336560a41822df0bdf3731dfb15c811948310a8a2e0a7608f55ba3c24456e5c65283d50fea7d48c4b3edb48cb7a691178a4203a38caeb9bcad54ddece7d1c1001635b6d06b0da21b148602f7a1f9f384afe204f0e2e0d14c3578aa4b444248d08eea12fa2f717c2f771be118aacd80236629a608d778319be13a119fd802db08bbfc3b74c1ca7f556a31462bace05307839f7c324866ccb8c85b3a5bf636a59d9b7a1a8ab9ffbdd99d14f2af39a109208ea476b5fd5e3d46ba7216d706cf8935e659588ad6371a15b71eebf0c7b8ca5e5814d9b8b4ecff77e1971f3522b1a705a77e1c208f15332c432d01ae054487a6c77cc8d20e3d540af2c06ea4b5d5ae761fade908f8148b4ccd456816f959a976eccba952507161cf119bac36f71f4b6c067af3286d16181541a90320ede770aa1bbba95d6a0e82612cc5b3162ac00118a405d894f43e322ea56d15c76304c0ecbdaae4e424a2ab0ba28a7e3664880c63862f1ad62ee4f83675dae27f0aa17ad6454007cfbff00488a2ef1ef24db409b43b32f5c3dfa54907247691d1fcecf59bbd300bcdb4fe63c5774e7e584a3d05696a259ef45b29dc7f88fb75bbb33d074ff28218711cbdb9c2f98e7016f1d32ace7a191d0b9d1731471a2e82352e5bd77a500eccf5ce0ffc8c388e10621ff69b4e3aef6afd794368ac18cb59d6e1bd8c3185b29b0f70561e9840477d7299a31ccb962329cacba4d470d07a4fe397688cb8c9958738bf7900c0a5308564a70989b082094d5173429c4291ee7c9f5a0a704fda90e4a8782d1d619dc292e2476e09b15cfcdcb037da577fded312c1ea61879985bb10d1fa98b60a1994c5f72a0e07f4421e5f0d0703ae8a42d46a3f82f5a144a490a948d0a4edfd9219ad36c5f067cd5a1a5fe23d08b4b866577bd698decb93f63ee682728951e65c026379a3cded1bc1641076db6709784b8a4620523db1b55b7f2671e52c6601e82336ca0e0c1d862a157c37e288ed30dedaa72ad481f680f82011f473cea322712bce5a38096493768b739ec04d6556cd8ea9cd42730e2eedb711b35435fc20f74317400d974b17aba04d450f3e2fabbd32f6a723a2c39b700ce92718f8eb9ee2f75156b3109e630212105d7fd99ec7ef81214d1d6157e1c56bb1f23e72ba7de9b123af50f10027bdf6b173cdab49609eaf609826df04d12e25ceeafd9be54a404d77c89788d797377ec408e685e5734f81bbbf50d374f4cffb70af7e78c2b025ef0b515ede51b7cf97b9165ee8ca2f96954a9b2e469a83890377b9f0bf69d17e296d969699f76fa9ded3eac0a4b8074371d9c68e74ba9ac6b65835198662ac02c9c0bab85e9137d476455556dd62dbecca92317b78d252d631e53c27e701802ffddce4deee4621c3fde3e199ccd5d799030dcb473d9511c38259388d2402eca54be6e3fa57dc78547cbb7cdd20a5751c7d0eda7d14e74d99b4115a02c8f1293a3d59f87a4e714da48d18763e5a4005bd752c8fb29a9aee71df17ee6d6c65c745fff34143b8af92c130593b35971ed3493398155cdd3295da48f631c9dc3399a80c220a4b339a9b0457e09a9fc20cb5c490210f312431a12cbea77381e7468ab3d4f652c8da83f6fe0d4cf3e20abb64ae928e556bdf1e3c48a44021337c5a67e2397791f937f7f78055b3bf94483f48a480fb57f81e338d2abaa0ce7376bec19c1978f3c48668fcb915b35f48c800a5807cf943a069a335c87dbf160a44caf4f58a016821d3463c7d36241234dcaf77e79bc465c3aa823c60aa70567afba331e9fc8ca19924496685e3f9249f96ac5e76fb7c3921bc0d37e77afea0a943328da843470ce69aab016315fc03e2eff9d003d1682e8a70cf696dc6719c44e17cc1318bdf5489272e0179f56dd82bd2c32355efbd35b451e78d49e2e3bd6131b816166083a5ac97e4de46179df56ff987f0dcaeb345ad0edf1aa7ed7ef9938b60ffad15e6d42fcf9743b34d1c275d10af260be52213c410bc4962bfff8b66ac88a515c231ef566bf6dc230a280ddc8cdce91752d1ae60fe09261d5f40a14b79828f862c5982e0dfa56afbeeb3875458ea0e5357c8c9d7497b38e839b521d81b8826949bce5812021162dd81840e0ed464619a40252faecc66cf4ff4e014d1aeae1da155325affcb1a2c1b3485410b22f2f6b3b3b30b1643cf002cde2902bb0232bf1837a62497c2f3d1ae2cc0457e0c2f1f584a84b285b8fd8133484213eaf46019cdd0c6471cc0a2936741b80b591ac905d43f5716822e38f183d33dfb0c2ebf787f4cd3a79d90ca3c0a055fc0ee16b6d493153af0ba83e58e92677190be6122c22e26973d942e4c8397b063bd43d3812e64d9a5a96ebabe0912db2b8993b2e7e525ff3665dc63a38d89bbeb3522857fc1d8bdd79ebc8901c125193bf1ea001684f5396d1ce20b990d8dfde9d073583f471fb73b8ab71270d229a36", 0x1000}, {&(0x7f0000000d80)="ae3add359ba81a45b407936352da73c837026c922f12a27303e5a171db2c77a593c56ab01d21e57a6b3e724f3a4845d10e752ae9cad3a69235834d6bc0308b7b9f49f002cb787818f408815d03d61cabbb7b32c117b468e4b08bc5f5d42da9a490114a959a2b695cbf56ab7576a76f09a6c57b5823689e19efd134de7a822f6fc5ca30250e0e04adb94ced57d07dd81a88d2663eb75f5639ac8a1a6f8a5f90410a45f17da22119b659548949e6b5480b8312693865511be6387ba5a094ca8aeb094c2aa342e3ec09cbc37fe80a3575c56d63dd4d334eab7b3f0fd606d795c66eaab96225c537426a1674", 0xea}, {&(0x7f0000000680)="e9beb61f0e323b88f1a2bb11640fafce77d6bd447ec6d069b5b5a4e66342f45cabf461dd0ff82f56d7ea260a4a32935c09", 0x31}, {&(0x7f0000000e80)="895e8fb0247961e0c51643f1b8f44574253b97ca0431c60dcd13665a4fffddf907d8f082f8e0a1e9e44238a436761a1c857e6d8f68ec10cb828b1db02057d52e24c4eea699d589fbdd64de35b41aefeba9b54c", 0x53}], 0x4, &(0x7f0000000f40)=[@mark={{0x14, 0x1, 0x24, 0xff}}], 0x18}}, {{&(0x7f0000000f80)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41, 0x3}}}, 0x80, &(0x7f00000012c0)=[{&(0x7f0000001000)="fb2dfc457955e0a101db8577c66de774e2405232ffc99ac9cb7da88e6d880e6a25648f0c20f0769cd61d260f6ef0c0214a5c367b678f1f15ab05d098e400b2c8bbf860bdf557ab88ac28b81e00b02b02e57731dbf4ebb6d5d1e081c2009bf5a53dcfd1e342f19caf613387844bdf15eba2b50ed02acb602a00a061857890f5acf5e622e02f6feb96b39e245ee2e6f146ae319d3970143c089bed097ef217a9031059f5adc478d1699925eb56e5acf204618483d26a024ba92d6a08ae0c7f785bfc202454f9ba1916a9ada1175fe6ddf824e98fd79ab7f301480cd86f9c4e400aad5aaeb5555ad36d", 0xe8}, {&(0x7f0000001100)="6e3b039042bc94d0cf156aa4a124669ad3081d45adbd06d5a88f32d0e4ced8674920181ca705a6e877773b6d950ae58b113cbb41141d87d0647c9564c532283dfe3ae2feb6d92e0b54877813df3bf00df7434c6a4351ba2100ac8c9e2e1959be1c863cd030a0d5803323340f0adee6d542386f3a8b93268176cd728dd8ee8739d54c4981", 0x84}, {&(0x7f00000011c0)="53e34d7b57edca476b0229ec74e0758ebf5bface0e4316096c2404609b2a22bb5486be7da23a422ede3335e8bd870c1ddc569c96da744b06037efc7e4893c2c77904e0ff01c20b54", 0x48}, {&(0x7f0000001240)="947b69da1fc901983a6c015fd2506bf001dc24505efd334c2910f100d0b7eb4af242e63e603c18362a67187baaec9e86e03ff9fff2cfd3f0ec25d89f941d5181a15de0429a8dd8a706ed9d82c5507f1541c17b23d7225a26fcc138d1dea4ead43ec93dfedad5", 0x66}], 0x4, &(0x7f0000003800)=[@txtime={{0x18, 0x1, 0x3d, 0x10000}}, @timestamping={{0x14, 0x1, 0x25, 0x9}}, @txtime={{0x18, 0x1, 0x3d, 0x10001}}, @txtime={{0x18, 0x1, 0x3d, 0x14}}, @txtime={{0x18, 0x1, 0x3d, 0x4e44}}, @timestamping={{0x14, 0x1, 0x25, 0xffffe9ed}}], 0x90}}, {{&(0x7f0000001300)=@generic={0x2, "5725cb5d9c1bf98904d510e6645d9cb020e41dcbe659813f673b59569615a65e5ab4a70f7c5473d3c3182d0af057daf2e90dbf3cab0a26ea1ae4ba49e6a25024b7295622837949dd69064f63fa4cdee360eba2fe3ef9d041536bab54ccc80419f223856393aabcf67caf62f592d9822f7b7f1e1fe9eff3cdf9656ca1c057"}, 0x80, &(0x7f00000013c0)=[{&(0x7f00000038c0)="0a723e2da237c0c48f242e99d13c38f118db99ad2d723203068428deb62fe35053f5a0934bc155befd8aeb02fe73a6bf64c56cf8daf3af1b078a745cfe8e9dbe9c472b1c1540126be672f603d0b236ed268db26fc430682b1244037db7b6269f50ddc2c7d4ed374c0962d02cf4e576165748032ff7d3f71b4ede5eb4dbc26d3cfc4e58e884d6fcaf3709a4179252fe2a7246149335f69ae0f672759a58f13501a59b4bd616a32d6e8193954f895d108ed61ad1dcece7a2531d18e89a275d2d5f795eacb6b28949fd130803298df5e8ca2ca2", 0xd2}], 0x1, &(0x7f0000001400)}}, {{&(0x7f00000039c0)=@pptp={0x18, 0x2, {0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, &(0x7f0000003cc0)=[{&(0x7f0000003a40)="11ceb676f7374d6979aa6195026ea35cf5acde44eac2db3d7c760ee45c299710d08d5ff8fdab457202f36d5864828fc3450ff431364307e67e090903255dfec3a617ccfa80934d83611235da519779dd80df2dc7053247f40fed57f5645ddab2ed1c9a7b78452631123b9e5e40f51399744d63a6e8992c49e3d5fee28a5ef7b025911fb0b3b4f9c6d6e026b352cd52c5b9b0e420ab35e47079e19e5d73", 0x9d}, {&(0x7f0000003b00)="90141fa97fe5450fce8edbf379555b90fc05485451fa17fc0574d7dbebb64ae7640f1715659f959d0bd07285ea84e31f89c1efa6ff32e2cfe6dec9d6645a", 0x3e}, {&(0x7f0000003b40)="10d2b0b3ce94e7eb590b813980b2c14566479c40a154fd5b4994d4eda5323cb7662200f42e058ab56362216b2e0143ac8e222a4aba4f7b746a013c87ec7c6399a1b6000005a7a563e6ad5f091452ed325406a9d667b195d5fd3f4c3bc56e32c18308c47289aeb23b4bd20d1d1880842639c188f0fc42af79f3ebb709cd1797fc6ace2194fe98b396cf4520f34a0bacbd605bc81db006eac1376a38307d2e05b150e710d35acc", 0xa6}, {&(0x7f0000003c00)="fedd98b94247031b31b3fc740ab7c461cb29b1c673112a7e1ddcfb9ee5ff770355fa5b01925bdad83f3bbebff7b1f64184dfc42c8c48b68ab7b7188162420f49785493a1dce93841d1dfe953d6e1a76da19e79cffbfa76d2c51f9dd229fe1dc43c7db227c8e34ff4", 0x68}, {&(0x7f0000003c80)="89cb441ef4fd23148b7edd348c7bdbd1363c34f4cebe2f2ddfdb34e153b1f817985becaa158697be5e818f19c65fff16325ca398", 0x34}], 0x5}}], 0x6, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x190, 0x0, &(0x7f0000001540)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x1, &(0x7f00000000c0)=""/120, 0x78, 0x1, 0x4}, @fda={0x66646185, 0x6, 0x0, 0x1d}, @flat=@binder={0x73622a85, 0x1004, 0x3}}, &(0x7f0000000140)={0x0, 0x28, 0x48}}, 0x1800}, @acquire_done, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000280)={@fda={0x66646185, 0x3, 0x2, 0x1b}, @fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000001380)={0x0, 0x20, 0x38}}}, @increfs_done={0x40106308, 0x2}, @free_buffer={0x40086303, r5}, @acquire_done, @request_death={0x400c630e, 0x1}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x1d, 0x18, &(0x7f0000001780)={@fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x1, &(0x7f0000001700)=""/98, 0x0, 0x0, 0x26}, @flat=@binder={0x73622a85, 0x1, 0x2}}, &(0x7f0000001440)={0x0, 0x18, 0x30}}, 0x1600}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000001480)={@flat=@weak_binder={0x77622a85, 0x100, 0x1}, @fd={0x66642a85, 0x0, r6}, @fda={0x66646185, 0x7, 0x0, 0x31}}, &(0x7f0000001500)={0x0, 0x18, 0x30}}, 0x40}, @increfs], 0x0, 0x0, 0x0}) 16:18:14 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x3) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x60, r3, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x81}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xff}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x767}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x8040000) r4 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000002580)=ANY=[@ANYBLOB="086310400000000000000000000000000000000000634040000000000400000000000000000000000000000000000020000000000000000000e42f8332cd4806580000000036896c739a5914f565000000edff0000000000000000000000000000a0cb417f3e3d2d18583c4d70131175596fd293ba7dd9d68d17f21d237b26e180654f00000000000000"], 0x0, 0x0, 0x0}) r5 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r6 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r7 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000340)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer={0x40086303, r7}], 0x0, 0x0, 0x0}) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r8, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r8, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r9 = mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r8, 0xfffffffffffffffa) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000002540)={0x64, 0x0, &(0x7f00000014c0)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000001440)={@fd={0x66642a85, 0x0, r5}, @fda={0x66646185, 0x5, 0x1, 0x6}, @ptr={0x70742a85, 0x1, &(0x7f0000001380)=""/191, 0xbf, 0x0, 0x2d}}, &(0x7f00000002c0)={0x0, 0x18, 0x38}}}, @free_buffer={0x40086303, r7}, @free_buffer={0x40086303, r9}, @increfs={0x40046304, 0x3}], 0x1000, 0x0, &(0x7f0000001540)="bcf9707af8b4a7ccc5c7ad997b9937fb9f0a4edaaa85c59fa2319ccf394780b3329a7b124694872705c2e0cdebb91974ae004981bc9e2b7bf669131729c16d810b31868011ea9d1fd3c43a10c5a01aeb8249524e8827e11be755177321b538c163b498b89f35ab22d0c8b8e9c697e5673c7c17d3c87bed4630af042f77bf40d4110afbb8ff78f26092db4da00eee69383cd368d99af08237721e6c7bddba9c601e7ac11da853cc5dcd9076547af9fdbd48c9bbf397fa737a3041ef894abc34f433a7510337f83ed0c318d14b250ecb0cb7fde0a4e3167e08bb444df832b84133ba99c11251503794f0bc3a62a70cc41b681f8ec9e820315f58b3f9b94404181bf4e56001229d77af8da8dbb3a9d83e4e2d4b96322681bd35a954986222b1a10df6bf283eee7713d80d4fa4bf7cbb8a0506dea7c0578089fd1285a7effd8dcbcd9d29a388fae621488f70cce1e09bde340f74870843660ce4d564c757b41a17e6c7e1360d953c253da967b0f0c269ee7c1de6d9a7f976d435107bb7fe326013463b5ff338113dad21963eddb3ab363667735f424e17dddd1dfa02cba072cf40a6aab504197f311214cc89a246e2e5771e6f895d644c9b8d12ab24b4812c7c5a5408ac2ab06003b93d1cd3b66e67f165d6b361207bb74af441ed8ad0afc45a42e8282c529a2781f06d7c9d89f0843b5267a2f44a775f691090844229a74c56f9cbd8542d43aa6a17eb3a0b7c77b9dcfe5e45a11330c7f2c32ddf6ed49d6c2f34a68854c4e045a838d17141d6ee3de440e9400e8d9fd32981d21ffb1f60c477757011ecc41562e67e3efc1431b4aa30e6022e92b179fc3d62c7d7f8073ddb05f49b2d80ee7fbcea32d2ac82fe43f1eb16b6f116bbe1925bdcc76f4537e938431c211799f81f3c809ddaf7f048a3b74bd4c24685e0b0d63db9a48ba956077419b84199f9df5439b4fdb0e1341391418dbbc3f0fc048d41614df96ae3fdc4fb1ba6dad20741fc99f7be5ddb630d7b1912e496d1207ff22c4e4aeaed20032e2da8c576e0ae1a20f3aaaa861d3a2bde9d2e937ebc9106ed8ba9b8638ce91867aa219c71e26411f3cb2bc6de21fb96a3a0491341949347c53e1ee5472d2995c734edd1320596a44b2805c38646b0bafaab373ceca369f8a8f7c4b1f316bf3a08a67e17fb830221dfef0abd718f5a5ec76c8892dd909fb5ad359445d7f2f6ce76b9c24cdbe78f93d41774ecf06fb3acb1161a5322e6c3b215017a20dc2644e420f592f80c751954a959a634e9171305b3a4c2482300be5950a0c57eb05f9fdf4530821971ebea0eda97f8864814588b36a2534ec7b5200223bb4599d214a98cc7ab587382a4270999ca669ff6601ad4bf2eea98c4c0abaf3b736e2dced993613fdb2c5820f6c458912fda6fe029cad4af64640f38d523fd31fdd1c7a489e8db9daeded53e33c1ab851e9dbe85ed2f2ffb4c213f0cfa40c95e8f583e7202d57cc320fa9d1cedbe44a8c8f75b011ae498fcb899c3859426125c961c47b01116607f55ee206518f6041f2ae8312d90a0afbf44f9e6baefcd7a8049009b42b3b801ab1d66536a32bde260184c8080e26e6d8753b821917cfbbf5ac6daa2cb5e445118e14ac1dc76aba4f8be3a4c921dfc332104357b391b03b927d3da7853e53773c92b1a335a0fc5d3bc361e047ac491538a76168448039d640a18f9bf5e401c95673c97ee7b48a4a0bf0eee17465512ec7db3c10f65995f089cf5a62e0e3b98040c034b0caf5db9caecbb114825bf2236198bafee9fa5d6752fcee87efa897fd149c91ca5a932b57736e6fb81a8d99d7a1d2a69a1c63a384eece66c962869eaf32b16f3fc12143c3d62554db619d60f5096d504916f3c6db170f613e249221d12c5a47d10a433af46060640a364eb3cf5feade96ddcf61ee38fc9e24cbe16a9075ae0e16ac91f01c145ac10debc3d495ca1f531a7e8fe7983207efd93ada97735a17524eb26282147e7608a61e87c193efd4f1e3664456e549cbc6f2d63525805d9a01c31fe3c3ce2a932904b07ae44fee051bdf8c3f9c57209507cf6f67092070d4dc3f16bd797717b7f04e92e11eccdac818fbad53ffabaa2392fca3e8a3933e210acce847eed0962422a904621414ca8cf4b6e0c6eb7096ab239c1a8c49f68669ba520da8ab3b10c275531935215b6749c17e45bc934d9327c7fce9651666525759eec45ed44d118538562f7433daa2116aeb8bdbdc377b0d1821c90ac374f2bc22e24873395ffe14b66f30b13f7cd7629b4b6e6c731e144d8cee52c4dc7daa4dc8227a19da1a4022c886839ed45a5537c20ed6509e85f509eea82e191ba0c7c9c934e95a742224c18daffae914274ed3b39a97f4d3b7edd04a83a72ffdc9893eb6f834e5a498e7e84ee9cbe0301174ad287d621ccb6bd2baacdd2febfafef1c46a5282a81dc258b55d0fcd864de1a5ac56e546e6796f1385621cf48736305aff6426b3081e4f278dc86c1e83bbd5b37188be6e9873815dc3cba7e757d940a77c203a67ed142734089b6b48639182adf7c1fed2477eebec905e6b372afe87cf20c8b932c006af4e82094c523a93ee318e7850386a4f6e1c7bf82949e8f474aad6c225e167788b033c21aa7dcb2e250dbdab1ceca5ea8c4cdcac9607d8be5409693cf5de99c3f68c73f5a76bfc9c7e4050e7d4861d9ec8d8b6ec3b0d123e170bc47783201a2464bb59d550358f1e250e2812d028b0358b2185ffa2322cca307186b4cdddd2f9341841da70c26aff4db467c594c796d3ed85761d1acb2680a5cf72b3d50f5228dfc6a3b89890f481c51e54dee8e26a304fca389e97ea6509a808f7fb0957d8fae7e52c2b70a4c62b26054cd2da7b19ed581afe709e913404197fc53498a22256ae2476c88c12cba7c755c35bac69f43444bc3bc7fac2418412577a26e8bc4bbe8693dceef15c45e7d94fe81c660d327ba0c2e17ebd2505ddc20f3c5b5098274ae5823f14fc8b5dfdcf01af9db2ecccd81f3626d83c26c7b1a48ec80fb8b587d0fb4eb22fb5cb3924159dcad772a261d7572e4470ef0c8252eed5aa4fbc236a6ab04e110d1bbf40fcd02866bff36f0c519f71c38bae5b090410d1311a5b535200239fe7e52063619991a31cc2132a50e10d7195203d359ed8999b7c9a3faea1b114005dfc90a9af70e5ed81819a25ade82dd9a54bd6a1bca5598ee789c833568c651157d889710e8c487bbc92830e2b80d8c83fafd290929fa454cc4507c02fa2c54069d83c8ec15578b6a842a6a56d8e2958c153f8781dbaa98bb025de5487b69cfa194b8581102339ceae5f7dcf35bad21bf5f9d388828642c8b41edf6e2b71932e8b4d9d30e0eb814387fab9e91bb898a94de6fc5464aea53b21d9f5a000e40c17c192109fc84a5f9c50c6d1f03463cd9bad2d66d0c9c0e33656740a42a91125e93790d319a070847d4dfa881672c8772c363a46f4b3b597b6fa9c915ad78754db936e0969792e11ce8c5df7013dee4d003c7dfd0911b592fae01290acee577d71773c9c29d21d28fa7351205d3d6a99cafc9909b2e7b68caa6514b1b45a029377bef58165bfe1b381a1c7a27878e1bdeb010a1ab63b4efddf208a6056075fa92a92a0723d8fe0441c2a511cae940d384b5d74a3631f7724fb7a7d5208de4d54cd0159f4fcf9d2d8fe6a99184894d780d588b135ea8ab83c31b9b7a746ba2daffe37769e99a3a88b9fab9e89e95b739c919f29ded144fa5b568820acec4fb9dd1f71da09b7fc2bf47886de43f9e445a047dfbc646223ea91c9c349832daecb079a7aae79bcc89310cb52cc814cbe59d40767e4b5d8e7728fc0c8ae92af51584ab64132b5a4f272b74744bd796e32e6bd8ba3cf94c12b2dbcd9de45138ed2293d0f3ff249362d27536dd262c502844575b1f256492e7cb0e2d33a2f848ac7edb8aad808585aafc7eef36a5883be05e97457036d408a69c0c2f49c0d1af4789c8195d0316d7c5fdce21a9143a4c14704d14e5adfe61116298bb0a669ffbe6fa81d9647fe1e42e40564a67d04a2ffe10c26fa18e80bb1925361b07822dc6ec4f9e8e8ae12223466d333f8c43cc5c2d792e5dfae1a073139580d47d4b36eb99c20c3f669dba8a036bdb0f3992ed60a7a79129e736a422772a5b7a49e6532dba0714fb993654d74856da940293108b8d880d70d945e370c330b6bd4da322abcce51785f44f525a6c478b617cb8287be67fa0198ad3d871a4397bde9113a5d8a523efe8f1db46f6d0b8aca1d90a03547f29fc4ea2c96c302f7106db9e1eca57e13aa2ebd52c57ff9af012e30ddb245f7533f19eed52efd1c00477ed98ffbb35b456ab517b50cc6c9b87b9f4f42930e48e2b5acbe13cd3a8f31f2c7d23d31f09318b476588af6f9b82e4f13ff01d6c73d28f9731a3f51b105f960afc9cb3eb8fd027483e5ffaa4dcb9345d513881aab555082d4f9e2c8d86d7364a264733492cd2270cd8880105787217d7437a8f151f2b6d46c216b0d3ec8175ba92b60eb37b457cf4613f868573c0a5b94124da6adc7a33146c86ac94fd83cc19f5307c077c2d6887f1e7422f7eab4be9b0763642b86305ae3177913d66aa11fdf4e38686ed77835197362a6f58346380034c7652431cff286de3b72169347ad548d5723dde4130a3a3f98a6438ba617ebb076732963c7f7a196a218ae576c2ed1f6df6061a75fadf55b119ac3ff8eb79ec396f959e641f2f658d759ddf1f775456d945621e0721fc4dcb06cf367b695609a34f24474d88e7668aec415767901125e2e86518f2ad1a44b1297ac50cdd8540a224eeccee686db87433034a78c564a7110931f13f1d228b53b5035284a658f43b817f5e9d1f3bf185866216db0ad2e1aa1a8bfc1aad47ab41f895012cd7c02262013eb18b07eb95f0bf419e98f6c1c0c452a1572b19c19f4ea9cfdb6ab70ba639fdd934f65bc582d288b642142c2067fbac21db7a6f4415cf321c40d285203686d1e72e9408ad38cedb4ce7828fdecae99fa30d4b30fbc1a3388f6abf0e0fd7dbe5fdca664ea07ce8dcfa2769701ecc5f2a12fe7b54046f69bc7bf62d022369d89672ec99151469298a8b517873ca0affde483ac254072041d46b6e98cb182e61dc9ae14803709e163736ffa88144f4276da60682f073bc93e2ecdb477a741e010748db4ce34c0896a1fa3aca84cb1d405d5aa22299b9e90941a09ed132ba58d141eec01d99e903c7265df772b0237bc75a8bb0eae484c3a1f522e5fbcc4ac3ff168d5d8cb1dfeaa05d08f59837d35cd54e910ed9d3464a90949bfad3f647f9426e07f65f596860cbdb30a612b5de52d9832aab5c02334d83d7012859eb6f9af611cc4d49c0315bc6a21e9db58c18d7453a4c2caa886aecbf534e0d8c3bd103a5547b1e415f9d826d38351336d9043f54e3622b33ee4088bf175ba67252209502a1e275032a857b01a62326082af607ef5f83e970ebad4b9498e2bfb5f97716815222643aebc1ebd8623d9fe86d14eda09ebbdb11eca669287a70f061263d4b5c5a03e285fd09dddd1dc7629e349ae1150721bed52b39fe2143e1f2264370058dd6fcbfc252ff475ea621bf152688939e335ff5e219e6b409975dd860c8bac6caeba2d838d24b0fb0e34c89760cf12cac652f800ba6f691131a2315d21d787581c41a7f76468cba7e93df14c0379d59027460461482e4bc15cf2eb44c6aa919d458e1c7cb97f4b9d4e6eedc322ccd19b4820de7fb906c73545ba44b7576af7ad983ebd734961e5aac00f2e7044efc955647aba737"}) 16:18:14 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @flat=@weak_binder={0x77622a85, 0xb01, 0x2}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) [ 1046.644818] binder: 27293:27296 got transaction with invalid parent offset or type [ 1046.655465] binder: 27294:27297 got transaction with invalid offset (918, min 24 max 88) or object. [ 1046.655503] binder: 27294:27297 transaction failed 29201/-22, size 88-24 line 3379 [ 1046.661818] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.661826] binder: 27294:27297 ioctl 40046207 0 returned -16 [ 1046.661900] binder: 27294:27297 BC_INCREFS_DONE u0000000000000000 no match [ 1046.661929] binder_alloc: 27294: binder_alloc_buf size 8273678980917224536 failed, no address space [ 1046.661935] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 16:18:14 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:14 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f00000000c0)) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f0000000000)=[@release={0x40046306, 0x2}], 0x0, 0x0, 0x0}) 16:18:14 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:14 executing program 3: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 1046.661953] binder: 27294:27297 transaction failed 29201/-28, size 452837379383747584-7820841601533476952 line 3284 [ 1046.662171] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.662177] binder: 27294:27297 ioctl 40046207 0 returned -16 [ 1046.662333] binder: 27294:27297 BC_INCREFS_DONE u0000000000000000 no match [ 1046.662961] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.662968] binder: 27294:27297 ioctl 40046207 0 returned -16 [ 1046.663062] binder: 27294:27297 BC_FREE_BUFFER u0000000020ffc000 no match 16:18:14 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f00000000c0)={@fda={0x66646185, 0x3, 0x1, 0x7}, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0xfffffffffffffffe}}, &(0x7f00000001c0)={0x0, 0x20, 0x48}}}], 0x0, 0x0, 0x0}) 16:18:14 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) mremap(&(0x7f0000ff1000/0xc000)=nil, 0xc000, 0x2000, 0x3, &(0x7f0000ffc000/0x2000)=nil) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) fcntl$setlease(r3, 0x400, 0x1) [ 1046.663852] binder: release 27294:27297 transaction 2679 out, still active [ 1046.663856] binder: undelivered TRANSACTION_COMPLETE [ 1046.663895] binder: undelivered TRANSACTION_ERROR: 29201 [ 1046.663932] binder: send failed reply for transaction 2679, target dead [ 1046.666554] binder: 27294:27304 BC_INCREFS_DONE u0000000000000000 no match [ 1046.666585] binder_alloc: 27294: binder_alloc_buf size 8273678980917224536 failed, no address space [ 1046.666594] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1046.666620] binder: 27294:27304 transaction failed 29201/-28, size 452837379383747584-7820841601533476952 line 3284 [ 1046.670601] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.670610] binder: 27294:27302 ioctl 40046207 0 returned -16 [ 1046.671587] binder: 27294:27304 BC_INCREFS_DONE u0000000000000000 no match [ 1046.672485] binder: release 27294:27304 transaction 2683 out, still active [ 1046.672488] binder: undelivered TRANSACTION_COMPLETE [ 1046.672551] binder: undelivered TRANSACTION_ERROR: 29201 [ 1046.675172] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.675180] binder: 27298:27300 ioctl 40046207 0 returned -16 [ 1046.676595] binder: send failed reply for transaction 2683, target dead [ 1046.676794] binder: 27298:27300 BC_INCREFS_DONE u0000000000000000 no match [ 1046.677855] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.677862] binder: 27298:27300 ioctl 40046207 0 returned -16 [ 1046.677930] binder: 27298:27300 BC_FREE_BUFFER u0000000020ffc000 no match [ 1046.678092] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.678098] binder: 27298:27300 ioctl 40046207 0 returned -16 [ 1046.678159] binder: 27298:27300 BC_INCREFS_DONE u0000000000000000 no match [ 1046.678179] binder_alloc: 27298: binder_alloc_buf, no vma [ 1046.678194] binder: 27298:27300 transaction failed 29189/-3, size 0-0 line 3284 [ 1046.678725] binder: 27298:27300 got reply transaction with no transaction stack [ 1046.678731] binder: 27298:27300 transaction failed 29201/-71, size 96-24 line 3046 [ 1046.678944] binder: undelivered TRANSACTION_ERROR: 29189 [ 1046.678969] binder: release 27298:27300 transaction 2684 out, still active [ 1046.678973] binder: undelivered TRANSACTION_COMPLETE [ 1046.678992] binder: undelivered TRANSACTION_ERROR: 29201 [ 1046.679021] binder: send failed reply for transaction 2684, target dead [ 1046.680004] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.680010] binder: 27298:27300 ioctl 40046207 0 returned -16 [ 1046.680055] binder: 27298:27306 BC_INCREFS_DONE u0000000000000000 no match [ 1046.680874] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.680881] binder: 27298:27306 ioctl 40046207 0 returned -16 [ 1046.680950] binder: 27298:27300 unknown command 1986356271 [ 1046.680958] binder: 27298:27300 ioctl c0306201 20000340 returned -22 [ 1046.681094] binder: BINDER_SET_CONTEXT_MGR already set [ 1046.681100] binder: 27298:27300 ioctl 40046207 0 returned -16 [ 1046.681129] binder: 27298:27306 BC_INCREFS_DONE u0000000000000000 no match [ 1046.681149] binder_alloc: 27298: binder_alloc_buf, no vma [ 1046.681164] binder: 27298:27306 transaction failed 29189/-3, size 0-0 line 3284 [ 1046.681708] binder: undelivered TRANSACTION_ERROR: 29189 [ 1046.681737] binder: release 27298:27306 transaction 2688 out, still active [ 1046.681740] binder: undelivered TRANSACTION_COMPLETE [ 1046.681779] binder: send failed reply for transaction 2688, target dead [ 1046.711809] binder: release 27309:27311 transaction 2691 out, still active [ 1046.711814] binder: unexpected work type, 4, not freed [ 1046.711817] binder: unexpected work type, 4, not freed [ 1046.711820] binder: undelivered TRANSACTION_COMPLETE [ 1046.712577] binder: send failed reply for transaction 2691, target dead [ 1046.713487] binder: release 27309:27312 transaction 2697 out, still active [ 1046.713490] binder: unexpected work type, 4, not freed [ 1046.713493] binder: unexpected work type, 4, not freed [ 1046.713495] binder: undelivered TRANSACTION_COMPLETE [ 1046.724850] binder: send failed reply for transaction 2697, target dead [ 1046.816619] binder: 27315:27320 Release 1 refcount change on invalid ref 2 ret -22 [ 1046.868352] binder: 27329:27331 got transaction with invalid offset (918, min 24 max 88) or object. [ 1046.868392] binder: 27329:27331 transaction failed 29201/-22, size 88-24 line 3379 [ 1046.868981] binder: undelivered TRANSACTION_ERROR: 29201 [ 1046.881272] binder: 27325:27330 got transaction with invalid parent offset or type [ 1046.881302] binder: 27325:27330 transaction failed 29201/-22, size 112-24 line 3454 [ 1046.881469] binder: 27329:27332 got transaction with invalid offset (918, min 24 max 88) or object. [ 1046.881472] binder: undelivered TRANSACTION_ERROR: 29201 [ 1046.881515] binder: 27329:27332 transaction failed 29201/-22, size 88-24 line 3379 [ 1046.882099] binder: undelivered TRANSACTION_ERROR: 29201 [ 1046.882354] binder: 27325:27334 got transaction with invalid parent offset or type [ 1046.882381] binder: 27325:27334 transaction failed 29201/-22, size 112-24 line 3454 [ 1046.882601] binder: undelivered TRANSACTION_ERROR: 29201 [ 1047.321171] binder: 27293:27296 transaction failed 29201/-22, size 96-24 line 3454 [ 1047.332069] binder: undelivered TRANSACTION_ERROR: 29201 16:18:17 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:17 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:17 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x1802) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="116348400000000000000000000076dd1e279372d7d1000000000000000000000371555df24c41e4b0bb55f8cb9cb10000000018000000000000000dd7a084371691d8d602d58c5648f94a30cd166f77f239c793e5e9a11dda733915b06e706cd35d6811c2fc905ec86fa840f05d398709e059573eba1f", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="001000000000000000000000000000000000000000000000852a7470000000000000000000000000000000000000000000000000000000000000000000100000"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000004000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) pkey_alloc(0x0, 0x1) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000e09999da7b0cd05d50c5ab7ae1aeef48fbc6dd4b473f045d3e0b00a063cac85de32656a99358c267d9745bbb46f4ea129eb25a412db12e0f72c61e16a305f8ccbb9d82c400a6b7250337a05c0ae2cf74ee0ca0209769b53143a2ce33b81a9d597c03d6b3379ad336c99c106b3b28a6a2c9142d8215f53d59e45ba9bc056e19bd7f1c205bca8dd1fa7164a5813429fb6b6c4a53dd08050000004baad5b54ba35869fd279f1bf5882b1527939fbce0775d31f82c97f1", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a627300000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000000000000000852a747000"/96], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB="00b809aea3dd0396a5722b281d0000"], 0x0, 0x0, 0x0}) 16:18:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000200)='/dev/binder#\x00') ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a627300000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000000000000000852a7470000000000000000000000000000000000000000000000000000000000000000000000000479ac818f4c2ad40683ebf36bfe20c4ba8"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 1049.657722] binder: 27342:27344 transaction failed 29201/-22, size -552329010864894734-1729382256921910475 line 3284 [ 1049.661462] binder_alloc: 27341: binder_alloc_buf size -7637016848020948872 failed, no address space [ 1049.661470] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1049.661486] binder: 27341:27346 transaction failed 29201/-28, size 96-24 line 3284 [ 1049.661771] binder: undelivered TRANSACTION_ERROR: 29201 [ 1049.662930] binder_alloc: 27341: binder_alloc_buf size -7637016848020948872 failed, no address space [ 1049.662939] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1049.662956] binder: 27341:27349 transaction failed 29201/-28, size 96-24 line 3284 [ 1049.663192] binder: undelivered TRANSACTION_ERROR: 29201 [ 1049.672168] binder_alloc: 27339: binder_alloc_buf size 6702551720882194288 failed, no address space [ 1049.672174] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1049.672192] binder: 27339:27347 transaction failed 29201/-28, size 88-24 line 3284 [ 1049.672331] binder: undelivered TRANSACTION_ERROR: 29201 [ 1049.727359] binder: 27355:27358 got transaction with invalid parent offset or type [ 1049.727399] binder: 27355:27358 transaction failed 29201/-22, size 96-24 line 3454 [ 1049.727587] binder: undelivered TRANSACTION_ERROR: 29201 16:18:17 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:17 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:17 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:17 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, 0x0, 0x0) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x88800) write$P9_RXATTRCREATE(r3, &(0x7f0000000240)={0xfffffffffffffdfd, 0x21, 0x3}, 0x4) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000040)={'ip-\xf5\x04@\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x23}}}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a6273000000000000b86ec7426865d200000000000005000000000000000000000000000000006074883fef4537d0000000003049185a9b909b9959497e518e79000000852a747000b0e6c0b82e756367e5955d60aa7f820f0000000000"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r5 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r6 = socket$key(0xf, 0x3, 0x2) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000880)={0x104, 0x0, &(0x7f0000000640)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000380)={@flat=@weak_binder, @ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/234, 0xea, 0x0, 0x13}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000200)={0x0, 0x18, 0x40}}, 0x2000}, @request_death={0x400c630e, 0x2}, @enter_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x68, 0x18, &(0x7f00000004c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000400)=""/16, 0x10, 0x1, 0xbf7}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/67, 0x43, 0x2, 0x2f}, @fd={0x66642a85, 0x0, r6}}, &(0x7f0000000540)={0x0, 0x28, 0x50}}}, @free_buffer={0x40086303, r1}, @acquire={0x40046305, 0x2}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000580)={@flat=@handle={0x73682a85, 0x1000, 0x2}, @flat=@binder={0x73622a85, 0x30a, 0x3}, @flat=@weak_handle={0x77682a85, 0x1, 0x2}}, &(0x7f0000000600)={0x0, 0x18, 0x30}}}], 0xc4, 0x0, &(0x7f0000000780)="933671fdfb10f907cc83c42294356f23bea15869d16c6593a4833776b3b62df7053635221d61986691e190d2625c7ee5b926c3dc9e440a9e2b287394593fbb9a22ec0b57b03cc997caba68c39b280e64264767eeeb3e9da003de3a8b0352b894162d625a88de2ca130da9306f5e54c203c7fd295558267fc68fa2e682392dce4cf59752976ce2de09c56190d6b1651625428051b610d6e1896440e54e4954a09ce22dffaad7bf7369e320ae89924545f522093ecfc8aa207cd220296fb173189e9cfe060"}) 16:18:17 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 1049.815308] binder: undelivered TRANSACTION_ERROR: 29201 [ 1049.834244] binder: 27342:27361 transaction failed 29201/-22, size -552329010864894734-1729382256921910475 line 3284 16:18:17 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, 0x0, 0x0) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1049.846998] binder_alloc: 27368: binder_alloc_buf size 4611688767206473736 failed, no address space [ 1049.847006] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1049.847026] binder: 27368:27369 transaction failed 29201/-28, size 2305843833847414784-2305844933359042560 line 3284 [ 1049.847759] binder: BINDER_SET_CONTEXT_MGR already set [ 1049.847772] binder: 27368:27369 ioctl 40046207 0 returned -16 16:18:17 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 1049.847831] binder: 27368:27369 BC_INCREFS_DONE u0000000000000000 no match [ 1049.848242] binder: undelivered TRANSACTION_ERROR: 29201 [ 1049.848373] binder: release 27368:27369 transaction 2733 out, still active [ 1049.848376] binder: undelivered TRANSACTION_COMPLETE [ 1049.849345] binder: 27362:27365 got transaction with invalid offset (918, min 24 max 88) or object. [ 1049.849382] binder: 27362:27365 transaction failed 29201/-22, size 88-24 line 3379 [ 1049.849603] binder: undelivered TRANSACTION_ERROR: 29201 [ 1049.891646] binder: send failed reply for transaction 2733, target dead [ 1049.892414] binder_alloc: 27368: binder_alloc_buf size 4611688767206473736 failed, no address space [ 1049.892421] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1049.892439] binder: 27368:27381 transaction failed 29201/-28, size 2305843833847414784-2305844933359042560 line 3284 [ 1049.892572] binder: BINDER_SET_CONTEXT_MGR already set [ 1049.892579] binder: 27368:27381 ioctl 40046207 0 returned -16 [ 1049.892642] binder: 27368:27369 BC_INCREFS_DONE u0000000000000000 no match [ 1049.893004] binder: release 27368:27369 transaction 2741 out, still active [ 1049.893008] binder: undelivered TRANSACTION_COMPLETE [ 1049.893033] binder: undelivered TRANSACTION_ERROR: 29201 16:18:17 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x6, 0x0, 0xff7f, 0x5}, 0x0) r2 = syz_open_procfs(r1, &(0x7f00000000c0)='net/fib_triestat\x00') ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0400000079109d11053b000000000000000000000000000d6300000c630000000000000000000000000000001e00a946817ed620000000000000000000994c79"], 0xcb, 0x0, &(0x7f0000000200)="8924594d1182c9ed303cd82cebad9476cdb51a539e920257cb4485a3d1d90bec78f4b3066aba898581f3776026624d835e7cefad80b31cb6bcd600e414dd3e390b9af2721e4ec78f48304498c49756a45336f57f420792e1e28de69b22e85715ab37be9ef854ee9e3c0d84c4545e8c582b9e6e783b7268376a5007e7f0cac34de9c054f588861da880af7e9d0d16c03e9c11c2966d4718931da5ded95a23b357204537cb90ffadf3c787eea639be73d769b37554d7623032d15ae0b470ef7673af309b5ab89244a31bcf0c"}) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000140)={0x36, 0x6, 0x0, {0x3, 0x4, 0xd, 0x0, '\\$vmnet0eth1/'}}, 0x36) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:17 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, 0x0, 0x0) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1049.936505] binder: send failed reply for transaction 2741, target dead [ 1050.072864] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.105242] binder: 27393:27395 got transaction with invalid parent offset or type 16:18:17 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, &(0x7f0000000100)={'veth0_to_hsr\x00', 0x1}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000008002a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="00000000090000300000000000000000000000a69afa1d000000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 1050.106711] binder: 27392:27396 got transaction with invalid offset (918, min 24 max 88) or object. [ 1050.106748] binder: 27392:27396 transaction failed 29201/-22, size 88-24 line 3379 [ 1050.106900] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.108433] binder: 27392:27398 got transaction with invalid offset (918, min 24 max 88) or object. 16:18:17 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1050.108464] binder: 27392:27398 transaction failed 29201/-22, size 88-24 line 3379 [ 1050.108669] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.140415] binder: 27399:27401 got transaction with invalid offset (3458764552475246592, min 0 max 88) or object. [ 1050.140445] binder: 27399:27401 transaction failed 29201/-22, size 88-24 line 3379 [ 1050.140649] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.208028] binder: 27393:27395 transaction failed 29201/-22, size 96-24 line 3454 16:18:17 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x4) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000001480)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$void(r2, 0x5450) r3 = dup2(0xffffffffffffffff, r1) bind$unix(r3, &(0x7f0000001380)=@file={0xa4ef52e8ce318e3, './file0\x00'}, 0x6e) mincore(&(0x7f0000ffe000/0x2000)=nil, 0x2000, &(0x7f0000000200)=""/218) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r4, 0x8983, &(0x7f0000001400)={0x6, 'dummy0\x00', {0x2}, 0x4}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000020000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="001000000000000000000010000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000000000180000003e5900004000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r5 = accept4$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, &(0x7f0000000100)=0x10, 0x800) ioctl$sock_SIOCBRDELBR(r5, 0x89a1, &(0x7f0000000140)='syzkaller1\x00') [ 1050.217918] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.226306] binder: 27393:27407 got transaction with invalid parent offset or type [ 1050.234406] binder: 27393:27407 transaction failed 29201/-22, size 96-24 line 3454 [ 1050.257172] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.289191] binder: 27409:27412 got transaction with invalid offset (98122822844440, min 24 max 104) or object. [ 1050.300191] binder: 27409:27412 transaction failed 29201/-22, size 104-24 line 3379 [ 1050.310044] binder: undelivered TRANSACTION_ERROR: 29201 [ 1050.317261] binder: 27409:27412 got transaction with invalid offset (98122822844440, min 24 max 104) or object. [ 1050.328442] binder: 27409:27412 transaction failed 29201/-22, size 104-24 line 3379 [ 1050.336578] binder: undelivered TRANSACTION_ERROR: 29201 16:18:20 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a627300000000000000000000000000000000000000008561646600000000000000000000000000001700000000000000000000000000852a7470000000000000000000000000000000000000000000000000000000000000000000040000"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:20 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:20 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="116348400000002000000000000000000000000099840000000000000000000000000c0058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:20 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x421002) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000100)={{0x3, 0x663, 0x8, 0x7ff}, 'syz1\x00', 0x17}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000280)) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r5 = openat$cgroup_int(r4, &(0x7f0000000200)='cgroup.max.descendants\x00', 0x2, 0x0) sendfile(r5, r2, &(0x7f0000000240)=0x4, 0x1ff) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/psched\x00') r7 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r8 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000340)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer={0x40086303, r8}], 0x0, 0x0, 0x0}) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r9, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r9, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000016c0)={0xd4, 0x0, &(0x7f0000001500)=[@acquire={0x40046305, 0x1}, @acquire_done={0x40106309, 0x3}, @free_buffer={0x40086303, r8}, @release={0x40046306, 0x2}, @register_looper, @clear_death={0x400c630f, 0x2}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000001380)={@flat=@binder={0x73622a85, 0x180b}, @fd, @fda={0x66646185, 0x1, 0x1, 0xd}}, &(0x7f0000001400)={0x0, 0x18, 0x30}}}, @acquire, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000001440)={@fd={0x66642a85, 0x0, r5}, @fd={0x66642a85, 0x0, r9}, @flat=@binder={0x73622a85, 0x1, 0x1}}, &(0x7f00000014c0)={0x0, 0x18, 0x30}}}], 0xa2, 0x0, &(0x7f0000001600)="82181fe4de69731dff6eef0870f404fa2d465386062df1c9b6e2167bfe15eee8ade5328df3c9441681f55d7167e4d7ef818e70c0c3d1b73be173e2187c390c60ddb0f9709bbee2ec1d960ec589cff8056bb90fefc801f5981c1e7b802ffbd22620f1d14da981e267ed77cf8ed07276bfc0833b14240952a9114ed4197677221dc9dffe556d8169aaa99ece24c0a2ca02fbf0325e74d05e46413483699b91921b6fc8"}) ioctl$TIOCSCTTY(r1, 0x540e, 0xe1) [ 1052.835136] binder: 27416:27417 got transaction with invalid parent offset or type [ 1052.847171] binder: 27419:27420 got transaction to invalid handle [ 1052.847181] binder: 27419:27420 transaction failed 29201/-22, size 88-24 line 3138 [ 1052.847399] binder: undelivered TRANSACTION_ERROR: 29201 [ 1052.851003] binder: BINDER_SET_CONTEXT_MGR already set [ 1052.851010] binder: 27415:27421 ioctl 40046207 0 returned -16 16:18:20 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:20 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="927162730000000000000000000000000000000000000000852a74700000000055b9ae88c9df6341b69d92dc06e6ab0fd334b660a235f3db6c3c83e85144f883e2b162b895551bc2741577609f6f421173acf86e7949c56042610469e3faa0597d82f551f58910c0ae4fed852957f92df3b10ae4d25007f3dfbc9457a51b9adf6a87", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096eb0000000000003004080000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) [ 1052.851066] binder: 27415:27421 BC_FREE_BUFFER u0000000020ffc000 no match [ 1052.854106] binder: BINDER_SET_CONTEXT_MGR already set [ 1052.854114] binder: 27419:27425 ioctl 40046207 0 returned -16 [ 1052.885887] binder: BINDER_SET_CONTEXT_MGR already set [ 1052.885896] binder: 27415:27421 ioctl 40046207 0 returned -16 [ 1052.885930] binder: 27415:27430 BC_FREE_BUFFER u0000000020ffc000 no match [ 1052.925462] binder: 27416:27417 transaction failed 29201/-22, size 96-24 line 3454 16:18:20 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$ASHMEM_GET_NAME(r1, 0x81007702, &(0x7f00000000c0)=""/147) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1163484000000000000000000000000000000000f9ffffffffffffff000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001540)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="0000000000000000000000000000000000000000000000008e6c16d8d7391f410000000000000000000000000000000000000000000000000000000000008606f3d2828100b4bd3141c1fecdb5f5f8dad56aaf6e8f4668b9b28c035b167fd45fa149faf14272024fc979526c6bc5e79e5b4ecf1f5e7fcd2ccf322a18af9ad3ab5bd9b916d5c17acd273916353ecfe59107000000000000aab7ff7822c9249b43eaf940a4a7239d5ec148c402f8680a7178740006000000000000008586026cd80fae36f8d222dd3df978183247c6235927b1ef399deb46de2cc4bd342a1f2dad15c346ecab09791727060b65824447ccf9e002fd8f893cc38dfffc19b17c5c61052c30faf44badc0ba47761964ffc34b09b315da913de1d4d6e75ef4bd39d89000000000000000490c84fc1ade3e1bec907891f982d38927cfadc4414bc300fff91b2e888075022cf9e72710ae7f8a43ef8f0ae5202eec0594c276ed7d434cdc5dd3309c39cd7238ada2d1a870f808d8361699630eaed30e972f7455364c9906f29ff7d602a417857ba72c6014bd598ddcdedb85b456e20e176b04f121953fbd9e1300f942ecbb30a18870d1865c7e474b699e6cc6ebb9a929256b78619dea4d36f221427341465c1306631f1de9ca938e531d0327003db3a5ab79a77bbc052ad0593d5f8c7c0d14ee21435d93b7328a89896f365cffc059f8e002e413c679483f59100b51a81dbdf3f3af7de1239f69"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000001300)={{{@in=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@dev}}, &(0x7f00000002c0)=0xe8) lstat(&(0x7f0000001400)='./file0\x00', &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000014c0)=0x0) r8 = getuid() stat(&(0x7f0000001500)='./file0\x00', &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, 0x0}) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r10, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r10, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$inet6_IPV6_XFRM_POLICY(r10, 0x29, 0x23, &(0x7f0000001800)={{{@in=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@mcast1}}, &(0x7f0000001900)=0xe8) r12 = getegid() setgroups(0x1, &(0x7f0000000200)=[r12]) lsetxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_default\x00', &(0x7f0000001940)={{}, {0x1, 0x4}, [{0x2, 0x1, r5}, {0x2, 0x2, r6}, {0x2, 0x4, r7}, {0x2, 0x3, r8}, {0x2, 0x6, r9}, {0x2, 0x2, r11}], {0x4, 0x4}, [{0x8, 0x4, r12}], {0x10, 0x4}, {0x20, 0x1}}, 0x5c, 0x0) write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) mknodat(r3, &(0x7f0000000200)='./file0\x00', 0xce4e23313a6bb185, 0x2) 16:18:20 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket(0x10, 0x2, 0xc) write(r1, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f30501000a000100010423dcffdf00", 0x23c) write(r1, &(0x7f0000000040)="1f0000000104ff02fd4354c007110000f30501000a000200020423dcffdf00", 0x1f) ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a6273000000000000000000000000000000000000000085616466000000000000000000000000008e4b000000000000852a74700000000000000000000900"/89], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:20 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) mincore(&(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f00000000c0)=""/172) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$RNDADDTOENTCNT(r3, 0x40045201, &(0x7f0000000480)=0x6) write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000400)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/147, 0x93, 0x2, 0x1c}, @ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/194, 0xc2, 0x1, 0x30}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000380)={0x0, 0x28, 0x50}}, 0x1040}], 0x239, 0x0, 0x0}) [ 1052.941721] binder: undelivered TRANSACTION_ERROR: 29201 [ 1052.960755] binder: 27436:27439 got transaction with invalid offset (918, min 24 max 88) or object. [ 1052.978981] binder: 27435:27441 got transaction with invalid offset (0, min 0 max 88) or object. 16:18:20 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) [ 1052.979007] binder: 27435:27441 transaction failed 29201/-22, size 88-24 line 3379 [ 1052.979240] binder: undelivered TRANSACTION_ERROR: 29201 [ 1052.997544] binder: 27444:27447 got transaction with invalid parent offset or type [ 1052.997579] binder: 27444:27447 transaction failed 29201/-22, size 96-24 line 3454 16:18:20 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) setpriority(0x2, r1, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:20 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000226bd7000fedbdf250c000000300001002c00020008000300070a5e000800020004000000080004000400000008000400400000000800010017000000"], 0x44}, 0x1, 0x0, 0x0, 0x24004000}, 0x4000) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100010}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x1d0, r1, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x13}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK={0xe4, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}]}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK={0x24, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xa}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6aa5}]}, @TIPC_NLA_SOCK={0x38, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xd6}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x33a8}]}, @TIPC_NLA_BEARER={0x38, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfff}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffffb}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x4000802}, 0x4044) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0}) [ 1052.998199] binder: undelivered TRANSACTION_ERROR: 29201 [ 1053.020096] binder: 27449:27452 got reply transaction with no transaction stack [ 1053.020104] binder: 27449:27452 transaction failed 29201/-71, size 104-24 line 3046 [ 1053.020121] binder: 27449:27452 ioctl c0306201 20000180 returned -14 [ 1053.020293] binder: undelivered TRANSACTION_ERROR: 29201 [ 1053.089718] binder: 27459:27461 got transaction with invalid parent offset or type [ 1053.089758] binder: 27459:27461 transaction failed 29201/-22, size 96-24 line 3454 [ 1053.089909] binder: undelivered TRANSACTION_ERROR: 29201 [ 1053.126150] binder: 27436:27439 transaction failed 29201/-22, size 88-24 line 3379 [ 1053.143973] binder: undelivered TRANSACTION_ERROR: 29201 [ 1053.149872] binder: BINDER_SET_CONTEXT_MGR already set [ 1053.155206] binder: 27436:27451 ioctl 40046207 0 returned -16 16:18:23 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x2000, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 1055.858730] binder: 27476:27479 got transaction with invalid parent offset or type [ 1055.866677] binder: 27476:27479 transaction failed 29201/-22, size 96-24 line 3454 [ 1055.875615] binder: undelivered TRANSACTION_ERROR: 29201 16:18:23 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:23 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x111800, 0x3e) ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0) r4 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r5 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000340)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer={0x40086303, r5}], 0x0, 0x0, 0x0}) creat(&(0x7f0000000100)='./file0\x00', 0x74) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r6, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r6, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r7, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r7, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r8 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r9, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r9, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r10 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r10, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r11, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r11, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r12 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r12, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r12, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r13 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r13, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r13, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r14 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r14, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r14, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x20, 0x0, &(0x7f0000000380)=ANY=[@ANYPTR64=&(0x7f0000000600)=ANY=[@ANYRESOCT=0x0, @ANYRES32, @ANYPTR=&(0x7f0000000480)=ANY=[@ANYPTR64, @ANYPTR64, @ANYRES32=r1, @ANYBLOB="5ba4eea3606c9eb62eac19267063587bb70a02b536654f3c29ed97ceb15e4b1b2bd7bd80668c8dcb882b476410db3249e1bd3b6639f10a0d9bd385f98bd121c5c74e95424d4dab381c243f80e7f1ca9ffece0b3f062b669ee5ef70a835a3872d9100e2d927ccf7890ddb169b96004721a4e25c0b01bd5a83af9145d157168fb0df72271f18c1f2a775b3379b60e17f2e9b04d34d35e0da5fb21320a51460cd624d46d5c30d4d57c6ab27e526f38504a5be34bcc5e97c91ca6ea74b514e7b648e919f1d2a9099993d68fd63ecde321e7a", @ANYRESOCT=r6], @ANYPTR64=&(0x7f0000000040)=ANY=[@ANYRES32=r7, @ANYPTR64=&(0x7f0000001540)=ANY=[@ANYRESHEX=r12, @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRES32=r4, @ANYRES64=r13, @ANYPTR, @ANYRES16=r14, @ANYRESOCT], @ANYRESOCT, @ANYBLOB="0f66e22b4ee1c61ae8f518736feb2e8797903f81bd87e970e53f6e241d504ab1735754cb2df921bb9eca103b926a6b29154db33ec29aaa941202d06f69a27b064361e53ba6e78e3ca16fcb2ffdab2a98a856ac067b2b3db55b1992937465856f5b53dfa26e1642dee3e97ce8d0f366f29340cefb93d9b65da2956c7db0f00268fa98dc2c387970a880b0d7819681159cee8f5e609efa8841e054d712ec64947d957234c78397dca7f838d4f1e17770edc57f749aa85558c8090825e5fc6d046f6d60f1987cfd6cdac6f5b9adc54bd3b4687b6f6cab78ab8b0770f277e77c628c2d07e3aa34fdf8be4d0f21a2a22b6f7fe1c0db241298e9d5102958bf1e51a0d8da7a0750dccdc21f6fee9495b63b0dc63c01c0680bbbf8646f6ff7fc0a9d1838eba5c32a3274cf66d17c2cc7f956bab30d45dc067121ca2041f9832de3d722226c003c89c7055b5c94279649a3fbc0b8ac3a28ba8f781cc6afd5c14ffabb9290009de1b1d070f66bc392fb9252f114b755f6912f83e79ea022847810e694b30ba013d948b6a8cd899df1c1113d6e3cd8a75746dce1a54c9940048d32f663a0876a37c1ccc6158d6bea2490b3aceea74c840f92f156da9df2b75159ae906c90486e8baa60c87108a8c746e235d394ac44d0057bc85460d6e0213f3ab70d97f26040f7b150e0e37f465aff2daa4cbdc04e8825f2d2a68492929f0af335e9960eaffd2da13f4a20687fddc127f6078b79126346ba003b120de03734caf8fb4f1c0ec81d52ebfa2bfd846c0196c1d08e0d225431667a8756de1f0d50e479edc68b8fa741822e1b7e88a5d7bf0ae4cd7510c3d591a1908f3ee87fb98166b320d763d01f8f66779b569304bcc749303a29422a21401e9e38bae0dbab32b718e29da2880fa9c2bf28a4a23d6b32c00a7a52bdc85854529be2603ddf8b6d602ab3b9747f398c92edc470e1ed080c348bde20fb49de163d3cf803cbe9847cb80418315d029f63b1010799b880dc343a2aa1f65e23883d863e3a7eceab3e33c39326d5fca6dcac32b441c4095690f9c0d1392233e0ef9e574f4a6824609b3111190ee13a55c0bdec7669832b8aca74fbd5ad5a83d32f71c74a94a2e9728702a723640bfae67355df36fda7ecd4d5f0e29044cf03848a3789fe63a6b605f55e787e3d331a3b2937dc9b777f152c2f2ff286a45d456c50836694c6045499ce2f7f29356d4dea3ddde17d5d525d586e4e171dee2e9e9fd2dff8723293bb0274b4c454cd53612dd0e56b51130820b158d7f9b06e9c50b0cdecb034e1f3c4e337ee60a4e29d742ac895dd19a03dbdd10721b70425747121ba62462166e03791c3c95b2f4671b0fce6bfc70dadee6f8f7b7f0f0af62de9b2f9319334e8a63ada05544420be5502fe3762853ce707076c9cff45010163ada3fe2389145a8e5d4a5b1e2bb634d9aa9e17b16b1d64d8d30e842be5bd07b62dbe6553ae43500676e3dc23228c413da2f25edad190bb9d4bb0b96a387ab7104fcbecef1d3397d3880e130fa8ef28362f437b3b886ae1e3ec10042209c53bfe82a3601b0983200912b4372265dc1cb30c429af2c2b1b52f84315af52686b5af80b031f7dd1d8f6b32948d3946136c0a3d66bc25cbf29d301827030b7594e2db75b65f375ff3a7f2272d013c50e777fa2cf8f24f1acbb269999ba342d32e19f2604abc69256d5789bd76536dd4d8db894490b121d9e278f9e5f3580cfa9658889bd23d055e00c88dca1ac13398f1a798b5f85cbbf0bcd98be4a50dc65fbf737c1e5a538afd689c24e792dafd2af8ba76e2e73090104d843b7c655690a90ad7302288b455ed642130c1588b3c30fdef64b9cc221754b6dd08865218164dc4839f602b2fe5180c0e8a4889e47dfd5f50b3b72c771fa35ff7a02a1907d4e1e1125c171ee2d28bd3d205438842163b18a6755442614d9272064b94dc2833f71236a0873cb4623d57549ea20b3401198a91b096f305112ddbc47c3f07856fc98be2708ec79e46232f9854350d867c89b3c8fd169fed3cd3d673bc1e575df4c3f544bc667d7b58e3e1d0060267cb226b089b66dd9d279ee782bfb5e22cc46b8bc30679281770a9930b7633fb5aa71c61c7e9bab66cb7a8577109e83f23f1bbe4078ef84883e50cefd1b09d6f1c936e6a425ce8a7e6f030a49ea65af6eeb491014f6d2c979d4977b2762ebbcc3f2fb2bfef7b882d09487c639b5390bf3dd79a47262bd917b3feb64b3d5d17e38ca65c360c1a859e988db521ff1316f6e489297fffc2fe57b64f0033fdee54ea8637328b15bbbcfa2fcf4ef0efaba614c8b327d342ced334b9961090e2797c2f70004bbf394fd892e61686f2f8f49f4f5c766d7cd09be17b82e22344c4ae4d8a53172d5ff1c212b4090326b0041285643a2f8f41c5b14aa076bbf7bff3e085705579c2d0e0a951ff016f3e0a991054385c5df2a920b81c170e9505bb77eef14a6f650b7ff8cd44e0e53c3b9c313b8e5bfe661db143a25f7015a3169cfe633116406042a25b01bbf03ad2ffd8a23a4939125e679c8335bd326350159dfc2764d04a5c8869ddd9b1bd49be22592a6f14af254c29491877175a6a0fa67c2b281daa8170708ceebfe1d2736eee7225c842bcf152061caa8838e0f1228a1ebe24fba8d1e1b3223a75a5e688465f4eb8396aba4116e03d6246de44ae84bdb211206dffa005e425c3a787a057d0ebc66deb00cf47864e1043d9b003c2cb2e9201833c2933da73cccd84530df2a285833c64d9669128f80f714dd93097dc8efa830a560da7506ba7e73a068d01c34d6ac53f7461998871d40680308db363ac955e37b3606c5e767d3ad04e0f1d1fc2e080f42df8cfdf2e9761685c0c7e2b5f6a3485719ce17bf0d07941b8fe5e5277ec0fbb818873352338e61868386b93b6e0a8a93db10535c97038ea125b5a0138985cb1099095b6e74b705701c82df2522ed05e6b6e5741adf133d32e8411136618851467409c3c54771be70764b77f5ec022c3385e505fbc4879922f1fd022c728c5181ae95c62e3038f660d422ffff8d67c7406aaeaf4d6d0b9ea73e78d2ae75805a2e0aad73a4c0b509cbe3a9e0d1c282485ce8c76a4bd5a2ac977499077ec2da6177a21b35d59728fcbdc095cf3d68371914f5f9dc4b30ecb2e480800e6cc7ea52a1f1fc1ce24ad76bb6fbf2312542fe3426ee561e448ab23de1316a33956a589fd8710d6d9da47191b4bd1f14064878fcd7f8110fd3e2059731d6510a5dc637dbaeaaccc71bdb582c3e12fb956116acd942cd701360504e1381769a8a99d50f1fde1990ff7deea28540221f05fbdb0864efc78f5a135df19b537e704688e83695fb96ad474f3f1949244442828af657bb62aa8a1dfdfaf78d7d74236b65801fb6cfc4bbcb7fc407d36c4936fe6c0c35029e96545e5ccc0dc412456015259234690232bf7133def47d045ddf633a71281234c611b47c73bca316f32a98d8041f16641bfde7cc067e262a9696b1a96aa51a1bf4b02668094e835b26450bc418ebddc4b91767d021554a973f68dbd99de9f1229bf24a5f4e855fe5bc7900ed8c21ae312b66caff48b84d4e2d5e1d2cb5728c627baea4aa6a7cb6c293e7477c4a0ec693310a9080cb06e32a4b5429e9f606ed3c791fd3719a5ef8850e3f306c0d7aa42f5c660730a0c8411c5cbcc543ffb87a45d4ef8867519ba76631f41b3403da4b447cb572438964875c1b61364d3c309dbfb9ae5c4456c324d90a3969f15be20fd3f9eddc517c6c7e00f43d6ed9700aa381d02808627342b90921e95a87e1d7559ba7f1b2c313c17de0a514953802981b1ff7a6da50470c3765457f15d4c2d27e864e99e6fbee222d29626b1084ea30529c5921f9bc539f912817a8b33435bc36c8a1caee56a0ffbf578e1644893be02c38735854d4dbb00c791002174169f807fbd00f970b045851438f9d5ac36fd47e970885a2a0a1f54fb1d724dceff726ea3e7da1844bd3673a87685314afb36323cc9d0d55c16d7deb63ba49b0e1d458a8df2896021e58f605f4874f54736a41a182857aaa81e2eeb9728690523f9c9f90fb53328d2cd8e350648555fa53bcf0a233557c89645910a65dbd15befc7507ef387c70ca279c730147c4af9a70ae2524dd540d4e3c9f9fedf4ab7ed733d88fd8cd22cf95f704f892db1837e5258046b71d2b020500c4bf14ec60fbad8d7ea893a1bd4ef6097990307ba7c7fa0c2c7e4529105c87d1f37b9fa14cddc09094910017481491bdc4270bea5f1604cf69385acd1d0027aa547501f4b7934bd6cd94f26ef7e49c23c958c46a48734c98797c2cde0d847c0ab7a77f446e28755ee286489a84e051a92ec81fe65898de37951132eeeea4198d8a56b250cc64273d9b8127ecd3f4ed8726a8151adc86234ecbc58b44c172e550a3a8dbb26d883ce0950882cce94079f34a202cd6d0a3bd17a228f20c99f7ece7a99fb5e44bccd244627383e34df5fd546b4c4ae1a1d70fb4f3524458585fe2547695081f86f50b97eb424481335b4dfef4e0ac3aa160c2c6fc52d5bdacab36f792ac6ed4cf236be8ffdb9b23c2ad559e754c0b304d9738d9be0c684d5019934cdc9e693aa501c945fe2c523f06fcae044e718c93debba730ab4822d04f508705008d302dd3b99df696bed3f2becfd34b7bd265b7094cdb5e7ed8b4ea15d244e33ff0be19d95e480f7ae8027b67e4806a3ce4c0d1af8ead5f9f351291bc8eaca548cff0279f1bcd13f3cbd9e4b9cd0aba8d49ae307700fd531dc7b9ab4528c9c9373321251ce3d78d36d3b15b44687df9a8f4ec6b5fc84bacc5139f8b529be11be889e1f40bad83a43e8c577fbe2e43b04ee4171e47506c85a7863010f0a3c76ad246aff53b62c8e40dac217cee5a7e3b4a8c998f5eeb7865d98cc4ca0beded30ddae5332db03906f569d4e28f029d80fdae300e42ac98728e9a20ee0a05c01aeaf1b99c8560c93bdd19d34d4ce2a413fcfdde62dea3f72676b1309a64c55394d942c662812b5ff8fc0840555afd5578c0d93584855c8df2e4d4dcbfef4b3d097fa90bec6a2b6ca4a07028a72290bebbe73607c65e1c36a647db00122d7ffc673d5dc861daf702f41e09f5c6ab64e3c70cc44aa5f4da3db264c4e88f6e4d1776f2f9f3e55d3c2e7baf80026b18fd15c93220bad7998598c510963a1ceefc07335a118394a83c5273e230dae247ba4451fe408704a8cd9d528c5617b4613c7abce070144e3826e9e0806df631415de2afe12e7618c8b6ea194a998e0f2efd3ab11e4263f07079bdc0d7e6c59be1a85d12760fa7523d6881b42985899e810dd11819f80c75cb10d0de99c6d954ce69db07cfaea0d4baf55c1971025f58d24b07ec7c4c7fd6d22e5d76da9bfa43cf18a442e2e40671798d57cebe29631a200d6ccea387c68277bc1a1def9d8719eac4a5245d3f5d10c5ddb8088466f5fea8bcc58b84cdcab1167ab195890dfff181f860404f5526064d956b0ca8a137f9bcb3d534cfdfc628e08db9a61d5104147c6b81cf331954647a2af116693acfa4c83c4c49c83e01576c7e068f7390bdf19b3703aa01a71e9d8c93114b673459f5aa318499ddfe4200f5649fdd8e4af4625131e723907a541cbe47fb1abcfc07aa83cdfa75231340c7e7052ebe8686af4355b6dcd5406c0819ecf533891110de7ac5a0ba1c9b152ee80d16a3c49ceffc85816648d6075b69f0ebd1d82b57fdc8e85f0ae0882c3aaef48ae6839df333192e3e7a2fbc9446e575c589b5bb0fa7e89b01adecb21dc8173322b293", @ANYBLOB="0cf21dbd8e6a7cd496092f0f2ea8b80f8c911fabdf8f1617dce2718e18962258b442e04dcfc2896330a8550da12747b9a763b7d48c3a8316b8a731ac8d6714e8f692f7112b960d05644c846d809d7bfa11f460b97500783f05be8fe6cf918692e1f23586f83480cf045f74a3254d6b74a2eb71979f4107ca08f9958e8830555cfa04598ef8905d27a336da321603a277d963", @ANYRESHEX=0x0, @ANYRES32=r5, @ANYBLOB="ab9bbf6720a899962c96ddeada4d7fca3f54c0a29e3f5ce936e6c401b1553f6815baebf325340af1b95c2219d6b6ab682f1ab3a35ec1fc2228471ca9a217d4b258984d2e094641bac1b6a25276aa74ffce368143482c792b4dfef83655ee824a8ca1d443c9435fc062c1c51b559ca367bcd3c1318effefd6a8628949611900eec76f91645afbfab2ae3eb6eb96d8cda7899882b1878de7394c0e083a03d7b2837bc342fd777c5c176f1e8a883135897b4b91780316a064e0cf1dd487db089f8b6f3a02"]], @ANYRES32=r5, @ANYRES16=r8, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR, @ANYPTR, @ANYPTR, @ANYPTR64, @ANYRES32=r9, @ANYRESDEC=r10, @ANYRESHEX=r4, @ANYRES16=r11, @ANYRESHEX=r1], @ANYPTR64], @ANYPTR=&(0x7f00000014c0)=ANY=[], @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'/24], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:23 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) syz_open_dev$binderN(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f00000092c0), 0x4ff, 0x0) 16:18:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1163484eb25921fff800000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:23 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)=ANY=[], 0xffffffffffffffe8, 0x0, 0x0}) 16:18:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f00000000c0)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 1055.984168] binder: BINDER_SET_CONTEXT_MGR already set 16:18:23 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 16:18:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, 0x0, 0x0, 0x0) 16:18:23 executing program 3: r0 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x6d3c8edf45a737af, 0xc) sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x78, 0x0, 0x1, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x20}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x4}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x22}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040}, 0x20000800) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) r2 = open(&(0x7f0000001300)='./file0\x00', 0x200000, 0x65) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001380)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000015c0)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000013c0)={&(0x7f0000001500)={0x98, r3, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x74, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x7f}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bpq0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x98}, 0x1, 0x0, 0x0, 0x4004800}, 0x8001) r4 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_SET_MAX_THREADS(r4, 0x40046205, &(0x7f0000001600)=0x41) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r5 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f00000002c0)=0x4) r6 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001400)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="0000000000000000000000000000001dd616fe5f4f1e03713462dbdf1573e7000000000000000000852a747000000300000000000000000000000000569db901a90fc05b0000000000000000000000000000000000000000391bd995b22661f22696b8acca16ce82a6e156558e206b383ee8ff6bd1e5bdd5efbcc084a0c4e3149afc2a4663cf245ab8a968698cead60d98eab5a468cd1daedf25b1c2d563daa4fdae230d7d2657942fae154ebf39ed92a00f33fdcdb268bc746ae06112e5adb8"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 1055.985396] binder: 27488:27497 got transaction with invalid parent offset or type [ 1055.985435] binder: 27488:27497 transaction failed 29201/-22, size 96-24 line 3454 [ 1055.985644] binder: undelivered TRANSACTION_ERROR: 29201 [ 1055.985874] binder: 27487:27498 unknown command 1313366801 [ 1055.985881] binder: 27487:27498 ioctl c0306201 20000180 returned -22 [ 1055.993635] binder: 27487:27502 unknown command 1313366801 [ 1055.993647] binder: 27487:27502 ioctl c0306201 20000180 returned -22 [ 1056.019309] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.019318] binder: 27505:27510 ioctl 40046207 0 returned -16 [ 1056.020173] binder: 27505:27510 BC_INCREFS_DONE u0000000000000000 no match [ 1056.020323] binder: 27505:27510 ioctl c0306201 20000180 returned -14 [ 1056.022018] binder: release 27505:27510 transaction 2814 out, still active [ 1056.022023] binder: undelivered TRANSACTION_COMPLETE [ 1056.022665] binder: send failed reply for transaction 2814, target dead [ 1056.026475] binder: 27509:27511 got transaction to invalid handle [ 1056.026484] binder: 27509:27511 transaction failed 29201/-22, size 104-24 line 3138 [ 1056.026768] binder: undelivered TRANSACTION_ERROR: 29201 [ 1056.028232] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.028240] binder: 27505:27510 ioctl 40046207 0 returned -16 [ 1056.029056] binder: 27505:27513 BC_INCREFS_DONE u0000000000000000 no match [ 1056.029363] binder: release 27505:27513 transaction 2818 out, still active [ 1056.029366] binder: undelivered TRANSACTION_COMPLETE [ 1056.032898] binder: 27509:27515 got transaction to invalid handle [ 1056.032909] binder: 27509:27515 transaction failed 29201/-22, size 104-24 line 3138 [ 1056.033136] binder: undelivered TRANSACTION_ERROR: 29201 [ 1056.036117] binder: 27489:27516 BC_FREE_BUFFER u0000000020ffc000 no match [ 1056.044891] binder: send failed reply for transaction 2818, target dead [ 1056.092193] binder: 27489:27527 BC_INCREFS_DONE u0000000000000000 no match [ 1056.100238] binder: 27522:27525 BC_INCREFS_DONE node 2822 has no pending increfs request [ 1056.100250] binder: 27522:27525 got transaction to context manager from process owning it [ 1056.100261] binder: 27522:27525 transaction failed 29201/-22, size 0-0 line 3129 [ 1056.100396] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.100402] binder: 27522:27525 ioctl 40046207 0 returned -16 [ 1056.100700] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.100706] binder: 27522:27525 ioctl 40046207 0 returned -16 [ 1056.100776] binder: 27522:27525 BC_INCREFS_DONE u0000000000000000 no match [ 1056.100799] binder_alloc: 27522: binder_alloc_buf, no vma [ 1056.100814] binder: 27522:27525 transaction failed 29189/-3, size 0-0 line 3284 [ 1056.100886] binder: 27522:27525 ioctl 40086607 200002c0 returned -22 [ 1056.101114] binder_alloc: 27522: binder_alloc_buf, no vma [ 1056.101128] binder: 27522:27525 transaction failed 29189/-3, size 88-24 line 3284 [ 1056.101280] binder: undelivered TRANSACTION_ERROR: 29189 [ 1056.101300] binder: undelivered TRANSACTION_ERROR: 29189 [ 1056.101316] binder: undelivered TRANSACTION_ERROR: 29201 [ 1056.103103] binder: 27522:27529 BC_INCREFS_DONE u0000000000000000 no match [ 1056.103114] binder: 27522:27529 transaction failed 29189/-22, size 0-0 line 3138 [ 1056.103315] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.103321] binder: 27522:27529 ioctl 40046207 0 returned -16 [ 1056.103348] binder: 27522:27531 BC_INCREFS_DONE u0000000000000000 no match [ 1056.103445] binder: 27522:27529 ioctl 40086607 200002c0 returned -22 [ 1056.103823] binder: release 27522:27531 transaction 2828 out, still active [ 1056.103826] binder: undelivered TRANSACTION_COMPLETE [ 1056.103845] binder: undelivered TRANSACTION_ERROR: 29189 [ 1056.107556] binder: send failed reply for transaction 2828, target dead [ 1056.184747] binder: 27489:27535 BC_INCREFS_DONE u0000000000000000 no match [ 1056.430375] binder: 27489:27493 ioctl 40046207 0 returned -16 [ 1056.430417] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.430440] binder: 27489:27516 ioctl 40046207 0 returned -16 [ 1056.430559] binder_alloc: 27489: binder_alloc_buf, no vma [ 1056.430581] binder: 27489:27527 transaction failed 29189/-3, size 0-0 line 3284 [ 1056.430608] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.430623] binder: 27489:27533 ioctl 40046207 0 returned -16 [ 1056.430658] binder_alloc: 27489: binder_alloc_buf, no vma [ 1056.430672] binder: 27489:27535 transaction failed 29189/-3, size 0-0 line 3284 16:18:24 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) set_tid_address(&(0x7f00000000c0)) openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/member\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4, 0x0, &(0x7f0000000000)=[@register_looper], 0x0, 0x0, 0x0}) [ 1056.487809] binder: undelivered TRANSACTION_ERROR: 29189 [ 1056.490030] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.490038] binder: 27489:27516 ioctl 40046207 0 returned -16 [ 1056.490080] binder: 27489:27516 BC_FREE_BUFFER u0000000020ffc000 no match [ 1056.490916] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.490922] binder: 27489:27516 ioctl 40046207 0 returned -16 [ 1056.490963] binder: 27489:27516 BC_INCREFS_DONE u0000000000000000 no match [ 1056.491371] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.491377] binder: 27489:27516 ioctl 40046207 0 returned -16 [ 1056.491434] binder: 27489:27516 BC_INCREFS_DONE u0000000000000000 no match [ 1056.508943] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.508951] binder: 27538:27539 ioctl 40046207 0 returned -16 [ 1056.509178] binder: 27538:27539 ERROR: BC_REGISTER_LOOPER called without request [ 1056.509997] binder: BINDER_SET_CONTEXT_MGR already set [ 1056.510005] binder: 27538:27540 ioctl 40046207 0 returned -16 [ 1056.510178] binder: 27538:27540 ERROR: BC_REGISTER_LOOPER called without request [ 1056.592183] binder: release 27489:27516 transaction 2832 out, still active [ 1056.599176] binder: undelivered TRANSACTION_COMPLETE [ 1056.604556] binder: release 27489:27516 transaction 2831 out, still active [ 1056.611601] binder: undelivered TRANSACTION_COMPLETE [ 1056.616749] binder: send failed reply for transaction 2831, target dead [ 1056.623622] binder: send failed reply for transaction 2832, target dead [ 1056.630648] binder: undelivered TRANSACTION_ERROR: 29189 16:18:26 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:26 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 16:18:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000200)=0x3f) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000856164660000000000000000b5920000000000000000852a747000000000000000000000000000000100"/86], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000280)={0x3, &(0x7f0000000240)=[{0x100, 0x4, 0x8, 0xa95}, {0x8, 0x1, 0x9, 0x8}, {0x3, 0x55, 0x9, 0xfffffffc}]}) r3 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x20) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000007040)='/proc/self/net/pfkey\x00', 0x32082, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r6, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r6, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ftruncate(r5, 0x9) sendmmsg(r3, &(0x7f0000006e00)=[{{0x0, 0x0, &(0x7f0000002780)=[{&(0x7f0000000380)="7ce33f7acdfc757bc0a31b2d5271c991b977692834a79ae93a0f1758adf6d15ea28cc37c4e8ee9cf354fcf0c17ecebf8cebc1a8b274f1950f993bfa84a32aa16bcd40ef3476eeb4d18f4e26be2481d50ca443a53c68a260bb26272ce2ea408c36886773bad2021431d148e06367e0fdc11a9ea75e229ec2f880e0d37325aea72ef8aa873b1075be6bb956089062c59bf20e112e04ecf0cb9ab3023720b67570f4ac61e20464d534da5143121c819e84b8d2c264cd4e66e8e3ed13328ac236a12babe8390eb005a2703d849ceeacaa82a85ad02439e6ddbc57067d1fc0e7626735272d0e8", 0xe4}, {&(0x7f0000000480)="4ddcfcc10684293f3238178a74e68eaadbf2597a0ff1229ff58a87f1ad3fe82c26e75c938fbed882ba313df901967ed33edcaa6800873c254792d65e7116cf68783d27f77f910fe400f04adbd4cc64d10cc3260f8f3317a11d47ae23dc74cbf583518d79f342c758f013b98a3ff51d941070a74867f8340c274432f2959a1b4650c17b019b7923fb460f245f52fa", 0x8e}, {&(0x7f0000000540)="817e36dd4d4e05d73aec818f63246c622bb03c68359f5129384cc9e33640d1cd", 0x20}, {&(0x7f0000000580)="66c50d1732c0478edb93abfa24906949f1a9c7c421936d46d6545ec4a537fe83ed4298cd53879c7922f4be397f0e909c2b5cb489dfc75c838b92f23078a7dcf4e983e3ebeade0fcd3abede1ff3200db9fc8ff599c30bf4babacae5259799753524eae308dccc56557bbb64486159137eba91cbc807cc6a50bfe87fa6b57ed3fe3892ee563c22ac7637c6a09595d0be08eea7546ed99b2d4e09f7e1c91b526d308da1e8f83f9cbf676922baeb5ec92e0f0e2d615116716a913d928009e881febb4daaa3acd4d35234573b6b9954b48cd49bd8c1c6c59ead5b273d35048160d8d3af924a819ed3d2a1aee1e39fb26f508b4ec93947d3935577a8de7c7565f5ea58869bdfb50efd46401151218eeac136e060aee25de177fa9b5465bab7ac8702377895b28a2da70aa8f3f675a1e2bac605ba6c5175defc72115c4ce1edc28e1cc7ce854627786970cf3593edd8ec0d0865fa15dda30cccf0f01b0aca97cb244480c564e605e48a2a1401071e33cbabca96fe3ed32f9609f3a2296229f287338c3c2bdefcde83c650fa3cbf42a6a98ec8a1e8023a19dbea24f015a5a26505fda2ba1764cec8c14b6c1576c8862ea6171474b5b7e11b305726334ef7cc95deb7443e0030cd57db9d6318d126bfa7f045158e7a252c5ddd12cd54cad60fa976ff1c8d5cd7fe08599cfc1f71f6a6ae41a8575865bf774a71e8aea76d12b2f063d97fe0bf656a568e82b732ec74d4ffc6f36fde9b4ef4cfc9c78886362fe632ff91099ed895bb09a11369903570ac0a7927889eb09b91f89a51075da3c474952260f1a353097128b0cb7d017480b8441872ca84fc6dd76f5fc53353067564ba2d618b6e2b072d0f63545acb83c704ef28346d35298c29089851d001685fccc46ac92fb7d8960b26b632831696e89ca80117d0b899e067dba6df4adc8c2ef0ba4e8683b125ccee24f8ebb75eaef3c4968613b69f490cfe91d3b50626e05ced1ec71c4d385e98bfbde787ada2efb23f2eeff136fed0cbf9d42445ee220050cc7526c4434e21687b69808989041b6b6ba47a34080a35b046d7a386eb051752c0c100afd9e5fa4eb8b6e6315018c928fe10ba91e98d0d20b681c8f914f5c56d7dbc81c5aebd883efac9a31cfce0c1a1c83ae68b65a477995b81a84e6f91ce6a742d6b52fb3831fb1d2fcb6cf2b53e8663270573eb3f6c8c5045bc054226e0f1f51d3903cb5120db23e56da60645a527044e7c6442eb1d0d650e865eefaf303e7fb1762a6ce5cbdc1756b0a2fac3f8dd01ae7f31cfe9232a0bea222844df6278d65e361ddf9e3ee007e04516af7f6f7a07dcc856ec7ec7026ffaf1e8dbd368798a90bacb937c043011e21bfeca072dfe8fb8c992b24b7731c756c6db29d70418a5c7627b2e61ddccaa7d9b74402ae242f77504ee662c515b825753a47a9eaabdd170a21dee1f6f037808230f9b62cd9d8166d914238e9cdb69e80e0d659f0f95bddcc7fed0e9beda78921f2b11e51b85156e01975328e3b59cd8db7071c7b6d04b3e3a0318c17c75a1b51da46ee0877418b6d5c2aa61f7a8458e187a1360c7f077c6018453aaa4d7e3dec873382f9ab4f0bc11a9e266a014abecadf52c3c748b5a03e085021a80d8170622f0ef2520dc49f8d8ffc91d815dd4b1a7b7ff9d876c73230e70d423f39553bbb5a02ab8601abceed001a2db0c165067a67869b5f5d334353e53c51785f412d34f4cb45f9a6d68b2c52700bd092d39a933ecff3267f9c2fa82f94a8be282577e8849f1c0bfa0c1a6de3234c74145a8505de650cd59d2fd45fc87a08bf83f807a420b0328916e53578458bd382b6d954cbd29357bbebbbb4982264d81275c98516fbcaf54514fc4accefefda0b5b8af9cd70d4e1236e7fa3b3244e574915f1f1c6264758c322275c672430e4e72c34d453b09aa853348361965afa7a5b0af5f2cc06993dd88c6013258ea1261cb5b58acd7dc68fd9d18717281bf676ba49bdd4e09aad5eedd3cc6418f462a79b4dc59bf559181bd909409b44ad438fa189e8ca01e9a6c3e24eb947896faaf41af43db10c1f8c70aa95538f6f29b53c3b72ffcbd0dacbd0eddfa22b099803fe224eb0398313efbe59d1a1edfdd310dcc992083e94c2db0f71068a7412b52e26eb6ee6c7aa7cc29543895fef7c4bdd072a84925ed660c66bf4760afc69ce806688e673a71621dde6ca11bff0d2217d5c1683d4fb14a8831637a4d7485db3572c4b3efb25f2c9993b36df7172628fc5fda6d5f354b10173830542e5dff2a997036d013b672c1dc031f49039317e361627d51ebcb7054d66b7823b4ae0f2e883e438019986d3a2608a37346a2c83029d3d03b44ed78d8e9c28482b2867209d4e84a204173b9bf7a728bbe287b0144a808a7ee56917764c3720932a94adf76f53630a35e2da51b32fa342e9bb295fdeaa554199321a383f92761bf9a12499fd401f4d7631caab239e8329a38fd02369c9bc0bb3bf1268920641bc2e612f7dfa74f8f296ed22ba04cca3863848cb6b20075d6030aaa211bd185896ff484cff96699dd89f8b0cb66d0c25c927c95ed1a62ff8c5ca03a89bd177d79da0acec53523d4deeea1e7839d49ba995d3c47f67e26c054470a6d3ba91e5953542e9df5585dc4a11f15b0923161e4910352745987cb246975508df87ec504948e9d5b1770a0998eeae738899a8a522934dffd31367c0a659f196b082ae97a5af337f370c62eca8988ebe0c48626fbf96b7deeb9b7ee487aa9405dd51e3406a4ae34eeed4452f67a6b3c9bcd800f48a65168c2b08f1e9ae6e0028aed0fae0f83fa2fce0b7f104b71b0723ff980ecf7c579300c9309063fa68fb5b125548827c66f607a8c4961154f9d14fb46b80adef4b0cc9b5dcc17a1672db60ef0c60d8aee23f7fd22b162422419df1a6b1ae2dc2fdfa7eb776b4d29510c85b5bd7824dfa056b52d2f6d594524775f396bc8b9fc1a94f8eaacf743ef6dff728b33b04d41cb01057e724861947743b4851408d37291e9522561b329d06ceb4502169f98202bf2b21810428d33b3d0b0c2f0165c32a6b08dab7e2e456101cb3a988211ccedcc76a864d966a841bd55527998a1bd9de7510a5d1c6d260837e9be37f1dcbe575027c87d18532824188d5fb21fb2215350a8414cd24fa6d0476637adf0a3eb886b5b0077f139cd621b007870c414175182c99cf8fe3453e087b59dea18e343707a7700a31667f25160e7026f709fc714e6eeea61be34510904a62e8c60092a14109dfbac1153024744c55b5c2923c041b98ad68dfa0d56b65bb83b829d6541449bcaf1f18a4b6d4101b4292f67f7605679d953b864cb091a00606886c28c2cd5be01a7f0c95346d219dbd19e2c807b86a44f8dbb3172bd379881edd6a0e68d5ce1866d221fc84d0659649b1169e762f4b3a8879f327341198f530a3a800793d60cb17f52e0a1032450a3b3bd36cccc654b09be9fe3ff27fd89c8c28d22b6fa10f115efffb67932c8284d99506853c0505aa39b2204e378919a691b5830e4b6b6e1ed0458bc73e835bb2e9fc0477bf614bc4a5931ad6d433301346b819aae8e7244babd0dbf2dfedc69739662703edf3cdbf865ba5a04b06cfaa045d88da5a66bc21bddd8a5112bcc744041fb0c6f52d165785fab3b30ede8274750496bd832443be958e10c0b58c866cdf835038a5c07becbd784fb918b14d1b7664f84ef1f26c5d953e001c5e058b7155bae3ecc6b20868a9c04bce1f5ad00cfeac264390a6aa99c4db06d93b5e251779b59f083c2bd3c8971e58d6df29e13df1a59898dc6024b69d5b60d8cb86690ef8c76023903ae6a059c2b4923917123c32fe66e840d9867508830e745949e403d4dd795f6298cfa443b51b3df499fb36d50b0ef0173ec420cbcac6492172b614b2c0b6f8d175d666f98828602d5e901f5c722d21468c38b64af339856af008954ad0322574c76c44e17d97be63636c527aa873e2f963063a4757e0d8329c9fa5a53648aaff8f6140367b0274ce27233abee329ff8f7bd2d65f051e5099209e8a0b7155d8329b50dd8e257155febe07d04b8101846fad77ebe6fedecede2ecfbd326d7ef4b040515b03b121552cee5fee5a1bcb869e17bbd8136ae58be293a735b2b14e5257ac4f5802a48bec449109b8cfa38be32c75e872d7bfc31fbaef4533c0f8251e9e33fdc9e21398216a6b8c6f8754e032f0fc2af11f6657f90f5aa4df4615b66e90ab2e8f40cb9a3a57c2c1f2e13eebd23520b1267675b1a00e5a2044e7eb99751f52795caacee1fa6aba67e6c85ac130263230fe5c279238a26258db4b3fdee9e79b3cc49049233bf5438c94be1d0ba1d683e8cb34ecd52adae5e835e7813daff7ff0d3fec77a628514c43315b384494165dae4185b24230f819da1d26c36ad960db40886979ebe283d943d542151c3ecf56e6fcbe5a285143b55531366284ff782d6cfe479c9f29d5add8d41acb37c95b7c620f388e124401f432640e1ae2b0a3a46f31d2d72df46a75181c3a597ec1869b6ad4e613653168cb0de93c1fdc31b39852a5fb2768dbc0f7fabb98c93727010a919307f22ff626f5dcd22a7b41b6e4f954c4c16b247743df67a37b7c5947154b44f35a5794c5988cda3ba87047180e08f94844df4c80c9ff9811ea808465d5441906a80b97bd70c3c960ae387e516b0ce29ab110c9cb4fb49e8bc9b2182fc36e004547aebd7c75e9575172376c6e3a96282c80501ad9c4d61ccd40f67144eecc1fd8faa2b0c79b0760f5f212211609fcb497d9ae226f8f9829369f43e4a16599919b7b92ff46e29c6e8eb5844a91062babd87a46188bb4a017dfd9ba557e527e67b4463864c1c665437e0a53663748cccc988a3b02d06b352ee147381a623c867ace46e127b714f90f238d8021a16ce778e8fa677953ff70ab596a3da44bdf2b844994c9f6470a80b53d1907bdf7676265955429575ce476e436fde601dfce90d1683fa6e7171aeb152a64c9cea0f354a34797d633d9669235a9ef3453639de68bd10807ef07701f23690a0f9f12a9d31dfb2a403d0228fd2350c59e6b7f5d960df1f11909c925f483e4a18020b8caf1ed5100d1e9154f37dc38905e19a19efbccae9231f02923e51b04b8da6b90a76818ba97ec9d2b8202fe2940b34257584aeb10cf6be6c4d1e87374666e2dcc4ca25e31d49edef49a6f212cabb1261124eef6e0b55f70e3719ce60f51075a5d7d5fbe442bec50c61e09a6aeb64ee78c84f70e424acc7c0afa455245a4a2017b4d8d0ee44822d3ab9068ce413899cee10843e4274322b8bd1944a1d1bbff2d1c793c19cbd623f3cbf4d364cff850c10973c9619e23667d595116daf251d0a6b5743dd2b44f5d9b418c22f74f73d38b554c6e39895b0d17ac94647b71b9bb6616fbe09c76f860e3afff7acabc224126902d3b6615fd5a465407f5df4ddc07555078a25acf5d25804da89d980f50fad735f40ff547b895a771a2297384a8d77617ba8844017deec2ca18cc06f5853d4030e4b06ec0c63faa1def4b73ac61cf14bd643ad59c218937367960744d267e8df13a5ce7a5d0921b44dde1c09354082f60b75d0b7730d02945b99e6a36f5c25c49298d38a8f6ecb3fbdd7f0f98b0d764f179499ee7f07d2c0b93237be18989437704df187a874779b637fef783c5832ac51ca41c5e7d5bbe6d6d21148b8c117d7f9ad0e060044af5ba3148516f136e9819c63051ebd93646e89e7008222a6c42e33bff0c19a56714b03a9b4674df9584e84cb54733e0c451071d3fbde", 0x1000}, {&(0x7f0000001580)="74532802a2140feb7ee30a4b7e3b3d0488df282d0ba4f44a72adafc3cdd33ddd713e14a1a9a76443cab38bdb80cc92fabca9a97578d1dfc6f0e13e7c352c90c4b040e36594c195ce632d93c251105145fea13f2bb8910f331c30b12ac393acd4e6243623cd6a52b426d2b0d4515cd472758e327bde877c9b75a7cba1a50f16db9be5c83fbadb931095d2ad49313115162f3a14247c095840835fecba8505c032ebd3c545a5e53d731fde416a7d25fb75580195300fd19563c0425692b9334fba45fa41394d1bdfe4f200a43207582e66eeadf49251c4c550103b3d7e717be0aeb1d10d482acb84531412de0c5acc43bd790604ae3444c7912a51908dc8f1eae868d3c20dc8a5699817a4bcf1179d4dc7a70815c5c005534caacc19564a04484d9bc576420f420bcae0831b5ee8eadda835b51c3fe59e81185c8ce200d2bd05474e838c420a28a259903729f598d1e3f1336f49abd51bcfd0ce5ada3f847522bb47d257a08a8d3575749b8ea607840802db704ae3199fc3578eafac31ca610947d2b68e86f668e1f4b5983f04ec338678564369085799c7bfb121931ca1850519247a410131df03f91f78162680a2f60b082f801e08bd78b0dbb6e5853ce50edb89fed0108e18f249b19e5e5fc7fab545c5bacbf8ac5a1d733f8be648a1637df3f987807f21bf90040ee82c370a7ef130c5466afbc7319e440d474a9c24f3607a2ec6f88b56a9bb63f5aa4008ca2024973a331488f59e61506eeab604aad9b425c154171bc504b4aef0be52304881edcaeaffca95ffa2a67953c7849d818eaf0bdcf5a5ded93c10cc1c06414a4dcc1553cc1ad70080176eb3cb6432074f8eb158455c71ecc0e4064db4d9a5597ac179ab9a70ff63447fd8a822235f5b7944627a41ef11f38a7de38d0a1a8a2cfd5c5cc6f17c2b0658d62ed2d5f31474317cf737b839a9fdcaed682aec45e3e42cf3ca04ba63a6f99241131f2ad0a2daba2d76dd2f3f524d885b729f838c8b37e11058836abb79af970bb368f17d40046eded5512b8efa86d33f6ab346edd51879b77aad2d0dacfd887a001364faa2b13ccab1dd038b8c0fe004a5bd234eb1c8c22069b97cc4f7075dec0c7ba64b3cfa3c19da69917b6c61a3d4825350131cbd5dd93fa2d2b6e768e08a55c5ea2e3dc3ab29309f9bf747f56084f6bb8c31d4df69c44c2812e0a3da22a1ce3a1eac940a3b38b57e268f27a0a5eab0865887554aa49c5659605a2132f11331b01ace30f05dc30f157011b20fa64f49b82c3e81474657ed982f5d2ff7920b95401aed1a5dea02a4ab497ebf362ffb2fbf09fee8ad45156d2ba602e57e1999be3685c78467594fae11d712043087c8b687bbb977a95fc22f514d7a226ced4bb3014e2fbd5599eb582b3af8416f1779ff680030812c37f5562b959497511f9bff1cd4d909779d7fd09e286e0edddc8b741f8c7a21235333d6b90d84a994cd59b5807409d4edadd0fbf2b74cd4861f4f36be1904ab04f4f25fa0235d7419bcc147c2df375bbe21dbcc392a53350828708f63ad166547429d59f6e505f30e26fec90302d6cef8d3ca3f7aef0a6cfa83dd05c3e55fb55e2b60cfefb13b171c3e063b1e700e8c002358c117ad7776e636a6c2216e6dfe79724b8df9143ba6b2b24dc99c80b0db02d6f662c98dd53b0933a2d8b1465b376829005670c5207e404e9eaefb243c06383cf76db38718eea5631fe772102b20ff29d3fa4982d77648b06070d9ab1a15f0edc13d70405f6dace9d0d9bd1bd95cbbb1f5b149a865ff9a45464bd55c15a5b3a82e2c0e653e92613f87c6ec61b8bd366a67838a02ce68a01ff0ab9ff02e55db51c91006f960d132f03ff8380c0041b6fd055466ae31fb6c91d3b7273b59081ae2c9438a2e1de3485926748dafb44fd5769c88fa46d650be822884f35e50c8a212f37a5d817114d313cbbced52b39e90193c84bb3fe711c9e79058ab0f2159f17806c9616b1d9cbbf1c05a8b328dcce9d963fb94ce95e056718c6bad4fac30a9a2a2ea28f15c300736a80855ce548f45c7221e75aa31b05eab02ddf65eda6673a0de7f7dffedc1242afe2406837986aad59250ce0da84adfb995cf0140401c7ec338e96b5b34e71c98f9199c182c615b47db596dce7057ffb87f10f3ab363647be56a0fac8679b2f95750554d445c3ebc81659d3114bbdabfafebe4bb3e61f178519795b9c07fff069d577665867d8b49e811a5e801bccbf7ea3404768ca55daa156318e5eefa012e5913bb858bd853f0f38f4d81ec56f02e358434967b82bed54463bb06954b42d4af748106e7f741bd5e9ad88e12a06e12dc94c31f626a04c60152f3c08136d31191d4e72b0bb264de3d7a6edbedf36587d38823ac38e4ceec4a69c25e8039d08c600f019c4b5f37246fc98d02ee56b570600ac0a2c9c4d6210069d0e80172c333bb0c6c255133891d370ce30b81709002b661d95150f7aaa0397aafe46838e81867cb63e6e3eb98ec95032fda702e6996962969a4df32f3851aaa5e7420a7a8ba19031564ee29f5f4814c6661b46a7eacd44712990da7dffe236c9e1ebfff120cbe170ce77d3e649ea8063fb321250af50d9af22816e58c676dbf25bbdeec8b58f57615c20c48607cf53a0d9f35d8ae659316698cdfd712e6e3b475a16b126af8aa944a40124ef9654d8d13d7ed2f5d31df596393ec45bc6e5e5efa6e8b35df6212501593137dc9e52b47bdd6d047ffe04d1458acbb9d508162661d50ba2288f7ff2c631ef1363c28a4da0e2fc39c220304bf44e6a8c570666c159194142b87f23c3edfebdcb2c679f94c2dcf591e113c3945cd5e4ae04b1979dd13a4d54d2fbc086f15022e1f9530dff2c789326daff0ef22906ea9fe85c31b379245ad70a1d4271b864efdc39f75b70205019f268258d7e868f30b556403ec792c653dd6bd2e8f24af4a3178552923304d78936dfaab59be2b10e9352a981d3ecbe2f192fe9a96a76c74fe3c9a0a1d049c1cc15ed80359f4a0c93560c445d704d68408f8c1f5c5e863bdd90e83944c80f59a5d45d21ad48f5f88b213b75b0ce336e457ec25ea8955cefa11679f947004370c1b572db99626c692386117df48342d9cd0e17659040899d4751f9e5410bff809b7ba50be8c23b2dea1a00b709c5fe0a37b0670d17795b63cedfa82cef134a3a444724e6486ff4e3245e178d7cced0caf063c3fb3012060d910afbe7883d8b901984ad503443c0b5de6ecfbefaaa25147c312ea100fe0bedbbde122f58c984a709c52f101dee7ce4003c3f49fef87fa0674526a4d65341dca369462ab00cf74add5ddd963806875f041ec189e93c314a5b18b765276cd951f0c8221bf9b4d193c116b3984b3f04c3bb7f1b1b4a46b88bcb46a08f1166f599ef32b6545924d669afe7795a63cd8817165a90cb700da9fa5896f428021e166ccc716a26f513c96681952d133858b8dd5df9dcefd53a5c015e8a6b0133fabf8c2eaa8ee1d1955c363757f57097f7d8579bb87f672189661532c22a2fb52d673c52d9b1558fda037ddc2c838502aeb29a2729a58d12dfb932eda13d460b49c8251b00fc6a41f8ab3ecf7062c7cc759cd2c66713120eea13963242142d42fa75afc841315a0b9b8d214e3f515fecf54d767912e478f1b2e3c5eac24452d30aec39af2da4dedec0d575324958ea383329258aa71addc88146459fb0589d1d2a56aa41fd71cf8815b5c5713518c5575072c4f1d92453cf73d92b6bcb34f50a03a4f3a0f577768c6a96d17e346b2d0e97f5264e4572f41bebea29461ab9624caec22c2e9cad22fe75e532303741aac3e5cf25001e1aebfae1d2f980b07ed67daf2008c0279a7ebf1efb28164b0aa0a07d0752e33aeeec511efd9cc5c37751cf1d32b5e884f2c42f30e20be98fe3d878aa25f25d8d4e6123c34948fb9f8b2c1a5f9d54b0a023ed8e554f7be85f7cd7a878b3ecac2d7ef1ed84d2794ce6d6f2085613e424bf4c551e0d6aae11d74dfcef7d285fcac8f93a1f0aa5c4d2b54c69d947591b56223fd48b3bed270d0fa88cc2c7ee1098c7ba20acaf8bc6d8f54589fc3f40ba30868fa21b531160ca4d008ce1dddf351811bb6c7aae2a32f69fd618c4633e2da303087d1d531ae2f19adb51e486e8a530df3e756f0b0bfe16a4d842804f74988f947022011336c88723b1f168d40dc64af025965e30bf404ae89d68179d36c0ed223914a0cb7593103349ca168273db88dc43e5c477aac66fb7db1c069617f684998f48102788ad843f1edb1f57344910784f62d2d92a3ba1deb8e5f68e17f164c7b44475ed29cadd28b3c384d33cfb4e8d90f827ea57ae055361afd26705e2973a0e4f864aba09d042566de9e0aeae9ca4266ddf84239c713c07022957ba7a397c1e8915238782f1553b4f178be18145fbaf51b3456edac94b55b4d68bed0a119431fc1958ed5a363abd11ff9911062143999e8c2ee943a2de7a4387568da8764a6bc70707cf797148ffc30e11dab840887cf92f001905a535edaf5cd0c097d2d4bd1c3545803d486e8f1175a975fe40a97238a44758d578dfc1cf1bbf7e4fc3bcbfaeac14f5307563aef4b98a6228991276098779f7e05f442953cdba7513d0ff52cf505b4828fbdbe4e9b4fbbd663cf78daa34fa51cec73ea16a89e28463e5bd9b4ed7b70b5b73e3897bcbc6b4180f7eb3ae2647e6aa7b5cff3073a5dbfd22e80b501622136efa10f3022dd9b9e81d8526606e84e780cd4894258a1c9697328f68569dc2900d2c54147fad4f49180888dd414c5f6b82227c8255aeb5e0922268e83da703c1563a4622fd2c8a78993790861e81ebd13a410c2cc568127d36c56d98b7abf7ddfb1bf0db6ac1afb5587070858bd1accca22fbdb1d80a672c30da7f5d07351d2826144dc2af774be1585f8df56acbc10b59328df78c51b564a585d04c8d8bb5a82222796ca2adfbf497607f28395cd746ecd04c7b7258f8b7052ba190935ca25ce87b3b960dd9b55fa5f30f74c1db5b5a5fcdd41d653928944dfbac198ebd6ac2d8f2792f0a3f97a8ce530b54fa7e97f75643104ba1180286a23a4993547a9bdbf7ddc42615b3e68064d965cdd0c8c0e88225d52cf99945cf3e81acce3787f6316bbfeb23b47dbf65a71082f13b2fc7fd32ece43a0a0ec540ade0bccd532e762949aad5400729ebb02e20b2600f28ffb2c6a99cf6f465316c0fd445e00d693bf5a17c977a16a617c11adaebdb783ccf944e3722f305c17b29efd48ff99aae582fbdf76a0cc964ece9712b8ad0114da4f7f2716901983a6455f3ed90890ec2b91b4293ef9ff62562bb86e91e6ed9bc75f94b019dbcf3f83aa36be1cb462f412c50b835cf0f8a8332b0f88ea79bbf9475a8011e69eaf2de994d327ab12ca9075b98a3cd5ce5920eaf26d5f76de5bdd616403bb8b3484bc9bde76c8b12b9010e74c86db9f205052b7b2a1fb4b0521bcd727c3b3b0717f4cf28fa51632c351d2c10e9e45e0abfe0f556ab0c350f570232d9c5f9a96056ad9602224b65abd0c9f23b237115766005d0c2dd502c936af39a1520a4a6aa06b4ac05e8d3162b0277313c6dacd79c9e23cd1f198a94fba64e9250bcc3e910bd05333daef4a94242783accdcc1a34ba1a1540b933278b2d045f91ada513a7ac0bb7f447e0bda14c878140efa323893672d22b2fe8c8373af0bfa93f35d4fc0b50809a39880f481d61ad19a71153cdd087da2ae9214dc665618dc0dce7f75e6a81af2b0628b77ebafd1dcbd9bbc4fe018623ebff1adbf6f1bf86a12b4ca", 0x1000}, {&(0x7f0000002580)="36487354aba543fb71737f3963b42456f547be5547ebb34c16d9556098ba35645efde28155c14444afbe2a5af876d115f1a92fceed61d7ee10788670b6b87b6ff9098aa3a6b84f9e156df5b2b773d96b95453ed07556b9a54e61ea926782611779075764179abfe8e58f760dfe69ccbfb99a2d69c239e3fccb381abe9382049637699d5d9b3763332d45c3bb7baf0dc43bc499e4be769b7e724037fec9a5dd56af6695b974ee4505ffbb236385267b81e9a630729fbe3a24f077c7d5a4ce2e88cd5f8fc1d3d263811846f03570f4c9d75c1fcbbd736ccffa12e965e9a93730e2c9f8cc9e67a3d50105", 0xe9}, {&(0x7f0000002680)="c6ea82b00c07db228e1548fcfd75d4af0d26507953c793b2de3e497edeb1865548bad0bc0e9903f93dca131db8e66dcb3a0071174e30ea2a371332e38d422a0d9668c9c0e790aedb0ffd5d04d825662b796161c4f38bf761489f8d81f56b10293d139d0e7da82f5f9a149e0d752cad306a6bbc2534532cab5b8810bbb3c329584c59886642f4327619c8eddab6570bb1490581c08fe1947ecdee6e0028dc21fe1c9d41e58b8d14a993ab8e6565070bbd65dc06ba5a3de6e44a69476570ad63a8143f05e3277243e6e60859", 0xcb}], 0x7, &(0x7f0000002800)=[{0x18, 0x0, 0x7, "88cac1"}], 0x18}}, {{&(0x7f0000002840)=@in6={0xa, 0x4e21, 0x7ff, @ipv4={[], [], @remote}, 0x8}, 0x80, &(0x7f00000029c0)=[{&(0x7f00000028c0)="af4734dfc6278df5d9d137d58cfe1619741bfb1f4b5d0540aa3e2f5185e7fca3ddc0110c6f07e7a08e7e9c06c5203652ed547872a5e3a40870d8c6b23284edbfa02dee535882081808eebafdc3fe069e694ac09b11a9837d11e4b297f33952fbac2ee195c0237a5a79c302b37da421b8bb85ec0820db5a03fcd456f1fcdb04de100f81f56510e58ec2b26cf3a873970fd526940824c21281bde664257588385e0c9c99e0b204281b1b726abeb082e0a4dc7e79af4cd8", 0xb6}, {&(0x7f0000002980)="3bee1531bb62e24aa4d35ab9", 0xc}], 0x2}}, {{&(0x7f0000002a00)=@sco={0x1f, {0x3, 0x7f, 0x4, 0x9, 0x9, 0x81}}, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000002a80)="58513d6cc78cea70eb77f5b2d7a4bbf44a1550ba02a6f8d7247e632c45ee92a37f8b36033421886bde8fcc6b4b8938cc8f00ec5b1e74d71e82d18481c293e460c324a537c7ce37d8e214d616295bde2bc899f39ad4069b69a715d8", 0x5b}, {&(0x7f0000002b00)="f7916fa5f1bcb9b317543c01ba38fad2e7869b2aa2db9f6ebbcc66d794052d1deb8eb9824f9af8aaa4b645ce49cbd3cd8a96665ce26b369937735d69952ac00b6e5aea3aa517fbc8f6eec1a01056a610e2571de086c9f26369be16ba2bdc42a477130085859563e5c1ff0c2b6589df0ffd6220f9216e26d2ea8ad98aeb54a68ae31e75ccd001f0bfd0808b242fed657cef2c456ae54cbfc259efb38b24b2dc98731df5f0246d81a695d4c96ce0b2977ec75eda2540ab6df0680b6f081437976332cf9edec0df2068ae03958a", 0xcc}, {&(0x7f0000002c00)="a02c7988c9f57d68a4ceeb14f2ced24e73fb7cb375084694bf89b3e68c01b1b0f08274634bef67e91dfb1c4c8f5543687f4857451f696c4ce76f9e1dc7958b3cea66c450d75ba004ed93de7bc9f6940932a87485b14416f69a8d062a6c183e445d6e7176b5252d5a09b614be2d6fd74a70d350b69caed0c0af0cdc570272060286bda1ded7fa4645ea1b4e71c9b81945600ea655237ef014b3fe7a6899373cc0f43c6a4d528032c4457b82228785de4de2c27a0741b1ddf412da0b65338de829fd7be0f979abe01071b5369071b3f1a0d270989fdc7aba7254cb7db2c50de19941bee8a52d4f31", 0xe7}, {&(0x7f0000002d00)="47d8f187fb25023c78e1baca1d2ae69fb4e426a021728679638b00c10b83f3c268c6c6caa306e73a3ad6c3cd03132e000eb63f6825513af1d2d7331bf9845dd6ad8e1863f0967a4bdbc5a1b8b7f3d38ee79441412ce72373926c95d96b1344be941d80f3da79cf8de55086da8fc18c59716d4835421e42ff3775720d638acdb910d8aeeddad2", 0x86}], 0x4, &(0x7f0000002e00)=[{0xa8, 0x101, 0x8000, "33289b9beaaa3682d75c18b3f1307052d3fa172d46d094b3fa5d3e58502c01b3eb2ce7a9d1f7ff1d5fcf7f6552fc9f655aac83f6ed9ced78dc68fcc1506b5259acd87829d6e9ade8772b863874fb5e4ef49857651a9f91a6a9065f76d6a1c7590183298d7926a56d1edc13e137dda14f861054be6e2bc3b217cc1992733d7b670a22645d710328f0ef1470783ed07b47ab55a4ee305b02b1"}], 0xa8}}, {{0x0, 0x0, &(0x7f00000033c0)=[{&(0x7f0000002ec0)="b32f20f5137fa5bc0f8dc66c1eb39adbf245bec458e7c3fca19d9f19319f196ecbfb6f5ed92500064c25a75bdffdefa979d99019f311712d75f9d3c148531f79eadb7ba64915af4504423490786e643c1a83b51abeb2ad7eb8a2221481a09dd95f9ecb549c217e8682d60af8ae2e287dd8ab177b80e0bb5316836a47fb367a87bbad3c39bf6804a27098a18d3bba2246c10be593a06c5b150ef5b8edd6a9d16b3be3c2c91df9ab13ca4882937cbaeebf439dc97f282fc685ba6d988307dd3ae60161d4b139363d15e6d691c555d13f8fbb0cba10297fb1f716b9201d577c7b6f1a6244c37ba111ee5d87f7924e3b19f91cc84acd9d6b", 0xf6}, {&(0x7f0000002fc0)="1c03ca20d6acccb8a44426369e67db3b1222808a04bf3fe75401918eb25b1f7782e192ead079a8bd8b867cadfe15122dabb726610990a169f0fdacd7badfcb23760b4610c32390caeb5f097d7e123238f9ec96290f1ae91df0c3b5e020d97c491771359f2eadcd616cbea6ed95e6c9773cfff9c10fb901caf618163062c2363d76a998df43706aaabfce8b0eec7694be29c829dc19b66e62357cca1f0fefde323224fbffa9025788df4de4cb16de697998c372feae57bf460d0c80fbb4159800c6da642ba44f315877c5651b13d9fd0892cab137f90dab39d45becde8006d1c8", 0xe0}, {&(0x7f00000030c0)="1da5fd4142a739a2bafb77b01475899f82a9781ad4740ec8b9683dfe673af0f3539fa76c52c8a0c2f673554c0c5747890294d10a1aac3c9c8b503ef982e51882f660a58799e9d72b1f07d8018c955ef47422ae1bf7439cda3a1b29d8c54578d0b9d4470c087412620948bd08bb138b7cbf4f939fd8754104f8adda14e3034d60e4b605cd193ee6d63485dce9090f838fe93a0aa0121f31168eb092876617563098db7d84fc3954f23c31680f5be4d28996cfece9433ad9c29d801aec8e92ea107cfb92a14adddbc6e0cf54f32167c39d", 0xd0}, {&(0x7f00000031c0)="1ddb3ef90b977894960c9cad45129b88b75d1161a9a27a3a986e0bbe8993532227dc70f34646d666ef8072d9c5e7b180c958750e1a54e322776a6a6e6f8a40ecbe4c283bda0f161185a6cd625f495415b4fd973e2cc1657b0847e9cd6cae415feb0a1c48c9f2bdf910baa4da4f673d7bd26bef5e75d3c86624cf13aa6e5436ef619354f900aad0ffefbbacb2b671ef91c87e3c07177b4c0a8760bdd7c70cd3cd63d45241b0cea86c9e25bfddab526b1b4c431d9b77a2608916270684d764a4f5ec221acf75898fa5536beba26e6062e2c72c989cdf14a3c3c0331d3db73a297ce774fae52c", 0xe5}, {&(0x7f00000032c0)="8c86672be24cba5fb6d5a3445740b0b253e57b28142096e4b0910d92bce6ba4b9e0a929c63cb1731478a9ae5e6a17d410bd30b956e54cb9c53ad7628920b65b0770e18a39dcc03bdcde7abfb0232bd6b2519499bb5de9d20e2fed5402e2944c154a98f656d188d98749e990c06f0ed7f8a1d6a3f600ea1135bc10a173ae0d7fe7cce214ef811fd73b763cf8163dcccba01a28455114875e8b4a7c6db3df6d99a2e0504e4c71352773208cdf7b3fb21811365444c355fea09653d8d04c07fb94b72c150b12b66b43f202b7515382324f579f56d49e040237635f980b927c8e1590bfb3f897b380a2b8fd5f945ee7d629131e9cae016900e7eda0bc872", 0xfc}], 0x5, &(0x7f0000003440)=[{0x98, 0x3a, 0x0, "5c875def756a24b89f11e3eb31df59382c16a73c051ac5965632db0dca2564feee77e3c642c3a355ae8e21859dd6b74367bbb073973304a722293c2e49d24f998c026864c374750c5ce0a13a6db8ed0107c06d99824da9fab7045918b0713f6bbfda9b20fd7e37e2bb6d2ccfd1feaa73b397a5a47e84848b26caaf52fc9658706c23b3ba"}, {0x68, 0x3756ec879a529dc3, 0x81, "16c83a42bc3b737b493cc3c93e402ab5e130201850049973736e08ff11c35a43a706c90ca627e1c7a3958a749e07fc7bb9c626fbc1925c8ebd5f6dc69f493c733e07f51d35af1dd0bcb11dbbf6e12557f68cf02e0528"}, {0x1010, 0x107, 0x3, "f9efbf7c514cde9c80510521d7fd1712dfee2305c5db45dd72fac95ae50ad69e372b97e10849777cbd35564c2c9c55c78d4a9c8e30ec9cdb0a40b2c0128618beec6d56e7160f4050fc82e8809de4dc039ac5165af438c560e17757c6b9c493722e1480bf00fb7388c3eef4cc6fc2a44c18ae4935a08e75e0187aaf9521d078519682db481c427458d0f8e60345340e987e4621c0905897bc39031d99ea06e794b5be1f65927e852b2b78e50a010cfc23584885a668d5840f3128dae4ab3d156ae40a74e26dfa93ffe18bfca074af5d674997f44997c4912028b1369dd05f1114b69a9d247890b4aa87cf5de17e0219bed71bd4b01ed73473e2052605709da80094ec668a5d0b2d036dc12f295b748cdb82f5114090b6902ad1e03b0f87148a1bd35fa86e78872cf709d9ae097a107fecd65b508c5afeb6c15cfd59cd82251d0fef562bf59a2c2c2556434bdd50e8805ead6acfe71900d920668c90675aa8ac4fda950491e3f9e3b3566ef88d4a164bf061a37fa4779f0d5774f4ce4d049bd84c891dc90ecbf7c151eee39f149310485c18d8467e9dcbd196dd6dce9e46acf0be0b157a2568b382d4ea83d56d3376094ff878339471ef5e27659831d30c09cd6abddb962fa01fd9de27e299194f6a17b18be189acc42967bfceb289a7142747030bc81c79d5be8f407325488f0e3c82c4ce6ab50c91ff1d608cd4038331a6592f86125d90eb92537eafa6ce64459a538931b505b78ef67ea07275c040edb5b734e14c02b768717e33c05c55d917839043e1f95b6901d416e956769f4e53b784bef4cc78853c78ce73727ab950aea77c139cdf85311eb9d1da03086cb79d34b77a4e6ce62134f79c5a716cae676471bb8c3efd9bc96d29d656ad20c8de9721b4821cf98587eeef1cca8ccb41faea5a63669625abfafa67d2cc92a0a3b29bacce34ca6fc05c8dde1bcd18c5ed6b8223af8b84216f6e5e2e13644b42498f31c7e9376479373390e47822165965a095b155e518061036bd1600f258d677baeac8bcae33662aa6ef398138b7b5b5cfdc22bfc5492c89add16d7ac84490be3295f5d13783eed0478b172b49d872df05902dcab2780cb8c66570a184a68a8a79a25b053894a69772b221f65f2c6f1535f04a1c01cbd696997cfa92a7e5f7f92538299846dd7f1ed3f9b57f9eb8b4581e506d755cd9c87d965c71ebb179987f29ed56a811000269e23c4bbd3e9b3331c72b2a10396f5fad76d8c4226e3bac7c357cee8d8eebe66c14519a20e02f5c2a42ee170d8bde6c86e086a5b079c8e698c41f076952bdc21b4526268d290fdd7ef39a1b0a7b9e9956d95d67fe815aa92c48142e728a2188b3526841e16ad244d094a57db84bdbe31eafd39e3bec16e4a76a3c6efdde03e115db2d7f67efd5f8eb0bca3225d48679e5c871c0d05ea68553fc7bcce1cadac452f1605441654c1afef2a99e45cab0b6834137e93f90e10946eb0e5d97878d0f3b59e53f4ec86640a4dae4b90c911a1d525c9b19e1c412b6162a5c374e27c9e84f6b580b3b05cd2e860862bbee67b1938cb0d217150c72bc3789c4a99dfc6e37586828b0ef9b5747fdc5c441dfd9c605baf7d9bbec30b35c741e7ce35ef286721715e857f8e2ca908593b90d326f88464f6de867837656cfaa7ef973d5025856f1c358541922f38136466c9c1b053242f33afff70091317c951c28519559e885bb8bd0f9c26fee091190bacfbbb087bd52217b3f988f8b9a2267b55a00d444606b0c9ef069c8b758df91c49fd59404aedb0f43004cf99078aa86b89967ef4346d673a68c8de92494f1d6202b5765ec4933b02074b88ca895aa30b992d6a943e8ea1426b00c55ea46a9dc9c6443b08d9e45f96fe631a79fdefa8ea3a16740f744c441961d52987ac885f24c1cfc9754529520d8d3d47f968b611cfe33f2715581da17c7fd61ed7e51c1c7b78e5c160827fdbed8c9349625e2c19f20c979737f5d776c19cf1b189fc991646999e42ac81c0c93107affdddac4b6bebc51530feea71a492367053c2baeedfbeb6fcfaecad5ec4e34430692bb73ab249d14ad1c089b242f86bc369cc46243c146398b05b996fb944ff367fd1c6a3e8d7f475ea696f4d1a3bb9c1fc8ebb5dd117ec3e5de41ca41f1b24f6931af501cff992df2935620f40136d1295bd70f6c45a1c31506899a2033daa50ee89251dc060492b579ee9f9c9bf201df8ad0782a50ad71ddb28d6197beb2629d223a92b0e64a9a434691a2797378d7d6079f8ae9c5c0c875eebadd0d3601667cf81ecdc401be2de6d75ca644f6741939219a947e0abb44fea328d9c31201078e42f7c53dcf254f16e9254481e3fe27929bd6cabca6592d5a9491d2b91386fa942dcfb5f3ee9cb7c1ad121788649f4b80cc0c60cd1879abb905a37a57ec61387378f96238b2a5896c3ee5233d15fe24de5ddab8386f667cee7321c293feea72edeaf83881bfa4a42c1177d0abe3eb47d6328ea2fef79ab1b6e7ede661b90b3f1275979633d78454c53d35338e9946cb715db3e596889bb43324d5495af3f937625ad86d2b9596371cfe8b4525f12d9d14fdf1a4e296d6c0433d3641c018da8a916a25f2e0dfaaae452212f86e36ae1b2b557a19237585202e47f56db2bd74c4d0667f4a11a25f27b8b9359050b4c38f50a08c10a3e42d1693d2208f56646a2da6e1b744c4379d91ed428b13ede9c30d5c7989a1a1da3468ffa3876b3df0c92fce3279d1586047c16d52d855144f30d8930ef555a7400a984f1500a838603874cb16586d7dcb4c6c1c0e867d911feac226f2caba29f041019f7566e3e216df33bb043f9c585938e0f06ed1992eacce058b8cb38a9dea5988cef42e8464bb5eea25b0f64460bb49eec1a48f07308421117b3d2485911f47540290122182c2dd4c5e2dd05e0a339d48d03bbffa79e0b02fd327bd1b2e71ce213cd59487d975e4949a3168303161de3467da3107e57cb4f9527c1f03035fa38f8c87ed54ea2185174cdaa59718bca278b48567ea6fe88f9d20a876ec8fb265742d415455c42b59d178e2f26916a877e38f8272bd2b49664ab8765ae19472a87b437ba422d19f4b602f970b3a87ec7477af914601deb6c7a0366ebd63971928bdb0272fe68c16b6acd0b1dcba56666df16fabbb459ead7a719565aad67738104b0f45e84a90922679051eb7078a4e3f57eac5b9e7c6e03e72ce91cefc42b286937481418aacb4a762335a41a77839a21a36e10cb6e90407deb63110c35cda6602f3641fe6f491bd958974a05d3836a8b392e8b3503780e6bba938e609ce70b08bbcf2fd53f863539d19cc603fdbd316fb33b4a6406ac5bcbac628d36628cc13951c54c193c1f0bbc76fea1353db88b369ccc1ba7bed30edf77500c03c1fb471d59c89cfc2dd6820f2f8f915a18126ea8173b9867a47f2c86ecf6987d500ec68bb21c6c333d605d3f7b4dd693bc03e20ee9d567412587fbb77b6aab12faf0d0da3bea5fff9bf537b9806b6b8ce05f641e177e5b87f9b4fa5064d5dc2809f847c01c4903b12aa09da20534ca96f0d15c9fe8d9a58d533549f83f38fbf59e1beb73ffb7230f6d890100ca44863265c8a73f3e54dd755dadd8c3b7129afe9e783d2f12f378945172178d2f40f9e8d8fa94783117ae2b005df54e487532fca4d79374829f9cb956716b3a2c0e9d43e620750a1fa8d8b2cffc769de29cd56fe29345ce5ef61390afcc9afe26bbd6c342171bbd439ab5cf118e20237059470a47222dcb6f9dfe33c3dca7d4b24455fca6fbdfc42115c8448a38e98f319b614441350482757074060f02b8662a03799b937de21cf9652cda8af8bff2674d3e16d9a64cead758baa5e34dd9707515b42caec5285c128268f6ee24ef09c417da248816a6b6f22cb3b7dabf4211de940c6d82917670c83364e665b10539297ad2d3ee2b5900d7931bd29757fb5cf1afec94745563567d141740fada030477a61abfb408547231b1533646b908a5ded4ee4064f5574429deb7c28f292920d379fe516c69ff457c8fac573432c5959023f5bba198dd1220de2e09276a58882338ee617f0e89ac4233b1838e0a7299d396b74cf38cb4e93c6fc17220e03a766137c81c90f8874af3858925183d5778baca5f2a8da1ad66f9ead2f1bbd248627830a4e2d3b2049b9350faf7dacf62cb2c07af5ef182a4b7bdbfd47ab25ace64d8b739dc1854a733d2457e68f996b536e118726bcf54dcd9a6f3006988f21d50c081297617e5e28224af7e96dd70240e995571e246f6becdf28a946836f7363f0877015c7c491d388d2476a256c2f07077001e8ee7c02a42e64ed4416a830f66b7acc2e795452f9f40dd03a3362283837fd3330b1f28166be09d495ceb31197d8bbafce838acc5738d3d8fe2732cdb3e55ae10ff22b909d81f221d0f8c7e2af4de8c2983d78d0cdcc943ed9b92286b12dca97b543a164dc8011fa90f2166de29bc6e9545c520abd7eca50422f4387d59c75b2091172560b862a1a099831d7baffdfdc6f40221263ff696a43973271c647105849b1348bc14347c13baf4415d5567f16781f24740f3bdd14074474d48f510bf8a8bf33411eade98149fe729ba35802812b99dfd203c77a536d44630c6cf95167dc071f7ba0397ecf408cfc6ff65a9fa99c3275b79243e6680936aef6d6032721294ca5e56169dba0f01ab06b567cdb516e83524bb01ab90f4c78f43f3848c6bc961acbd914221b9c3e1d8253c47ab4a07bb11b5ef0898a455140c3d42e80188287f79bf2d9da6f213f5a37855f4a93871ff1a8bc9d17b2af4a46787cb2ca4bb209de93ae389e0e094e865952cd2c8f7692f6c8e988f896455ffc83a0cbd0e9aaf0a4b2c74c5a69477834c1d6940d3b5ac9d0b066add481ef8d4cc48b31bc3f3b9689cdf33470e249fcb93cbbf4fad5f76f3a9acf50e47f5ffa1c576eb20fc1f4e6b0eb7207d638f53716471c3ba3cd8cc1b747a8f056067cd3ccd4ea274ffef42a06b4b542a275a96e2b69ea33f004a09418286834d6482d4cec832821b6d49599b45cc0336e402e142ee395446277c5e3af96192386c1c230898603d96703020e64d120e61f4bbfa8db9ac94c415a5e1e1478f3fb5f1a050a161fc23c59d1d3c5eb1c083d1932d1c8c0b326c4b6f12d494b896e7aac21da46ab893f8dd04c7c769cf44cea0204f7c5f3766fe72c97792b5d318da3466e483cb1ae928aca5fbf2784772fa892cc2b14120d1a79867fb72e7b7109001f32676eab0274bcefee4b4df5604ee8a0f551e8552f74d81a7ed8780f599bc0c9afbc021e40eee8be928b3a119e764f62df1052108a390979f9165038bba8f0d1267a247a9d1db8b156d79d340e532f1b71101405a48fea072b6e344d1817b5ab0db841a09d303144494d51c9a4e9ac7b9784dd9102597ea1cd4db4bd286bfc10834872880372e74f5a1f8417f0b5c70d080ac1a225295cdce92f9bed36d4e86072b9040be706c29da837653d8f192d7a2e5a920686151ddc036d053aa2af4b23823c0877b78a29ecd81a7aee31ebd8564c11f5f716e0bb6921ba00c9e7a467a3115170b933afb7aee92d94f73745afbfe3ad66bf04730c3e6bdb7043e368b933d81d6bd7e63c9b910906afca6d4ae4704172c1a63161bf4f760e3cf6b1fd669b4f409760d1e23f24cc88b60cbd9239ced2fd435c710d1a7734258103fa276fe6a73e0cd6b1550af324e9ba03ff08025a199fafe551322af40c1fa74e9bbc27b00aff5cd991d64b2942c1f702414d8898f509"}, {0x108, 0x10b, 0xf0, "ce2bdb91a034ffb5684095b3fe9f302f413405ba5ebaa53e16b5dc1cd7ccc0e10bcd89dcd7958c4d785ad113354fa278775d0ae1e46df61af7c63e3c4f8da6c4ef76a87a46162ea8ccf2729c2161fad61d8b52966aeb0dfbeca1b1bbca110855729a187d9b7bfaf047be6c2f1fd1e9cdc4b263b92c0a837ff0120c07410ceb33a4c9c4edc3858141ccde1230c68d4b2081ec04a0de1ffeabf28cbf52523839e7f6054a881d4be5bf310bccedaa30429b006b9215340ed0b80ed69ef8e5e89961d8a8170faff2eefbd87a365caaf933a3b93b11bb5019f12adc89ab53642c0c002735c1874ab15a0d21193f5a14079d835c1d02f3"}, {0x48, 0x10c, 0x21c5, "54f728b26b4450bd9375ca2662e856ad3b2ea22a6e092e6256e6ecba47210168ae2a35fcd85df06c8d7a51e51feffd7ddd9ee27c257754"}, {0x28, 0x104, 0x0, "4b81819d285f40149005f377523f87fa850b486fad49"}, {0xe8, 0x0, 0x3, "c51f6d5ef54a46c036d2bbc6cf627aa5d91fc1a457cc30ed081d55a6d12d376b68c51311451d99497244d12518add22357f44a9b9f1ed04b176b693c964303280d1895a92897caa73a418424123e43173f7f342ba12853c6ccb692d5aa3f12bc02cf68be8766f80432ef1d2d4821bc557dceb365fa3a4356a79f8d61ecd691597d9337558cbce5905a1dd176f07069a7832d7b12195d98277b50c505031eac5e9954256e8d8ebd52b8c68ee4d7cfe83598549ac086bb84e21479c54ed1cefeec4704548078fc534b11e9ecc24a7b1a075d0f862f"}, {0x18, 0x117, 0xfffffffe, "7c3a77735270a096"}], 0x1388}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004800)=[{0xb0, 0x10a, 0x20, "7c9ee8457e1b199bba0bfed8edde4c3ec68a7a0f2bec5b337fc4ac75aa27639702929dd29cec577d6fac0f1db19e442357bfce1d2f37184fd5bb2e080c5cd699ffea95158e554d6a6d23f26791906c6d79653f5a22969a92f9269195c94986714b49d996ac56c0b3ba7a24735f9483e59d9f5f995ca3cce80c52e7af9973ff453fdb50d211e6a9190250f532d84d741d34ebade3d8db32389c91e248"}, {0xd0, 0x105, 0x0, "f1c5ce133b44252985d2ac9261066fb1c292a724de7d642db638a060f0bd7fe6f7e48a42969800f2e18c0eac68070ddfba3d61f57e5d01a8a6af3df6ecea7f3ca2520e6a93501c9156a03d6670fe65a2fbd0c6c5dd433ba1513712a6a3b1274610b73b34216385c310c4c3df863ff3b94abbc628142c3a43c538f80eab7b77d916912f58229de137a1b47d22829a4f7a8a39f9942363c27ba4a571bf18f2a245839ad173e38d4921ecdc8c773dd59c89db59b3dcd03b00d1b7c6"}], 0x180}}, {{0x0, 0x0, &(0x7f0000004c80)=[{&(0x7f0000004980)="5bb900571bdbdc897f582c11183c11512fe0745fd1f1a34d9da03b44718dd0c70b91fc1e980548e3e5441765f3fda4353d9e639def14022464df867182f1e700e84bce46b97a12c0b57967b769f7b00efa70f9fab46398ebf63b64813ca1182bb491fa66ab45756860a655cda81179d563c698ef3cd1dc5799801a6f983e99665d4d74b6823b439103c381b4e75c5326c0d0ce2184f1e9440da665436a8fabc33c4ff635536c018e5a18c5f67d739a5dde6551fcbadde868d8898911b1543ddf014f0f46a1117f8655af24bb5826967f3726175e5b749a6d6d6aa0206a22a2ccb502ad4c05c3fa283cad480dae090b31ce4b78e43b1328", 0xf7}, {&(0x7f0000004a80)="7a75bcbbf0b5249665b1b5bd1a4c0f7e5132568812562adb7eadcdc6033f2182ebc9e4b52868ce9f8c847c838fe871f5600961a0c5e917e14d2a26a5611e7ce52fac7a8253f2a0aac1560480a56f92de45c6cba4878193e1715fdc82c3993101c2404d154e71c1b5eb", 0x69}, {&(0x7f0000004b00)="f81bd194dbc41a9945e414c1e4e21545b874ae9f", 0x14}, {&(0x7f0000004b40)="baf723ee66168e21151e5074ce6bc753711acb9ffadf57ff9bb67b74961a3b21de1745ec8fe30966a91a6e16ba39c749d9406d56e373d4b2b79ab7c7fa78b6b4fc59924168a7e794bbcfc9f5e635f219be34f71c63458ea4a3b9263592a510a5d86338d24590abaf7806f10daad1101ecfc59d9c7bc88a9040654c5f4e53ebbfd6501ce80a809947c1d63807814801b4b0753b71eabe79deef01e085088dfc", 0x9f}, {&(0x7f0000004c00)="28e75933a14aaefea4f39fa56d633330b3a2c833b0e73ffe338ee3b479fc04e64883e95531b870c64efa085c6c81170c2f4c5387919104515d364a26a2ecc69ce23b93398d3bb80c43f15e13da7d5e677e513614bc0f116295bb0cd84d52eb6151", 0x61}], 0x5}}, {{&(0x7f0000004d00)=@pppol2tpv3in6={0x18, 0x1, {0x0, r4, 0x3, 0x0, 0x1, 0x3, {0xa, 0x6, 0x7293, @local, 0x80000000}}}, 0x80, &(0x7f0000004f40)=[{&(0x7f0000004d80)="32ed2bc9238f475f41fc88200f33d83e53ad6ed3352f1d1776b616b99744f133ecb53c68427c9a53de861a9f18887cda499d6a8d72d1952c1527ca12d63b0d7150b43bce2fdb7038342f2fc3f331ad227c9b9099407525475037cde72a787768f3242b744fb6715e12c0f1ae46af0fa744da1a6dfb10196cc46dfbb37b", 0x7d}, {&(0x7f0000004e00)="a8458bf1c98dd5addbb0167c6e9ad4bcab846f61eb150d2ec8dd1ed0c3a0a3a47e3fd254643e03b21b4da3b695ff8eb7970b1092b24cfa125ce1217749ddba0d406d9f3d231822dafba897b5b44e3214223efa24f6b2bbb0503b9b00d4dfd9303f0cddfdf04a2ffe3b929565306ca4578effb90107a3df814186a6fe8ab7d9099d48b33e7ffba0780625d31ded9eadee00b1c6707778876eaae5dcebd923141b123d901792a17b2d9e464fc2b4d7c8676e869f8570183896deb8bd0eebfbaf0bda46", 0xc2}, {&(0x7f0000004f00)="5fbbd2178f0f521763a076616d23475148394fca7e8a1e50df54bf8a8d123ffe90aa70c77ec5bbf47d734a6c19faac79eb8cde50ee360d3c2c14c2af21", 0x3d}], 0x3, &(0x7f0000004f80)=[{0xa0, 0x6, 0x1, "e1a1e2ff13b05d824398f7564b626c2d303a3254b15413aebf4ce8b02cdca256d44e9d68356cdef68e0e541bf0b405f9952ee8a62bb848cf083493405884b0575e47e037f3459cb3dc5b585b298438f9570596bed5da23a990a3463478567e51572b80c50929a75e171d87a78d7f9a6287214cd06707cc300bcf85c704ec6af5f7507a42e54a601c35c1da88f4fc"}], 0xa0}}, {{&(0x7f0000005040)=@un=@file={0x2, './file0\x00'}, 0x80, &(0x7f0000005480)=[{&(0x7f00000050c0)="68e47da71d94b0874560bb3bd8388aa097b22098d7d9129f8715f914cff641f035bc26b742b561b9204ce0d2638c3647d798a87a4c529e9952281da76df860486e1ba72126de375dffe6b05f00", 0x4d}, {&(0x7f0000005140)="28143e6b646b8d4f96b9075e5f19aebee0e70d1bb492e82aeadbecde96ddb02eef2195b773c7bb497c0f8fa9cccacb9526795bfff619cfdaa4530a49f9", 0x3d}, {&(0x7f0000005180)="ebde3c084e0003619fc4ad3d704956a23cd1b594752f46bc873e7300a4d3d200801b498f8d71d4cac358f4a4db74f7aaebe751716dc117f718f922cf96fdd429472d597a64c13d3c8c0e51fa9331df82b401df8cedf0fd11e1a6783564efb766fe6c3a17de58903c432fcdfda74872ed789add1dc48f04163dabe4120b805fcf9798e3b839b3f9e0f4e9b74a3b913a91437733611f7ed89c56611e965c8334c0ebd5342cdd16d34f57ce3be18429fcadbf5e065260283e", 0xb7}, {&(0x7f0000005240)="4330e4fd0ff3e9ea49456876a0ec35c84e1fe6a02df35661aa1d242179794b45c5e1a5a948eb1e9cb924abc3e4ff8d8b514e4bba25027628706035fde60b29d0cf1937df0ac925d1ea227dbcd5c457179e7763f3268ba378bc8cf7850e408eb4865c5fbc58a7", 0x66}, {&(0x7f00000052c0)="7c6ac9df1437151f15e3a3e7825d025fe186e3bc3636f1892fd630254cbe9aa69d5a1deef39a6fce706dff3241083ebb67ce80b1f24286a380e33a5c97cb8409131f2e4881c23905bf169be3fd02b24995703a8214753c86d293651d4c1022", 0x5f}, {&(0x7f0000005340)="f9075a948e020f92d1898976f6af0140e140787a5771d8970bf9415d738303e7e783c5074b596e109f697f21080bf606650ad0073236892e7aefdada8ce7fa56a1860f2b8f66e592c34a78d8679267da18fde54cf00426577040c5a576fa82f636c001", 0x63}, {&(0x7f00000053c0)="95d8e69a7da84454fcda0c7d054c6e5db5da8202fc9b1ea3bdb3d397383346783d12982778e5cdf31101b519d5aa08779f1fe6314e9fe2e320f785d4a4f99512e5760d7b398f915d130e52f3caf024f4b6f294d1d7a4f3b9d2a8", 0x5a}, {&(0x7f0000005440)="46c59b55faa1c54cc619999db729f79247a5b9c7ea7fb71d1f44470a68d2e251b6efc313c939dc996980187f4366ead0bf353aa993e89c6418", 0x39}], 0x8, &(0x7f0000007080)=ANY=[@ANYBLOB="78000000000000000e010000ffffffff9497437bf02054b65e990c66fbd1b6cf7014c37e1dcd87cc51050a768ead423d0071f3e4f8656c7f81bd5ec80568ec5c20e94f96a14d00d530ddd1a1686875b8a9ac895ab7c3ba0fa17266f292e211bc1fcb1ad3f8f2cf033b3fb79102843cd9d71900000000000020000000000000000001000009000000a78653dc713112ae5cd4d4874f000000f8000000000000000e01000007000000f14b549f77775d3a228b10632e135b87a1a14e9ef8275d3f4cd987b049ff074271fe1feabf77b78fbef999d649b608d7f352815542724070179648ff1453efd08f4d560a16dfd235046beb1eb03c16598dee4faae51c1cbb100a5a96dbd03e8f761270053c4b23d022e15fdbc8fd8248237a21e6df4b1e4d7a6bf966782dc8b9c47b3b37f599b6926cd7cea2daffeeb5316e8a8f2227cb983ea8031072373f9574705f532a4d343f670d59324c50209f3c66ba9e713e985942c5081a35f29023d1ab168a87a7c443efee798a9f3a0da591b54c52bd1e3343ef7c09d8c1bd60ac5b4c734941000000d0000000000000000501000003000000018493da62bc1bec56828cc88e5ed378961d7f64070a107e5dcfb10a4e419cc7a56c0077e3065d0920859b6377f595ed738587ed3fa21e7fce7f127efdaacbf63e03728c6444544f9e293ca1de2a45911554f99eefb3f74cc272133267a2d207c268c8809d8253f16a5c7d50b912c13dcc7362985822843b03ed5fa93c7afcc8c4641a0b051722c1314b5b71f038dc0bd53ced6b46da963db21f510fed204bd60ae6fdc100d34b935858b99de83c78b718adc4cc2f48ea124a4f5cc747577c0080000000000000003a000000060000001b0077d94acb94868a0c25f0d91bd280f5a6de535c0cf9d5271817816ae9ee4f54f822db1f377d8895b10a02b0562b9a3ec133d949d680deca29d3409b46e648d95e159df831cfa3f9e90059e47979b55cea7924af47220f386b803938e8e11fc53726c3f7ed26225d2fbb8685780000d80000000000000015010000010000006c7756f17ae2d511d1034e57d5c4ccc4111ad53940fc6c5c45af8f7e4f5b583f7129cd253f95d723f2346ed4d8a6b8f80ebc68f814df8e13f66ce07fcd6d48de6dc201908080c488dc7410f33b813e3ac28404ca7cceb1802ae531baa740b4ff27bd42adb81b065549675124410f1c65573d07d7e0a58098c344d74d2453d24406fd6f9b4c65a62354aaf3a218960c1623e8cb63060000004f7bdb40d6cd14b701acf2053bf7684debef0d578125c6d72c624f0d1a217c5b27239bfddb0dedaff700000000000000e800000000000000a0030000ff0300000c09b48871987cd3bc7a6405ae163f6af3ba4ff507e1fd2cd10d3ec2c6fd0592b7d7a98278a5b8bbb279bc416ddef76d0c0de0c198cd4c2d86e432fb0f3395c55158eb7d92542d52efe90e3eed51c8f276bfd531d836bdf2a6d5fd83af70a04b24f9859f6e551e0014ae5ae3d515bae1ce665b01a3afff4f439a5b72babf32bf41ac4ee9491fcc6cdabcccc35cff385608f8c6adf5a505de79697bcff4f648d2842dd8da892bd200dd1514fdea0f621f45a79e55912088689382fee66d9fe05a71302feee2855c6b5a94c06c131ce2a3500000000000000010010000000000000801000002000000dc2da2572fadbb11632258ae79d514c40bd77592259a73ad5089173cc63ec60a882822b099e4bb7579943ca43da24dcd0cdb2d839f5b192fa5628d6bfdc86259b862bb1014910bd2d060f0d04c81c93019e1fe7b8e2868e1ab33cfd153fa74ac958a445ed63736e0205cdfb49507e5facff3400339bf3a5845610bcee2afd96232ed3573d72ae13f0f69c118ddb7defcc17b9d96c2a854b40c25e6181ab37c5b7a7b96c67c4e46bc4c7c8585112046e9b3487f8cf6d15b828829458c29b28a4b4b13b75877c732c5ecec8a7d28d0aed74fa89baf40e14096d0ee69b9e50649f594ca5757418c08a82fd511e410450892f222eedd1a1cf534fa6bb10000000000b1f3edb8757e428e685d57011566c615974d81b76bf2fa4435c3eb2effa67e8141dd6f1695700a95d05ef3848120fd26293938dac35e80157772764e531ae0593f4c10d80169e134e4213cac024a49db917fdbe47f496cf50986d8ee85b9685d6169464ca05ca4125c349c"], 0x5b0}}, {{&(0x7f0000005ac0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r6, 0x4, 0x1, 0x4, 0x4, {0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, [], 0x25}}}}, 0x80, &(0x7f0000005bc0)=[{&(0x7f0000005b40)="db639e9c7a8b74762c92bd6942fbf673c7640a8aab627ead3bb929e07b68d82dd43758817d11d0ffbe96f5d201e86f7b43f854318a8c92c602376c862ad62639e38cf2e65c42dd267fbdeace297a6e", 0x4f}], 0x1, &(0x7f0000005c00)=[{0xf8, 0x2d, 0x9, "2c1a5cb22b4c71f8b0f1502442c9f1e881238b7355e74a0e0ada173e12b113e0899d2e66fdda2d66c89c622076bd82e88a91ebe15c8aec65ef4fc83571794165f82d86d78d60d2550aad47761ba851b6bbb54ad455c0aa927635e4d26bbc97dc11c500a57c4c18997fce850dfc65239e3a37351ef8867da722b081042e5875e1b6ddd1f74a21234950e74beb22d055bb502b0132500497b3b323480476be11f5b91e109d43c3444bd283da62ff1e819dab800a7957cd21a80e0d6c2e08f5266702213d508659ecec5d6cd103d51364aa55b8f5b9e54d49d67b8a252c029748ea21ad4b574a9d08"}, {0xe8, 0x52, 0x0, "23a588f657e2d035f2f274f8969f3c5198deb082b20a239594fd6284b20ba07c408d3b864a7b81e152407d3723b8bba992cde53eec127df7e2115228165fc9f5da31ea74a31d5c7be7274285450f08c65ffd5885c2a11ded089bd71100a2d6d34a5f3f84345fe4ca3474c4aae2ec9b06b54e2a3e109d590b5c9bdecd07ac93fd89ef6a00bdf5549a42b0e578426144de9c0b3f8d25723b103f7b893b2b98c224716949bb73e4c07243967a1a77ee1576ca9ad105fcaea8eb7e6f5c42c3d44667921486afc4b7ff51a66521f71f3084e5b543"}, {0x1010, 0x0, 0x89e, "1798edbe6fc48eeffa4a29f8ec1b3f33df0d819cb8b281d37589c7dd148620561996f99b92a00859be371379a313965d3dce1a18505a616d7b9870a0b0b1c07fb7ba700c84ba0a8ca0a664fc201aa8dea265b0097e7e9eac0c6de407806e8f3ee680b906c9cbdff9da39c038d2e5012df27048441d90388235e70e29af7ef862c6753c07f66daacd3749bac72482f953c7236fa108751de00755a8caabf5f1f7761ef361db51f026f639c398b8fa6d753060a9652782a57fe686230c7065a85193a7d17cb8cf8b6a69971608e90e80a36f6be785f10d2aa076bd17eb3ac509654b5b9d058d9cd8c06deb24eba85b5d5415eca011ecd263f23687c45da775c6523567b9719c34d1c2529d94a94be2ecceb06383108ec480df1bfc7d7afd84cef2562811f75ac9a83bf285260ba159d1f3daf4f8f8ba143db3d9c8b06b47c5bba46baafc230e76c1648eb8e8f7f99c9e1dec89bd451fe9655f449660494a69f12369c792b2a0c769c05957c42fa588a604ed3237f570850f8a98deb04111c7e0d35198f83e9cff606e74285c06bf4ebb49fba525bfb900903f6235ab3e7a2f237694555ff5eb83f7fe3248d3dfed64b09a894304324eeecee709088cebae17c4634f614a1e0944df21670dc8a9517f6e6fb09000573e5aec7872056f27098ce554eecfaa6cb950f1f5d4eb82c2cd2760101a9a85db162bf6e31d08c9f1f255ee5ade0457a1cee227fd34e66c3da008b9a5ef40a647970e70e201cd26d0d4e4a4103f1aac3f847385f322b17697f1ec9945bdf1fa17f4097194b961e269cf75a03886ee7aa7bd71138f593ee9a88a774aa15aafeebb1319ea8e00ede3a7997766b5b6d9482d0aaed85faa6e8f4c65899cd031ea634b65229ade4a2134d9b5c6dfbf9ae6cec99578dfcdc2ab575454a8251da26cb04999fe6ddb06e5c90cb87fce73036bb1aa7ac38c31e6c631cc59230dc5dc445fde738a30036b174f534d7da2961b434acdfd2de7a921c9405ed0b045b7d398a667ae42c715097636772849e134e4ed97f6c4e82824c22dcc93aa03dfad775d71b2e2d731f94b7cb52eb7bf1ed62e0efb612c0651ec1de0a182ec60ca1eba886a7e2474620d8358f2dca3495a4c4cc1bc5f162279da7918d610de5588147b279f9e4daf13fbb13a9cb05dfb52e5a05af688b3ccc9df80dd4c8ac42ccab5252600677a206349161e9c911d50ca7f0814208aefe5db3c2b94962f89854516193aead7f28b8df35b27e88dd1337bf3f943e2be140d5e8c63712cd53387b9b9b393df88ddd32bb89673179f19104d90c79e8fbfc05b62fb94eedcc2a9569dbafcc1b1d193df23d0c847107b364a46768c6ff600a5dc4b8a5a3047f4dcf48190c95239ba530db88087d20b5126b084974fccd643670eb03b3e657cf6c6e393ddda0aac50f755288a596e6c47c2cd7a7402d7525c36d9d564411e5ba392685aa81a3241494ffbee5bf5a9cb509ab0c4198005a674c30395c91b4c01445b11b90adc4c18fbb9039becdfe840e09cc3a976e3269359ef3fa4e7e633fd6ad8be0b6d7f26350db3a9b0e6e849cf3fdfb387a8ba7cc8ce49a11e982f825c3d9ad6f6b9bfaf5bb8995fc7dd0a52656b142e958531c5796e4a777eb0a4d2bfda7a6a7838e4f45ad6c886a118ed45dafb4bd3bf3fa82e3a9cfaf06285f7801ca11663b1a73fb55aa2d8abe962e97895753a0f0c539445efbb806c3fcd3f58947504d21b7861efba5c223fbb95ab8f0afcbabcb41c77971cce3332db7a2cdf265ffa4bce2603ff167041d4eab62007723576945697488bb4271484870f508b3ac66ad09256b861b5c6e766dc417b9172a92035fe75eb65003f7637a40f2535079c00df6798b1276c54b68a199e4051c32a8e3d469df77443dce4e2275d19ac7ceae37c7021d454d975302038ef649b61b429f6953a7b7a8761130596cdc789ccbba0aad2423025fbec42abafa2f0225e0087f423427a7c0f72da123a41f5e16343c09c4311acd164c61e5d732fea41831cd5cc501992db7c0ea3916521f53ad09f271588e566a896b5bc5d3a79a3941139f2e0e3babb60404987b4e815f77fa71ffb7f26258d7e1ce1460d5f9bf427e565a980c515bc44aecf6980cb1f06d8653d83747568af561ff9a25fea71ee437e406f47dc96c592bfd6cca3cf7fa5fdc91b8b134f5359fa5d480637554f5660067010b1461ec6af615aa333f13771c2854f9da2c5c8c82420534c2eb82be130872e4d8476b664886ad36267c65704bd488a0d211a20a8a4c43a310c6c81cb86f33eb75df073f826b10f4e06847a0ebf3ef31d849eaf6dbdc4d75c02608b7693d9666b64c45347d699beefd875caeef266ba1140ff008f9277c97575fe192a35c100076a122638402a5305c2455963e7ab5bdae039cf3fc8e830b853784e6bc579b053aebe42612e77e057dbf56afb00d2ab10e89aa36a1718daa94f91f2685cebbb4e910457eb07ed6658c5bd046db40260d021b9aa09161b76550b98b865e1d4b01043b41e96e9f21aea05e4e2f20ae594a421ef1c4c1f359881b506b8f73b72042b9767e39848b6ddb4460494a8ead60b432c29a80e800c84995ec89dc67bbf400b51be3c5fe4f3538527a9e40b088f81791caa7ab67af9aba84d1de75f77f2be1e64b863ac5ccbd8bfb91bbd0c064c5d0e4ab4a9d5aded99762b47ff0b81695f291cf98a156dfc3a0f001286c07e2fda46d2fc767bb32a4f490977b51cb21cf4f757def774d36e5cab9dd318c5a620a47c778be77b11b55b733eb2a9f5c49cd5516f1bb54ac629fc354e2140d73880195a26f0ee675c1aba8c067de68c5a0059a0342b141f7989f3ece39187d3cba0ac5791a3b1284fce0cc3cbf5a845f0d0d72c203b4c858525be08bb2d8ef23581fcc698281ac62d9faf77257e88760444d77587dbab7d8c69bc4c69cbfe389e5b6e8351bdf562b429fdeb14e1f9bb8e4f7f8c0941e5edbc507505657dcf752bb943b481b96d937fde95b26f9997278948fec956b26f0c7551c54f77ccc3e429937dd26eb7125d09a4d2101409711e13775d0e55687a59370890cc6862b9c291d00601eee4c1ae35c04969c72cf3b648ac7d5ebd8861ffe5878db60f617b73643c29161278869b390ea068181e9f9fb9e5d7026deb840d2d210461f7b8c16934b8b959f01f88720e9d85fe96da97d3b19eeb7d1f7938c5001b0a9202d16bd8f31511999f34bba69743ff69ebfdbcbd95cba7166ab8dbf153a2d4ce0925588ff14cabb865f07a146db6dd12810a99536ce6d5aa85db8a493e0df68b6d8f798848b054c00f2a46c29566130cde5b335a245aa9ff88a8a8fd501b82c2a9194fadbdee1fa145b34afc0833a5819e1de2b049dcc986689f50578699c89b97528ca10c1eed20b872fe8f410dd27b5530c3fe572dbe153952505a14e7591814a8b15cf41eba8938fe77fb65bba2ef9505283582d1db58c02b43a6a289457112ab37fc45ca269909373edcf89130dad4f6c0f365225b8ecf7524e26712cd5a84d52ba5ec16f422b717c032fbc7982fa8f7c442d293e1d5537a35f56f49ac86101c9b16038be5be7a95f4ecf050651409b8ed1df4e80c697796a88e15f3ee9d3c04c363dd39481fa25134eda7af161381b21a1c2cc79e1bd31a3b403d69eb2c34c1e1d1d48541fb9b7443e764f899fc08541bd488a25089ec244abf4c8953f69e662ffefbd0b23aa23ad1f8cb5cdf4eb7515f407e951a40dc9138d022c73b61af2d10183245a262af83667ef63611ed191fc890e5e49375fb64ef8bf8fe593b4653696259c5b00fd22fb5048311d26efa0e633fac74aac3ca1eeb344bdbc1076c647b54eec5855d122dbfc284383bb50ba9d3c14444937c4b7943b42dbde0a7a797dbe986e3f5c945e1d32d873922e163f6f33e1c4925498a3271f83a8b93009162ba5512d895d0b915296ab5b8b274b304d3e3c380e9a246db94da747e077475852b51591efe1fe1fe32e29cb65c07bcdba47c48b53cb60a265f610fab100dcc421b4fd5e5218e3b5b8d4adec3688206cc959270bf036074d43944036f8a9bcd742c0ee99a3bf0bda7cae1034bf23ff45a23c4caa2e61df27e2c259ba02be87310e1508c2a4d803156a6a686ffdabc6b48817dff07f0273e3acca48bedc17f7c93a711403aa5a3a0412685f20b0b389779ae8dbd02c539b87b2c051f06d47b874abc212dcc15f077151af467f15d60254f15c530b84cedfc6285455b4dd3d307974bdfdf32644cef4a0885c1ff3836d86a96321644f82e1b953be715e15237891452e75cd6d25d47022dd7b4dc7a2806b9973c26ee3155fcfcbbcbf3fa2ac51feb0019ade91af2d985b78c6ba458db6b36799074b5accd9406e199f46910e0dce78090923cd7f4cecb595a29a8dab9059084ede2b7ba74097051fc938b4a799fa2e2981e557d7ef569c02a9468839453bb9121f6f603b3876635e0d5f2e92e44b7be01fe13c2896f276bd3d4b1b3ad9a8e2d0d182a46219b6c97e410722c0e7e4d1a550340028c9b8122319c25e9c9d398672fb391c391c7ea01720e4502a99ec778a95d6f3d67738a74f862fe548ccde68a3bb6480cf182afe63cbba2530c8d3568470ad21afc7162e17c7b6d3aecf2cf2731c473a760b0ded500841b3b7e8941cdeff8c754cb5ed09abff9e84f4d45ed54fe5b079a9d7b333679b275e4e78d810d8502ac4b4383bbbf3f032fb0356ef2ac455d4166656c1d39e44a4c4b0073471fff736a7ef2af683469d3164b73d6cf259dd9b78662263fc393e6bca86c1bbfe697c67887748932db06b545fffe7e7285a51908f8c4598a4334a89cddf91a7e0deb40f515e5b2b948d29731f9a50ae83307b63bc9cdb0cf897a7ee5bf7fefb5dd02f239b9817d28b676a878f533da13e08b1507a17760d5c625a027c1b73d00a751c9ef81813992cc04be0185f604c28c434c448d30e59faf0f988ee7c89cae37176504c83d4828556d3c955fbf550fb3674ffbfa59373d066c693cecb77f99e1686b6a1647a2d763c70c8f54d3f838ce8af2bd010d468ad6bac5cd63d697010e81ca71f711b296279e6a10d50937a2463e3d4f9a48a608001b8cd602b7ccbad28b77c28d55b074a2fbe48382246b097936446b999a88ea4f494a254dd48829b78274ac14ce645416777061e5af26b3fc0c86f7cd837144fece01df0a1fe97f8b338f33fbd14a1116afd80178492f930f82a0edc3aaeb93533c3ca812d58c8b78c5448d2f98980929b222599ec41074a3c0b9adadc2f2ce254901f3f294d5bdabfee1938597e021ff5b8d24bc1572cf229e47cda208e76f73a1f6a730c9adc2c38a560fcdfc57517384c04c3b8156c9bb4f41ab2564a9e00c65df69a4dd0c6f64b6a8528896da596fa2925305c050e7c894fa2ffcde31a449720d0e39f39a70e12cfa2f247597bb8239b9195a30bd223cc5cad7637ac199d3e341be1c633fa0e95110584c0baa87847c88c7c3f487f4eb97ff1f233e33857527171f020c6638f971fe9937f76a23aa4931997393c1dc2813890e4a90019bcdc9ed554972303438ffb9d23a503f308301feb114791295c4e974f59967ee84f661fc2401eb904f9382ec1fe072121ffc2653871ce8a4b228527dcaf055d75c9d106fcbc6ba83f60c6938412136f4cdd4da8f01f170075b63c406d957df212455a7f76b1ed69480bb62935db254c22f410ad3f04d3ab1e1c97ac620dc7dcbe0ccf2697fcc2b3733ccad88fa2da28d6056b4ded59c7ff1edfa7abd49c9e96ba07e"}], 0x11f0}}], 0x9, 0x80) fsetxattr$trusted_overlay_upper(r2, &(0x7f00000002c0)='trusted.overlay.upper\x00', &(0x7f0000000300)={0x0, 0xfb, 0x15, 0x4, 0x1, "2f7dba687a383ec40a16c292e15d85a7"}, 0x15, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0xf88a5e3f24028d09, 0x0) 16:18:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, 0x0, 0x0, 0x0) 16:18:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$P9_RCREATE(r1, &(0x7f00000000c0)={0x18, 0x73, 0x1, {{0x40, 0x1, 0x1}, 0x3}}, 0x18) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:26 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') keyctl$set_reqkey_keyring(0xe, 0x2) write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e23, 0xc9c5, @mcast1, 0x427f}, 0x1c) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f00000000c0)={@fda={0x66646185, 0x8, 0x1, 0x3d}, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x20, 0x48}}}], 0x0, 0x0, 0x0}) 16:18:26 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:26 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 16:18:26 executing program 2: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x3, 0x80) ioctl$BLKRRPART(r0, 0x125f, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x42, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="116348400000000000000000000000000000000000000000000058000800000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000004406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ecdf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008e920000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bb36735600"/4096], @ANYPTR64=&(0x7f0000000200)=ANY=[@ANYPTR64, @ANYRES16=r3, @ANYRES64=r4, @ANYBLOB="7221dc68476bfdbeb2df860b41d734556dc757b224c432226e068341bde10f080d76012969448712e82d710d2cf4b40d1d940093751a22432e6f263d4f7af16425d50cdbd152a89bb14a017340353d38cb531ae7ccc3", @ANYRESDEC=r2, @ANYBLOB, @ANYRESOCT]], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:26 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmmsg(r3, 0x0, 0x0, 0x0) 16:18:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000000000000000000000393e00"/66], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 1058.993055] binder: 27542:27549 ioctl 40086607 20000200 returned -22 [ 1059.001380] binder: 27545:27548 got transaction with invalid offset (918, min 24 max 88) or object. [ 1059.001420] binder: 27545:27548 transaction failed 29201/-22, size 88-24 line 3379 16:18:26 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:26 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:26 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(0x0, 0x3b) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) [ 1059.001618] binder: undelivered TRANSACTION_ERROR: 29201 [ 1059.085520] binder_alloc: 27568: binder_alloc_buf size 1495195076287012864 failed, no address space [ 1059.085527] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1059.085547] binder: 27568:27574 transaction failed 29201/-28, size 1369094286720630784-126100789566382080 line 3284 [ 1059.085747] binder: undelivered TRANSACTION_ERROR: 29201 [ 1059.095578] binder: 27573:27578 got transaction with invalid offset (918, min 24 max 88) or object. 16:18:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x3) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000001380)=0x9) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/commit_pending_bools\x00', 0x1, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x3) futex(&(0x7f0000000240), 0x0, 0x0, &(0x7f0000000280), &(0x7f00000002c0), 0x0) lsetxattr$trusted_overlay_origin(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='trusted.overlay.origin\x00', &(0x7f0000000140)='y\x00', 0x2, 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="115248400000000000000000000000000000000000000000000018003ca498427a8763732cc9b70f03242084c37e12a99bc2a0d57db084005e74663aa283b8ea13280bcc67a1d3cf1d9525aae1fd38363d03565fdadd28b6769af95fc37504b59f118d77dd2b09b7ca5cdcc22129379a975522c1986ecc9d8d61ad0c9007c6670c6ee45fb12a20ad2b0ce73650f12a781d3ece082806449347bfa3f8f47e926d0bc315485230a5ebe092ca5e4f0be3a84565", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00@\x00\x00'], 0x0, 0x0, 0x0}) 16:18:26 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0xfffffffffffffffe) timerfd_create(0x0, 0x100800) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000002c00000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000030000000000e4ffffffffffffff00000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) ioctl$GIO_SCRNMAP(r2, 0x4b40, &(0x7f0000001380)=""/4096) 16:18:26 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:26 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCXONC(r3, 0x540a, 0x1) 16:18:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000140)={0x7f, 0x0, 0xffffffff, 0x1ff}, 0x10) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r5, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r5, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0xfffffffffffffcf0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRESHEX=r3], @ANYRESHEX=r4, @ANYPTR64=&(0x7f0000000500)=ANY=[@ANYPTR64=&(0x7f0000000000)=ANY=[@ANYRESDEC=r1, @ANYRES32, @ANYRES64=0x0, @ANYPTR64], @ANYRES32=0x0, @ANYPTR64, @ANYRESOCT, @ANYBLOB="8900edb7d47dacd2af69269f91606a1d9b69ec224664f964c42bbc409dee3a3927f07a966a53c25edb757a245b8486caf492af9148975511470145af1724d193d3022ed5b23dc367b8b4c5e1f3fbb96829b0168ec7979ecba35b88b2c2c68797726c08a8f4d08d413323323da701003ffe849a350a72ab0ac5e11d6946ab6223318782ce3a64eb6f7cd2efd5549a46fcd52d5fd7ab863c258d998d6baa3c4bdd7b94033d304ccbe1debbb0715ed06ce9eff810955d6b760ddb22382a0af4be24ecc66ecacbeeedd68ab5ca684e7d6099ad789dea0ef043eea6953fa43ac4fea48dbdd222634ff2b7"]], 0x0, 0x0, 0x0}) 16:18:26 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(0x0, 0x3b) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) [ 1059.095849] binder: 27573:27578 transaction failed 29201/-22, size 88-24 line 3379 [ 1059.096002] binder: undelivered TRANSACTION_ERROR: 29201 [ 1059.102773] binder: 27573:27583 got transaction with invalid offset (918, min 24 max 88) or object. [ 1059.102954] binder: 27573:27583 transaction failed 29201/-22, size 88-24 line 3379 [ 1059.103107] binder: undelivered TRANSACTION_ERROR: 29201 [ 1059.241302] binder: 27542:27563 ioctl 40086607 20000200 returned -22 16:18:26 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:26 executing program 1: r0 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4100) truncate(&(0x7f00000000c0)='./bus\x00', 0x1000) r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) lseek(r0, 0x0, 0x2) sendfile(r0, r1, 0x0, 0x4000000000020009) r2 = socket$inet6(0xa, 0x400000000001, 0x0) close(r2) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendfile(r2, r3, 0x0, 0x80001d00c0d0) 16:18:26 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(0x0, 0x3b) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 16:18:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1059.273400] binder: BINDER_SET_CONTEXT_MGR already set [ 1059.291327] binder: 27596:27600 ioctl 40086602 20001380 returned -22 16:18:26 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:26 executing program 0: r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 1059.298593] binder: 27596:27600 unknown command 1078481425 [ 1059.298601] binder: 27596:27600 ioctl c0306201 20000180 returned -22 [ 1059.305530] binder: 27596:27613 ioctl 40086602 20001380 returned -22 [ 1059.306274] binder: BINDER_SET_CONTEXT_MGR already set [ 1059.306290] binder: 27606:27610 ioctl 40046207 0 returned -16 [ 1059.306350] binder: 27606:27610 BC_INCREFS_DONE u0000000000000000 no match [ 1059.308389] binder: release 27606:27610 transaction 2857 out, still active [ 1059.308393] binder: undelivered TRANSACTION_COMPLETE [ 1059.309106] binder: send failed reply for transaction 2857, target dead [ 1059.316562] binder: BINDER_SET_CONTEXT_MGR already set [ 1059.316570] binder: 27606:27610 ioctl 40046207 0 returned -16 [ 1059.316862] binder: 27606:27617 BC_INCREFS_DONE u0000000000000000 no match [ 1059.334262] binder: release 27606:27617 transaction 2859 out, still active [ 1059.334266] binder: undelivered TRANSACTION_COMPLETE [ 1059.353445] binder: send failed reply for transaction 2859, target dead [ 1059.359395] binder: 27623:27624 got transaction with invalid offset (918, min 24 max 88) or object. [ 1059.359436] binder: 27623:27624 transaction failed 29201/-22, size 88-24 line 3379 [ 1059.359596] binder: undelivered TRANSACTION_ERROR: 29201 [ 1059.400805] binder: 27630:27637 got transaction with invalid parent offset or type 16:18:27 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f00000000c0)='ip6_vti0\x00') ioctl$TIOCSRS485(r2, 0x542f, &(0x7f0000000100)={0x7f, 0x7, 0x84}) 16:18:27 executing program 0: r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:27 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000001300)={0x9, {{0x2, 0x4e24, @rand_addr=0x8}}, 0x701291f2c8fe5b58, 0x6, [{{0x2, 0x4e23, @loopback}}, {{0x2, 0x4e24, @empty}}, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x16}}}, {{0x2, 0x4e23, @rand_addr=0x20fd6652}}, {{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1b}}}, {{0x2, 0x4e23, @multicast1}}]}, 0x390) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/status\x00', 0x0, 0x0) setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f00000000c0), 0x4) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000070000000000000001800000000000000", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="852a717000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[], @ANYBLOB="000000000000000000000000000000003900000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="0010000000000000000000000000000000000000000000008561646600000000010000000000000000000000000000001900000000000000"], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00P\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="4010000000000000"], 0x0, 0x0, 0x0}) 16:18:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x200000, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@flat, @fd, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x4000000}}, &(0x7f00000001c0)={0x0, 0xfffffffffffffd31, 0x30}}, 0x3400}], 0x0, 0x0, 0x0}) [ 1059.400848] binder: 27630:27637 transaction failed 29201/-22, size 96-24 line 3454 [ 1059.401005] binder: undelivered TRANSACTION_ERROR: 29201 [ 1059.539270] binder: 27598:27602 ioctl 40046207 0 returned -16 [ 1059.548016] binder: BINDER_SET_CONTEXT_MGR already set [ 1059.553532] binder: 27598:27602 ioctl 40046207 0 returned -16 16:18:27 executing program 0: r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:27 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000001380)=""/4105, 0x76f}, @flat=@handle={0x73682a85, 0x100, 0x3}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 1059.585108] binder: 27646:27647 got transaction to invalid handle [ 1059.593069] binder: 27646:27647 transaction failed 29201/-22, size 88-24 line 3138 [ 1059.603475] binder: undelivered TRANSACTION_ERROR: 29201 [ 1059.608539] binder: 27648:27651 got transaction with invalid offset (918, min 24 max 88) or object. [ 1059.608577] binder: 27648:27651 transaction failed 29201/-22, size 88-24 line 3379 [ 1059.614567] binder: BINDER_SET_CONTEXT_MGR already set [ 1059.614578] binder: 27648:27654 ioctl 40046207 0 returned -16 [ 1059.614918] binder_alloc: 27648: binder_alloc_buf, no vma [ 1059.614937] binder: 27648:27654 transaction failed 29189/-3, size 88-24 line 3284 [ 1059.632938] binder: BINDER_SET_CONTEXT_MGR already set [ 1059.632948] binder: 27646:27656 ioctl 40046207 0 returned -16 [ 1059.668886] binder: BINDER_SET_CONTEXT_MGR already set [ 1059.668895] binder: 27661:27662 ioctl 40046207 0 returned -16 [ 1059.674811] binder_alloc: 27648: binder_alloc_buf, no vma [ 1059.674833] binder: 27661:27662 transaction failed 29189/-3, size 88-24 line 3284 [ 1059.679939] binder: BINDER_SET_CONTEXT_MGR already set [ 1059.679951] binder: 27661:27664 ioctl 40046207 0 returned -16 [ 1059.680905] binder_alloc: 27648: binder_alloc_buf, no vma [ 1059.680925] binder: 27661:27664 transaction failed 29189/-3, size 88-24 line 3284 [ 1059.763168] binder: undelivered TRANSACTION_ERROR: 29189 [ 1059.768808] binder: undelivered TRANSACTION_ERROR: 29189 [ 1059.774552] binder: undelivered TRANSACTION_ERROR: 29189 [ 1059.780200] binder: undelivered TRANSACTION_ERROR: 29201 16:18:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x8c400) write$tun(r1, &(0x7f0000000200)={@val={0x0, 0x6004}, @void, @ipx={0xffff, 0x5d, 0x9, 0x4, {@broadcast, @broadcast, 0x5cd}, {@random=0x5, @broadcast, 0x8}, "9f109ad9676b442ba4880ad37c3429dda80633aad3f6072a2fc048ebd6cc6eca1ae725233cadcc867ed89ce76b6310f315393536d063e9e27609d53754fa63"}}, 0x61) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:27 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x4) ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f0000000100)) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:27 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 1060.158009] binder: 27666:27673 got transaction with invalid offset (918, min 24 max 88) or object. [ 1060.167663] binder: 27666:27673 transaction failed 29201/-22, size 88-24 line 3379 [ 1060.176266] binder: undelivered TRANSACTION_ERROR: 29201 [ 1060.183289] binder: 27666:27674 got transaction with invalid offset (918, min 24 max 88) or object. [ 1060.192804] binder: 27666:27674 transaction failed 29201/-22, size 88-24 line 3379 [ 1060.201572] binder: undelivered TRANSACTION_ERROR: 29201 16:18:29 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:29 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet6_int(r2, 0x29, 0x6, &(0x7f0000000100), &(0x7f0000000140)=0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:29 executing program 1: r0 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x4100) truncate(&(0x7f00000000c0)='./bus\x00', 0x1000) r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) lseek(r0, 0x0, 0x2) sendfile(r0, r1, 0x0, 0x4000000000020009) r2 = socket$inet6(0xa, 0x400000000001, 0x0) close(r2) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendfile(r2, r3, 0x0, 0x80001d00c0d0) 16:18:29 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:29 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000280)={'broute\x00', 0x0, 0x3, 0x8a, [], 0x1, &(0x7f0000000240)=[{}], &(0x7f0000001380)=""/138}, &(0x7f0000001440)=0x78) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x810, r1, 0x75cc4000) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x10, 0x0, &(0x7f0000000000)=[@request_death], 0x11, 0x0, &(0x7f0000000040)="33709210de3718de25e213922508d0227d"}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) connect$inet6(r2, &(0x7f0000001480)={0xa, 0x4e22, 0x7fff, @remote, 0x7}, 0x1c) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x24000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x3) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="116348400000000000000000000000000000000000000000000000000000000000000000580000000000000018000000000000009e", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x98, 0x0, &(0x7f0000000800)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, &(0x7f00000009c0)=""/244, 0xf4, 0x0, 0x28}, @ptr={0x70742a85, 0x0, &(0x7f0000000500)=""/238, 0xee, 0x0, 0x33}, @fda={0x66646185, 0x1, 0x1, 0x30}}, &(0x7f0000000600)={0x0, 0x28, 0x50}}}, @exit_looper, @dead_binder_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000780)={@flat=@weak_handle={0x77682a85, 0x900}, @ptr={0x70742a85, 0x1, &(0x7f0000000640)=""/39, 0x27, 0x2, 0x2d}, @ptr={0x70742a85, 0x1, &(0x7f0000000700)=""/121, 0x79, 0x1, 0x13}}, &(0x7f0000000680)={0x0, 0x18, 0x40}}}], 0x50, 0x0, &(0x7f00000008c0)="6a9b0e2213aa63e17ee093845f4be4d9ee3d2f77436284c72c6fe5633bba93ff0b54e09c8bf9100a26e81672ad779717ed4bea2881c22aef5ea46317146b482acdb9351ffad5dc5da27c69390e76d19e"}) pipe2(&(0x7f0000000280), 0x80c00) r3 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) r5 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) ioctl$TIOCGSOFTCAR(r5, 0x5419, &(0x7f0000000200)) r6 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r7 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r7, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r8, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r8, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$RTC_PLL_GET(r8, 0x80207011, &(0x7f0000000980)) sendfile(r6, r7, 0x0, 0x7) [ 1062.356906] binder: 27681:27685 BC_INCREFS_DONE node 2890 has no pending increfs request [ 1062.378380] binder_alloc: 27686: binder_alloc_buf, no vma [ 1062.378483] binder: 27681:27685 got transaction to context manager from process owning it [ 1062.378495] binder: 27681:27685 transaction failed 29201/-22, size 0-0 line 3129 16:18:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = syz_open_procfs(r2, &(0x7f0000000140)='net/if_inet6\x00') execveat(r3, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)=[&(0x7f0000000240)='/dev/binder#\x00', &(0x7f0000000280)='/dev/binder#\x00', &(0x7f00000002c0)='!,vboxnet0\x00', &(0x7f0000000300)='/dev/binder#\x00', &(0x7f0000000340)='/dev/binder#\x00', &(0x7f0000000380)='/dev/binder#\x00', &(0x7f00000003c0)='+&md5sumwlan0cpusetmime_type\x06\'ppp1!(,wlan1\x00', &(0x7f0000000400)='cgroup\x00', &(0x7f0000000440)='/dev/binder#\x00', &(0x7f0000000480)='/dev/binder#\x00'], &(0x7f0000000680)=[&(0x7f0000000540)='/dev/binder#\x00', &(0x7f0000000580)='/dev/binder#\x00', &(0x7f00000005c0)='/dev/binder#\x00', &(0x7f0000000600)='-\x00', &(0x7f0000000640)='\x00'], 0x800) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:29 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:29 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1062.381654] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.381663] binder: 27681:27685 ioctl 40046207 0 returned -16 [ 1062.381728] binder: 27681:27685 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 1062.382931] binder: 27683:27684 BC_INCREFS_DONE node 2894 has no pending increfs request 16:18:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x80000) ioctl$EVIOCGKEYCODE(r3, 0x80084504, &(0x7f0000000200)=""/117) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 1062.382941] binder: 27683:27684 got transaction to context manager from process owning it [ 1062.382952] binder: 27683:27684 transaction failed 29201/-22, size 0-0 line 3129 [ 1062.383053] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.383067] binder: 27683:27684 transaction failed 29189/-3, size 112-24 line 3284 [ 1062.383299] binder: BINDER_SET_CONTEXT_MGR already set 16:18:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) mknod$loop(&(0x7f0000000240)='./file0\x00', 0x400, 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x0, 0x0) write$UHID_INPUT2(r2, &(0x7f0000000200)={0xc, 0x1d, "453965fbdaa03a240e5c3acb17161b35e05ebd08ce3237e9777e6aecfa"}, 0x23) 16:18:30 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:30 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 1062.383306] binder: 27683:27684 ioctl 40046207 0 returned -16 [ 1062.383422] binder: 27683:27684 BC_INCREFS_DONE u0000000000000000 no match [ 1062.383440] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.383453] binder: 27683:27684 transaction failed 29189/-3, size 0-0 line 3284 [ 1062.383514] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.383519] binder: 27683:27684 ioctl 40046207 0 returned -16 [ 1062.383726] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.383741] binder: 27683:27684 transaction failed 29189/-3, size 96-24 line 3284 [ 1062.397071] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.397079] binder: 27683:27684 ioctl 40046207 0 returned -16 [ 1062.397137] binder: 27683:27684 BC_INCREFS_DONE u0000000000000000 no match [ 1062.397161] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.397178] binder: 27683:27684 transaction failed 29189/-3, size 0-0 line 3284 [ 1062.397344] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.397351] binder: 27683:27684 ioctl 40046207 0 returned -16 [ 1062.397409] binder: 27683:27684 BC_INCREFS_DONE u0000000000000000 no match [ 1062.397427] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.397442] binder: 27683:27684 transaction failed 29189/-3, size 0-0 line 3284 [ 1062.398487] binder: undelivered TRANSACTION_ERROR: 29189 [ 1062.398508] binder: undelivered TRANSACTION_ERROR: 29189 [ 1062.398526] binder: undelivered TRANSACTION_ERROR: 29189 [ 1062.398542] binder: undelivered TRANSACTION_ERROR: 29189 [ 1062.398558] binder: undelivered TRANSACTION_ERROR: 29201 [ 1062.404065] binder: 27683:27697 BC_INCREFS_DONE node 2901 has no pending increfs request [ 1062.404074] binder: 27683:27697 got transaction to context manager from process owning it [ 1062.404084] binder: 27683:27697 transaction failed 29201/-22, size 0-0 line 3129 [ 1062.404173] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.404187] binder: 27683:27684 transaction failed 29189/-3, size 112-24 line 3284 [ 1062.404331] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.404337] binder: 27683:27697 ioctl 40046207 0 returned -16 [ 1062.404405] binder: 27683:27684 BC_INCREFS_DONE u0000000000000000 no match [ 1062.404421] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.404434] binder: 27683:27684 transaction failed 29189/-3, size 0-0 line 3284 [ 1062.404454] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.404459] binder: 27683:27697 ioctl 40046207 0 returned -16 [ 1062.404624] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.404645] binder: 27683:27697 transaction failed 29189/-3, size 96-24 line 3284 [ 1062.415568] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.415577] binder: 27683:27699 ioctl 40046207 0 returned -16 [ 1062.415734] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.415740] binder: 27683:27697 ioctl 40046207 0 returned -16 [ 1062.415771] binder: 27683:27684 BC_INCREFS_DONE u0000000000000000 no match [ 1062.415797] binder_alloc: 27683: binder_alloc_buf, no vma [ 1062.415815] binder: 27683:27684 transaction failed 29189/-3, size 0-0 line 3284 [ 1062.416934] binder: undelivered TRANSACTION_ERROR: 29189 [ 1062.416954] binder: undelivered TRANSACTION_ERROR: 29189 [ 1062.416970] binder: undelivered TRANSACTION_ERROR: 29189 [ 1062.416995] binder: undelivered TRANSACTION_ERROR: 29201 [ 1062.471832] binder: 27706:27708 got transaction with invalid parent offset or type [ 1062.471868] binder: 27706:27708 transaction failed 29201/-22, size 96-24 line 3454 [ 1062.472014] binder: undelivered TRANSACTION_ERROR: 29201 [ 1062.480002] binder: 27706:27712 got transaction with invalid parent offset or type [ 1062.480041] binder: 27706:27712 transaction failed 29201/-22, size 96-24 line 3454 [ 1062.480594] binder: undelivered TRANSACTION_ERROR: 29201 [ 1062.506869] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.506877] binder: 27717:27718 ioctl 40046207 0 returned -16 [ 1062.506934] binder: 27717:27718 BC_INCREFS_DONE u0000000000000000 no match [ 1062.507923] binder: 27717:27718 ioctl 80084504 20000200 returned -22 [ 1062.507985] binder: 27717:27718 got new transaction with bad transaction stack, transaction 2916 has target 27717:0 [ 1062.507996] binder: 27717:27718 transaction failed 29201/-71, size 96-24 line 3165 [ 1062.508104] binder: release 27717:27718 transaction 2916 out, still active [ 1062.508107] binder: undelivered TRANSACTION_COMPLETE [ 1062.508114] binder: undelivered TRANSACTION_ERROR: 29201 [ 1062.508591] binder: send failed reply for transaction 2916, target dead [ 1062.516427] binder: BINDER_SET_CONTEXT_MGR already set [ 1062.516435] binder: 27717:27718 ioctl 40046207 0 returned -16 [ 1062.516475] binder: 27717:27719 BC_INCREFS_DONE u0000000000000000 no match [ 1062.516948] binder: 27717:27719 ioctl 80084504 20000200 returned -22 [ 1062.517142] binder: release 27717:27719 transaction 2919 out, still active [ 1062.517145] binder: undelivered TRANSACTION_COMPLETE 16:18:30 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0xb8, 0x0, &(0x7f0000001640)=[@enter_looper, @acquire_done={0x40106309, 0x3}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x19, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001580)={@fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x2, &(0x7f0000001500)=""/110, 0x6e, 0x0, 0x21}, @fd}, &(0x7f0000001600)={0x0, 0x18, 0x40}}, 0x400}, @clear_death={0x400c630f, 0x2}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x70, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/237, 0xed, 0x1, 0x2e}, @fda={0x66646185, 0x5, 0x1, 0x7}, @ptr={0x70742a85, 0x1, &(0x7f0000001380)=""/235, 0xeb, 0x2, 0x1e}}, &(0x7f0000000140)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0}) [ 1062.521586] binder: send failed reply for transaction 2919, target dead [ 1062.561155] binder: 27723:27725 got transaction with invalid parent offset or type [ 1062.561194] binder: 27723:27725 transaction failed 29201/-22, size 96-24 line 3454 [ 1062.561616] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.040385] binder: 27686:27690 transaction failed 29189/-3, size 88-24 line 3284 [ 1063.050520] binder: undelivered TRANSACTION_ERROR: 29189 [ 1063.071510] binder: 27740:27741 BC_ACQUIRE_DONE u0000000000000003 no match [ 1063.078795] binder: 27740:27741 got transaction to invalid handle [ 1063.085432] binder: 27740:27741 transaction failed 29201/-22, size 88-24 line 3138 [ 1063.094271] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.100911] binder: 27740:27742 BC_ACQUIRE_DONE u0000000000000003 no match [ 1063.108401] binder: 27740:27742 got transaction to invalid handle [ 1063.115106] binder: 27740:27742 transaction failed 29201/-22, size 88-24 line 3138 [ 1063.123247] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.157557] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.158811] binder: 27681:27700 BC_INCREFS_DONE node 2930 has no pending increfs request 16:18:30 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) close(r0) open(&(0x7f00000000c0)='./bus\x00', 0x800000141042, 0x0) mmap(&(0x7f000094d000/0x3000)=nil, 0x3000, 0x0, 0x98011, r0, 0x0) 16:18:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a627300000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000000000000000852a747000"/96], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000001800000000000000382078ed8e7ea751"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:30 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) lsetxattr$security_evm(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='security.evm\x00', &(0x7f0000000200)=@sha1={0x1, "acf2899e0e68c28206edcd866c7e191b07ddb952"}, 0x15, 0x3) r1 = syz_open_dev$binderN(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x800) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x6) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0xe, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000001380)=""/4099}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:30 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:30 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:30 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ifreq(r1, 0x8929, &(0x7f0000000000)={'ip6tnl0\x00', @ifru_addrs=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x2}}}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, &(0x7f0000000040)=0xfffffe00) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000001800"/52, @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000001380)=ANY=[@ANYRESHEX=r0], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYRESDEC=r2, @ANYBLOB="000000000004000039b723ca4ac26e8096acb2ca3e591983cd9d1a8e733a58fb175ea4f4ce949493b09ace2eecee05f86d156bf14da10125b266533f92ae764500f14f25c176f0aab59dcda386c50916186d659d868c0bfc6049af98f3d3bd274ca8f7eb3b42ca828dbbc8b0a92762570c291a5420dca842eef49ed380d5bb53444e63e32df72ad05691d6192205d8efc100e6f93df3850c5a4c199f9237022cc3400fccbcafa97482c8bb78515b66a01211b5ced92b5135a62687261af408008af5b54d8925cb0cd6886f6e7af8ceb52cf77b1e51a7db"], 0x0, 0x0, 0x0}) geteuid() getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000200)) [ 1063.158822] binder: 27681:27700 got transaction to context manager from process owning it [ 1063.158833] binder: 27681:27700 transaction failed 29201/-22, size 0-0 line 3129 [ 1063.158905] binder: BINDER_SET_CONTEXT_MGR already set [ 1063.158912] binder: 27681:27700 ioctl 40046207 0 returned -16 [ 1063.158946] binder: 27681:27744 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 1063.218054] binder: undelivered TRANSACTION_ERROR: 29201 16:18:30 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:30 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="d3d2b93c38dba87c5fcd8034"], 0xc}}, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:30 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) syz_open_dev$binderN(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x3) 16:18:30 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r1) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) clone(0x2000802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() tkill(r3, 0x1e) 16:18:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) 16:18:30 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:30 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20e1780931", 0x109}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1063.243374] binder_alloc: 27747: binder_alloc_buf size 3472328296227680304 failed, no address space [ 1063.268790] binder_alloc: 27748: binder_alloc_buf, no vma 16:18:30 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1063.268809] binder: 27748:27757 transaction failed 29189/-3, size 88-24 line 3284 [ 1063.269214] binder: undelivered TRANSACTION_ERROR: 29189 16:18:30 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f00000000c0)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:30 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x0, 0x2}, @fda={0x66646185, 0x0, 0x0, 0x4}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 1063.271089] binder: 27746:27758 got transaction with invalid parent offset or type [ 1063.271129] binder: 27746:27758 transaction failed 29201/-22, size 96-24 line 3454 [ 1063.271331] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.273766] binder_alloc: 27748: binder_alloc_buf, no vma [ 1063.273784] binder: 27748:27766 transaction failed 29189/-3, size 88-24 line 3284 [ 1063.274025] binder: undelivered TRANSACTION_ERROR: 29189 [ 1063.278162] binder: 27746:27767 got transaction with invalid parent offset or type [ 1063.278201] binder: 27746:27767 transaction failed 29201/-22, size 96-24 line 3454 [ 1063.278448] binder: undelivered TRANSACTION_ERROR: 29201 16:18:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) setrlimit(0x3, &(0x7f0000000140)={0x100000000, 0x6}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) fallocate(r1, 0x1, 0x1000, 0x20) r2 = socket(0x10, 0x2, 0xc) inotify_init1(0x80000) write(r2, &(0x7f0000000040)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r2, &(0x7f0000000040)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0) getresgid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) setregid(r4, r5) [ 1063.341736] binder: 27773:27782 got transaction with invalid offset (918, min 24 max 88) or object. [ 1063.341783] binder: 27773:27782 transaction failed 29201/-22, size 88-24 line 3379 [ 1063.344226] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.346295] binder: 27773:27790 got transaction with invalid offset (918, min 24 max 88) or object. [ 1063.346338] binder: 27773:27790 transaction failed 29201/-22, size 88-24 line 3379 [ 1063.346570] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.354440] binder: 27778:27786 got transaction with invalid parent offset or type [ 1063.354479] binder: 27778:27786 transaction failed 29201/-22, size 96-24 line 3454 [ 1063.354757] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.431328] binder: 27798:27800 got transaction with invalid offset (918, min 24 max 88) or object. [ 1063.431364] binder: 27798:27800 transaction failed 29201/-22, size 88-24 line 3379 [ 1063.431545] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.438772] binder: 27798:27802 got transaction with invalid offset (918, min 24 max 88) or object. [ 1063.438812] binder: 27798:27802 transaction failed 29201/-22, size 88-24 line 3379 [ 1063.439146] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.442367] binder: 27799:27801 got transaction with invalid parent offset or type [ 1063.442403] binder: 27799:27801 transaction failed 29201/-22, size 96-24 line 3454 [ 1063.442626] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.515931] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1063.516100] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1063.516613] binder: 27806:27807 got transaction with invalid parent offset or type [ 1063.516651] binder: 27806:27807 transaction failed 29201/-22, size 96-24 line 3454 [ 1063.517266] binder: undelivered TRANSACTION_ERROR: 29201 [ 1063.518713] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1063.518798] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.4'. 16:18:31 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1063.884721] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1063.904435] binder: 27747:27751 transaction failed 29201/-28, size 0-0 line 3284 [ 1063.924925] binder: undelivered TRANSACTION_ERROR: 29201 16:18:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) fsync(r1) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) fstat(r2, &(0x7f0000000200)) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) [ 1063.988670] binder: 27812:27814 got transaction with invalid offset (918, min 24 max 88) or object. [ 1064.000234] binder: 27813:27815 got transaction with invalid parent offset or type [ 1064.000273] binder: 27813:27815 transaction failed 29201/-22, size 96-24 line 3454 [ 1064.000776] binder: undelivered TRANSACTION_ERROR: 29201 [ 1064.009810] binder: 27813:27816 got transaction with invalid parent offset or type 16:18:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a627300000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000000000000000852a747000"/96], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="00000000000000001800000000000000380000b9b5f28eba"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:31 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) write(r0, &(0x7f0000000040)="240000001e005f0214fffffffff8070000000f0000000000000008000800080000b70000", 0x52) 16:18:31 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a627300000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000000000000000852a747000"/96], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB="000000000033fc7677472d0a434c7ed2c2068f2e732c344a50e3508b7544c50300b57d16a4bdf6d007f2908c56447f1f"], 0x0, 0x0, 0x0}) [ 1064.009850] binder: 27813:27816 transaction failed 29201/-22, size 96-24 line 3454 [ 1064.010164] binder: undelivered TRANSACTION_ERROR: 29201 [ 1064.117950] binder: 27822:27823 got transaction with invalid parent offset or type [ 1064.117994] binder: 27822:27823 transaction failed 29201/-22, size 96-24 line 3454 [ 1064.118154] binder: undelivered TRANSACTION_ERROR: 29201 [ 1064.173806] binder_alloc: 27829: binder_alloc_buf size 8573783865699598456 failed, no address space [ 1064.173815] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1064.173836] binder: 27829:27832 transaction failed 29201/-28, size 96-24 line 3284 [ 1064.173990] binder: undelivered TRANSACTION_ERROR: 29201 [ 1064.179221] binder_alloc: 27829: binder_alloc_buf size 8573783865699598456 failed, no address space [ 1064.179229] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 1064.179251] binder: 27829:27834 transaction failed 29201/-28, size 96-24 line 3284 [ 1064.179420] binder: undelivered TRANSACTION_ERROR: 29201 [ 1064.301576] binder: 27812:27814 transaction failed 29201/-22, size 88-24 line 3379 [ 1064.312895] binder: undelivered TRANSACTION_ERROR: 29201 16:18:33 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:33 executing program 1: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) mknod(&(0x7f0000000280)='./file1\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f00000000c0)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) execve(&(0x7f00000004c0)='./file0\x00', 0x0, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file1\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, 0x0) open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) 16:18:33 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:33 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uhid\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x1c, 0x0, &(0x7f0000000200)=[@acquire={0x40046305, 0x3}, @acquire_done={0x40106309, 0x2}], 0x0, 0x0, 0x0}) 16:18:33 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000000)={{0xa, 0x4e22, 0x4, @mcast2, 0x8001}, {0xa, 0x4e23, 0xfffff801, @ipv4={[], [], @broadcast}, 0x80}, 0x4, [0x8, 0x7, 0xd29, 0x4, 0xfffffff7, 0xbe, 0x6, 0x7]}, 0x5c) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) fstatfs(r2, &(0x7f00000000c0)=""/131) 16:18:33 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x802) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = creat(&(0x7f0000000240)='./bus/file0\x00', 0x19) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = syz_open_procfs(r2, &(0x7f00000000c0)='net/ipv6_route\x00') write$P9_RXATTRCREATE(r3, &(0x7f0000000100)={0x7, 0x21, 0x2}, 0x7) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001080)={&(0x7f0000001000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x4, [@var={0x6, 0x0, 0x0, 0xe, 0x2, 0x1}]}, {0x0, [0x0, 0x30]}}, &(0x7f0000001040)=""/13, 0x2c, 0xd}, 0x20) r6 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) r7 = creat(&(0x7f0000000300)='./file0\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000200)={0x0, r7}) r8 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r8, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$FITRIM(r8, 0xc0185879, &(0x7f0000000280)={0x1, 0xffffffff, 0x3}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000013c0)={r6, 0xc0, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000011c0)=0x105, 0x0, 0x0, 0x0, &(0x7f0000001200)={0x7, 0x5}, 0x0, 0x0, &(0x7f0000001240)={0x1, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000012c0)}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000001440)={r5, 0x10, &(0x7f0000001400)={&(0x7f00000010c0)=""/255, 0xff, r9}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=r9, 0x4) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) prctl$PR_SET_UNALIGN(0x6, 0x1) [ 1066.372013] binder: 27847:27852 BC_INCREFS_DONE node 3003 has no pending increfs request [ 1066.373446] binder: BINDER_SET_CONTEXT_MGR already set [ 1066.373454] binder: 27848:27851 ioctl 40046207 0 returned -16 [ 1066.373512] binder: 27848:27851 BC_INCREFS_DONE u0000000000000000 no match [ 1066.373623] binder: 27848:27851 ioctl c0185879 20000280 returned -22 [ 1066.373831] binder: 27848:27851 got transaction with invalid offset (918, min 24 max 88) or object. [ 1066.373863] binder: 27848:27851 transaction failed 29201/-22, size 88-24 line 3379 16:18:33 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$P9_RCLUNK(r0, &(0x7f00000000c0)={0x7, 0x79, 0x2}, 0x7) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/user\x00') ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000200)={0x875c, 0x3ff, 0x8}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') ioctl$UI_END_FF_UPLOAD(r3, 0x406855c9, &(0x7f0000002380)={0x3, 0x1f, {0xaf, 0x8, 0x7f, {0x0, 0x1}, {0x401, 0x3}, @cond=[{0x6, 0x8280, 0x1, 0x1000, 0xff01, 0x9}, {0x0, 0x0, 0x9, 0xff, 0x1, 0x1}]}, {0x50, 0xff, 0xd4c, {0x100}, {0xd9a, 0x3}, @rumble={0x81, 0x26}}}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r5, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r5, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r5, 0x0, 0x487, &(0x7f0000000280), &(0x7f00000002c0)=0x30) write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a2900"/148, 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) pipe2$9p(&(0x7f0000000240), 0x4000) sendto$inet6(r4, &(0x7f0000001380)="fe8df4bddd71afa1d73f6912d10fde831263b11d2dbef5ab61cf1a90273dd827e2d393dbded6614ac07df473ee49687170f3c55f71888741cb4eba67e98df26f477351ef9b617bdb8c208a7a06c32effaa8dec0f8b1e900131f3d5f946354193152726499425d1eb2115aa96f1d8c05de4e71d168aa59f0b68afd793a74fa3c4bfcc1f9978f51bca3ccadda3e63add00c70deb613e143724ec3a59798c1c2a775922133f7fe85f0914367cfceefc8773964caf8c1fa58d4b027052f8b805a076527941d07b09b743871e1918c33d1116657d7e9175ca72b33c5759f728060e56a514e23dac6ff938cb0cafc0f6c380d7185f3c73ccefa0ca83bfb1162bc5bca60e1b0758a2d24ffe874bd1cc098bed03247a0247422e46fce36e002bd604ae701e079d4605962bbbf8bc31addb03a847cc5946ef687e15cc1974d389b98b6bc4abdf05ae223f9208509243c2207703cd560f53b8f2231bf766df5b41715055c0c16e9fb14823f8fc6fd78101742243d801e10ebc104cbeba5310ba70f29968d479f5faf849b216ef50fe821f8e3dd01c7b116cde9866d108862a22c8ea3b50259db3dfcc09449602d2bf6c7c9ca7c6270e2867fc9f73d764dc779086d3aaaf7052e2aa5d5f5dda253d24afe9be0498ddede5cdb2cc285cd161092b739ae419ecb442521608cd2a36c08531f2344b4d11567aa3493addac2577ddfff9aab5b80000b3ad7e0db57202f5e7eb4ddc208c03332d54286941e0ae61824c9efbec30147676605f32a6d7412bc2d539b8a4d14c42faa99acc59933ae336cadd3040d9dfba756a676388cee22610f21bf46589c38254de0f19ce739be17f0db6791ce8025b4bcc3129a1c5f336d0f22c514fd46823738bcc6f3dcf5acc8967a83f4d4a26ac95bdec9271967f384784a8b95a0bd8c83e546b81d1f3e23e0b666cad80ad1790cd00083f14415e2811a4298c193bfbb389c36bea9945c7f5a7b9b3b1dd3bdb4f3472fb22705ff879870d825f940793576ff83503fe6842d515b7573861c857a90d7f45a7e8f2999b3fac12ae78e4e0fa9fa3902a40f2167019ffbe0e5ec2a73469b923319ae7c15cf4d9eef631294e4cb040cc239a01747347e0a4537d96de7c74fdd031218567cd7b9a0fdb0c029691f407d52aa459139985bafd40c6fb76602437550ac5925e4693f6c0a0b117f13ef6e83757045351a1d8261de0b10c98df89ac80e269cdfae6b34c174166200c7d5d930e60709ea96137fcc831ffbff270c1b991639bf9c717fd3643abe7951680f385256ba83eb0f30bd13d33241eb6b8cded77ab13d9447482cd86e3b04e0327e486f32c5a0ba83d8352167ae2d9fd69523a0b8ee396b49e76a92ed5f5b63cbc5ef18248e02bb30934f7001bc8688189516841e71aeeb94058344694097e446916eb18ab79f079c3be08964dfe9e8294da6bacd4c143c4d6dc969b66d586d0d09c65599708fec338ec7bad99a6a27b30f70e9f2afdc03e9922319ea9eb5b84c44a27caf88ef2e770f8ee35f3f5f9b7d8e30b10a354da1a99cb77ee488ed751f0046e7233b6eb093b468da07658b118a5eb74f5edc90748388d26033d6db53fc533b216c1c2182f7c32514703727a9683ddbdc5b437b2c96c3671b46d024b02ec195b85eaf6d5ddfde1db678385c6508ceb5ae8ae398a65c1e527c6a3bde8a00a96dd06451eaebbc4823846a3ccb2a94ff315af94f24d427830b0a3654e4bfd70f51faa495d3e623d061fe87c1f1c63d27a4a83f4df5f63fb8dddb05a26a130bfdebde912dafc2cc4a6c4e1c642210f12691f2a2cedd7188b68e894af88f9520b584556461989386c8f8f4879a1b0d605429887c9f701784a466eda41a03af9eb292c129e93409554517a690072430591448fceb2eb278d261c0a9cadd8d6f3577c743651956b4b34998a864d0b350bbaaa279f0c1a7847fe153484d29fa7fdc8e5b89890ef3e7a9018327981d44b32b4c304e4374729e5aa17422d5406090c8b8bb3e76a0e4b4b4f2634b17a6978ab26246e654b7c551c70f3a27b189a7605467522b2ed028b2b3ee8020777af55c72ab717bf701218956e10997aadc3d92f07e2027520339caf7974f9e1a22541bbbf29868346422455607449cad011369c56579fb62c3290526eccca10d579dd59feac5568fdec1f71ae922da891154648f3985c4b853896159cdd7e6277898563a54663d43addce27af15bd653e30dd6d34f6c5e067f5aa0aac41468aa3a922c34b536a132c8c4c81ee89970f737fb6ac1b7c5c3b47a365eb4c2eb3589b4c5a6acec32949f7945a4128ca35f05bd3dc06a72003bfa80addb13479c2cd2a751ad8f4d785e295502dd79cc1b7db65dc58107cdb8efc722a2e9ade984c36224ebde1f0969c563c4529e517c6147d3f52ba69af9497a11c36869062fd9418d4cab21bf1bb6b107cf44bc3b964eb40742def1bfbdcced882884195c8c0579ded285a5c0cc4a8b7add2fd08e6eb2966e4ee272dd41baf717a1b1f22363bdccc4f9761c387b13f4eefb698513895926dcebe1ae8f0dbb39a86aca7e3f3e6d9d17444be953b0948f13dd37a0e454d80e4b1c287f659c4f1ac32783f0c2ecffe39855a94afe77f7ab9c0c758a69889f1a1b144d9e2a1093d7dee29b81128b36a5d51948ec9153aa789291fbbf05334c363e1959e66c313196f6380cdc6d0b713ae910caae1493fa8cdb6aa8227f7a254036e656e050120e92375d6e68228172bb74da8e1ea540caa40e89ab755b7e935f90ef841155d65ccedeca7905d7ea14d6288755d7513d734a4bc957e85a6978267b77cc87b01a953fbffba6edbdcebdd6d14c060a3dfffc10520ab6eebac0aedaca4f635e5e8bfac12c5f81e4c2f1a9ca3d05c994e524381faeecf379015d8b7f567c69ca838aa632d507ae2d6393b9d0a1d238644a0079b24ad9f4116f38d6187944d73c5783e7f6824da82f4833f2e230af27e471fe04837ef57cda0807799ce4bbbf7ea068735a6ec5019c772639ac71b8e9ed88ef6713a690d9b67a3555bfc7397dd816171862cc1bf3458cdd2963bed67f943ad26e7534c31a87ddc8e1d51df6e7aded80f2010c261b52f693e2cf7ad9128ba596c3416b0c257d50bbf269e360454fd66b048f2e34d8603846a41d04669630fd886aec48146e8b828b391a835657c05961797ddae9946b2fe6865addcd254bc53868ce94c2d910b9c93c742496dd0dd7f6dfc33304e464d84f8410ffa62d8267c8516e857efdd35134497dbf68ac649e3e9e59d3175609a8ea9f08bbf1ae28d64a4bbe0219b3e9c3a257c12380c3f81216ee01dacee3409d64b2a4eafefaa808a20f52c3a21e369dfada5121131205262cf52c2530f7904db5c44e966ad7f7e9c46d5245d85a1525d05d1688535768fb44291f8e611f08e4e7c27d041312d188aa963c4003cce7aa54eb748fe755d52089ed31acc8c3dd64cdac7a2ab731e615d53c8e0d71a074db95be0dd3c8773cac396ea223f68d37f88761d7733c5cd6a380d3a72119f3dd93848ce2365e4d02623f1f612444f0cb9703b6122b4e046c5453fe44e8731c13e54536cd4124bd856dd3ca902bf33afba22c84b14eb2b5724e929aee4cee7a4fd36b9f24f073c77368b4972028fe84d5bd660a620515300d921188da132affa06321010a8078796e337b8a0ba9a90771a87189290d398af1e81e27401c91bdae114c3f7cf45e5d592403632bb25586e12837b50766fab807396e3ca40918b9f8edc9352abb00256b8290073269f405bdb8dfa10ee8c0b7917964f663e972727e41caf03bb1db4f7a5560911879e833052b9d472c13b7cbc7d3351d6c3719a2cbe4ee5a9135ea25e25e993f9b530f1e27ab15322fb6cda5f02c035d0542fdbd076d5e472900f10462fdcbe3afb3146f80bacce83bb8a5f287d4c0b454343edcce8478d8d41912ebe1fd4654fa6b03d612b7c814b1a653b0531c3115259c41608bb79486682194029bed5321b913254eb2868788a38b96a4c4fbc3a0df44878a0760e6808dc85cd5997f1b9f53c3a7962f96f97bdec7a5c44e969c3a1ece82c9b14ae4e5bdcfea3752f8b7e16a4500f695eda55d2f2311d0b5118561f8aaa028d81561b57470035f5635c7b81fbb6f2262e38cd1f11c59290ba5ce4e095c2dddc9600090d49facc8d9b85776d132ccc31fd3047feb3abc83581c64c364ca981ec0fff5fe784f35bce1e4c85132ad2ea9e081b92cf0fc0dd21fa6cbfb8573ad2443f8082bca830e36a1344522db66520691ef3fcb4b4c23c29d1d83f823a38ffc19e5963178130e7b1311c202512d081c318c30f3038b4b0901c729d4627c1b88a1a865d5f87a1d805c9c8ad3392c29796903197c09947e7aa61cc10a42d316f2e2370369cf01d89906f41b34d5243543111b2708bbdbccc939fd6d5077d6efcb7b74ddc6bd03753b2222513c5602098e6bedcf963460856c85f593963e58cf40c9f18cca5da2ea853979b8a59ae72f75e64e1fc3ba99a010f177cea1cb4abb1f9583e487627995c75c772fc9f7a253af864ae939ae0e2aaea0f7df978362f07ad45c127164399805b75b8f9075ba517936f8b50d5572f73ce640116c5a5b572787b9b6d3e7f1216954bfbe0e5579795aed23a917149b4aafa0063ab90c5de8c0586cef7b8d268b9e280dbeac721bd68517b73cc2552fded64e482f2e496acfc3f12fe6d228edb13d579b06c537719a3323c6ea958cb6201dac6fe9801636d920e6b75a427cfa98e178720070cd674297bdbf2f4f2264f4606dd7b87f790400f3d789e3fb21cec7bec6805267cb7bacf27333898f6d00b3d847533786d8a7728535f07437c7d8631159e9274cb9539781d7418a2055e457bf710d2a97fa126136e6dcdead9c176f49801d07127572d0daa68effc35f183dd45df8b13e988a6c04ea6b2096f998457da768d949ec8469865879a931a4761a5d273ccd783b15e3299ea8be397d68d25d72be083127c98dba0b049ba7f0411a3d1f230db75a835742bafdc47da6c1541457f78d1bfbc910f8a35cdccab639a9e3aa9cc123771a2aa7851da5b5018aecc0bb169961cb7804b045ba5cd7de36cfd0e413968c48d4a5de3b3be2b5189afcc151f182c4f6684d7b101672958e90cd35ff0c7a24244d535c7d53e0a75230e017722fea099c71203280188cf7767cc7d975e054b4d3d7045eaae91981f97a911064c23670b30210db984f7c7ddc3643193e1ae36a2fd05689b8dabb49222e8d6eb38c41ffcc3f6582420de58a8958d09936fd6d8ef9554e4c4f7445bcd6d4436ff6bf3517409208d7f2ba0155077f04cb733b0f1792abd52387e543f6e49efb43d6dfe2586f6a9bd977ae7c68c32d89d3d5316fd37bd2d9133dff9bfe11860876a43efcf559ae22dd8da427728bc170051c379f107efc43f554b5de31044e3f613f3a2d36ddc89361903a1b0b27f8b7c310dc82f3cd229f9c6a0c8e34d90fa024809221ebf5c23f82f1d4530740533a9cd78cba8f12ef3895d7ff81ffbc1a2ef533bda8ec300ac27b03ba1635c731072e5fa15e33746c45116266eaa5e537aa2f747cb58c266e1a3815957e964829984d805e524cb79c32f782e281e9787517cb8b3e8ba0d162680438e829ddbe168efb366c0bbb03cd334d0c35f90749410797198955290aa657b18fd903b2cd9abc9ab33e460dbec3273ec866e1c93d7a905eb49a87c86b3a2dac75120599eb3c4e7c50f167dc7ad0a172a6465c0880226719e0ec53d5464cad8fa23dc2fb065f6a566f6", 0x1000, 0x20888, 0xfffffffffffffffe, 0x0) r6 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000002680)={0x5c, 0x0, &(0x7f00000025c0)=[@clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f0000002500)={@fda={0x66646185, 0x4, 0x2, 0x1b}, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000002400)=""/245, 0xf5, 0x2, 0x18}}, &(0x7f0000002580)={0x0, 0x20, 0x38}}, 0x2000}], 0x2d, 0x0, &(0x7f0000002640)="54b77e469da15132eb7409dec33399203ebba622fd6b8d4c30d5880519cc3268e6b412ff6698632b026f100490"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) 16:18:33 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x6) sync_file_range(r2, 0x4, 0x8, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:33 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1000, 0x0, &(0x7f0000000200)="d077434a5003f65321740a046c841a6c95903ec082034d27c02fcbddf8d880a31a97ef57dd91388ef3caa351100d559e379c42c72983c22e14fd3d0022a85ff48234d5ac8f1591728de83399592ca74e5d078dafa5afb2c69fb11bd1ba591903352e89c4f2c5632202e08573f8f4198686b278f696f3ada3bee826cd58a4c53f565603ea75bd507757fd6c8fa408c53edfb3d37f4d9ad3289b05f37a3d22c86ba0b6b5995cea5c3505d38de93914faa052d40749fbaf22c3b1d766be9b4a08fff08a4fb6811146ffa6a613f3832a22bcbad400241e5d828afa3c999e1b22d8d23b2049d4d8658e4a1b44fb692cf9bced4e9de1a25d8a44fe26a3df109b3e4e3e114a4587fcf904b0a2844c0a40c41033cda27c43d3d9b146e207b0d937a1712b68791d0958dea846b6368c518c4acf47f70861509af1e913ad48c5479c8aaa8af7b2c8f04e7b26fcb344677263f8543db786b6f6ed70c9b4f9c1e66911bef2e0231f6bbaebd8ed2a0c9f7c76af76014046e2786575e68a96e64d92472fe3ed32b57576cd66a2a198e3b4ba4324cf2635ea9d5f908f9c770280d5cc5209dc397b7b48a43b44cfb2ea334ff5ec18aaab91adb71d1f8dacf41de0ae89731c25637378893b6951b30f02c8cff1671818acb76f9502649b8b79a99dc29cf40e5b44aeeaf9d8183d04dccf5ace17c41b5f974f62f6652ff8eea978e9c4b1b0b660302cc74e93afb87a1d43155954240b618fb04b923dd95630a217f9806b8d426d2c800366ec7049a0aa1ac95f86870ce032bb35efc1ba113fc11716d6667dab854c37a287c933cf5a5d076e3b1855884d3ad14baf834d49d5cf5be520236afd39d525b4fbd006fae4c3eb2804c553ed2c2b877062dfedbe3900ae5ad77c754e2f191bd8363a56f7ae747d608a9ea354858225cff73d9f5128d1b69520b4ddeb84c3a869c04aeea5200f04ebb46f257eb02b968208f749eaf796529b4f21af4631ade1bf377c10e5f0cef7fe6521826735acea25f17fd15cff56cdebee9c490bdd58020d72807721ec03d1a70a5140fcd4992362bd7925b2112d78d54d4855e6e4ca38051890c2195424af4b76adeac4b0008200ce988f5eda3dce1a7c17ef6e1360803a9b49bfea9c2f48bd0c73eeb76529e754038b0acdcb2aa45762fea1a9e4b26edb7fc39a1f9f89dc5c123f927668739ad5832927be135984aa4e4bb493d68b4c1b91367f474d8571e0322b632f0e6da3c7313ea4e0ab2ba5f2d9defdf55f5794008e6b37cb667fb6e4e62908bf1d7611243986d447e0c121c625d13b2eff1079d798e88b1b772584fafd9318d640c17b2f1fb7385e6fd408c5d21e81e471914eb5eec3e321d821a2f117c5d0254872f4c4389df2f66f86b54491ac5165546761609cbfe573fe973a81a531c1183213429f6d030f1499ef84a7745c5a1c354f146c06f9bdf565fb60c8cb3a60ff927578f023381d6e0e71045dd5eaca102823790b3b38e9426ddc069e0be32f081bcbd0163dffe54b6446cd0b59018249fc1413e12d1bc90faa9b84736f2619004134146441aebb89c91773a10dc2f5f2a7943ae96933e1a1dc576eddff7256162386d7df586a8cb0ea647ff24bbf6ed15c8e700ab4a187448ac6f5057960ebdd271b8d83c2487d778c7e968c4a64d58e0c551898ed6d562ea5e8305cdf7a5a8869d05b285ae53261ead30ba51d689151ac6676760026b11c225afd0d8b250cae10f801b095db811c22867c7a6e8d13ff3f644a2afe8e94a06bede640e33401d6e77a36599e3c100e45b52d5a36831d45dbdb7c03ea5ba82f239dda391699db0b47ccd11d634fe3b58bb797afe97a8092ac7334b06c331d0d3d056f6a7f5752ffbc12496a8b0c95e9993bc7f43a55ef0d601dd84396b421d14e35eed85c9afd56e22076d15a53ceda3c2270d2bcc40dfecb7a3a2df503c70fad7963ea4ff887a6f329940981f891bbdeab71eaf5eee16a76a3c17228185529e033228c663977d3fa43e37495be6e536f2f1d57031a0acf8f96f60c475c681c0169dba8ccddda3d02a72a9cc1142c6a8729937ea8930e3014b6ebed5eda2c7fe65cb33ed081979fbe4f2ea7b4a4065d48c74dd6eb881a6b05a4f98f1ccca7e79bd86b63a3764c3175508884b1d2d575628db30c121e6300e66151ce4229578834c9af2bee4e595e06570a9cba22ba17042c63ac57987e4c9c9682bfe04671bbd72da9ae74b9a0c904a1386d4d5f298d94f24a0017d1bca7661e73e52971809380d3bc6c26fb6e2220a2bd4546a5c9bac0d2dc6234b7b733a6f78c7cca184833d69deb3c0c1dc3a073446a5d651271d581b1d639d51908b0ca6c35d0426b3bff97e5497dce24f7fc3547b9fe720d63b970ad3e7c8de88274e80e24118f5ece18eef4a38d7e1d1b4c04a4fb38ba03e53134750be86bc2cf81d13c9093cfa3b609c1f60692f1ffa931b7eb954458eb8b16e4664efffd3f52f32e2f59e2483be990233dcdc637d66642869228bbd8994433663265b5c7790559868ee875f207007b5d92ea93866ca6cdd04289acb4748b425c3f6ecd937fa005c47dcd0ac26b3edc72013aeed263468e459e47179b6163934253a7173c88b9e02d4ecb36fbe1ff957a7b322d3518a7a4219d7811213a7fc548ae2ef3f044414afd9da5a7a1efd5ed589b0cf3fc10c3ff007815f0ccaecdd4eb6d4cd4b78daf7014a8f4d7918220aedbf11c56902718c4c313d7c0ddd754d53a5fda83d3be32571a0e8b50b393dfb2ee5f859b168b3f65955ee07f645e390b3b5fc660518c1be7c63ed1f03b821392aa985f5ae0f368c3ab6646128b615f94b432e1fb81d26a20d5795dbe5cad156b4906f3b43875134d3712a3eea1b78e58c04195d0e142a6f6d87d9f701740b6459d41db3192a1b70700b12baa8a1f7188a4f0119227959dba83bc30e887e0f3729e0f7d3f4e2b1f5e55f32481aec9c986a4bfd82677edcf4c333e2d64e44249ff6cadb74b8e88b92e31b5d37d08d15662222e87454b99198e05726cba3a78c3b38ff8d91d414aa348a1073a60c95c07da1abb47638c7b5d5f968238f5373d69a501951cc18e5756b4114c154136bb0fb4a126f233274dce7fe236f901315e6bd5a8f7cc007f41e052fad754d1f67d4ea085cbc1ba52cebfe55c21dbab97ac9210a8279bd37d152d8e2b309c3602ac58954381d13574e9a3332fe137887dc761f779fdb0b02078cfa0688f78cfccc06785188882809dbbe9fb5b5b23334d6fd07d4d63ce13edfc8eab9bd3b55a73fc71eabaa82a46f3622389449044fb4e4028327fab830292d0c655a5190088d312f7d8d8ed0f7b7fa11e4e8eaed56dbc985aecc471860ffdde2f56df5bf905fe2876b031d1627ec593e140bd1a2bc584094cb4f40cc10eb1f266ead18f1e202ec6ba1ff2fec56d9de14f67c56e12fdcc083879db54aa19c7d30aa2fede99d3579ad1acf8a9ac584948388303dd82112336508a30d453284ccff2f01d5b471b3cb124b383d7eabc45c08bddf0a07ff6c1cb6aa63b91bebecb16cdbf5d7212a85965807d7df5fb52602d8641371f082eb9225b34865fd8615c8cad664707a21560d29c9b565481836e52cfe9aff3df2b63ab7356e49e23990cdc207e5a3cdb8791867b0bdd13c320a008e354ea6dc4f0dc878e1c821a030b395c25cef08aa2d05cadd5dc6560a704d4fcf19cce03d75d35e97d41decba247f092ee5560319d77244bf01a2d59426752a4d408d37ecc1146b46e13f10c02f5207c9be2f1e8c4b5e5f592f1a4059fe8a34faceaa60177a6012238592f703e1498bc40a55be9efc1c6958fdc39b47b2106961f3de02b427e15a19a3d59aff53be103766939d65a8be2799873b8b8199fc1655ef86289158294ff65b3ac5df42b06e8082ce52a004952c8a6846283f54a392876644195674ae5c30a82129ab68aaab7e2988d4d613fe9c9d7fd5a7893ffaf2b0c909d4008d373cba74592225400c44fa5cac104c5d6a9b14bf821a6597667cbc27da036e773342396233279e74136cd970e8587a3c69d351cd29e534f77f4dd8f55b027132098bda54fd91611c87ca39d592c46d3a31e9d6f95c9614c3f02da8d4ab18464eae7f4c93d7efc6d2f63e04f6fdc89d83f0db79f28bc1c53f6584405df7236e313f60d28119d280731b96aa45203a78a4bb8f8fb10463eebbdb5b60ace533157ac592081534ebfc478ff36ecfe99da3141a68c51cc0ebc2ebacfc3433483649cdf942f2d8d7f7ac7cb91284f308781aa44484f1f58b271ca920d5650ce9af828cc518a4181d90c9dbc1e43ca7442db69bfe5b76f032cbff3ffd2e33ae5760f5e84753a5308d1aea1dfcfa11b29ebe45b4485987f2b1d7ddf9ac1502d966a40fa86a213588689e064248c358b20efb3de41d8b5a114182ecc486fbc0ecf2e8eb55de9f969a23276b5ac04a244d65c523c73f23459fba35a997f1b4c8d4c4d0b72374e91f35334ecfb591c2259e8878c0cf5716200a751421c0d3847343adca07ab5c69cd42242c0278d527e13f56a150740c1cbe98d72452cdc2eab077256da04c034353ad9dce886dc4fa40c6b00f0a87bf8493bafac9027161cd43fc07d65ec77f6149f43d911b24f366aa5351c481981d42620d2931f626a1a3e12f632fe27ab6780a84fc8f086624e4efbabb78ab9ee61e1677b35542ea4533d81aba085597f617ff4c9b321fbd402494c74bcd19a40fd0ead0cc0ea4d62442d997eb30166ef44ea4b2b8812a8e582ca7c12c16a894d4e4898ba0a7f2b9d4c029acdb657fdc405e338b4aecfb977ff51559c1c8fcd9f26c1f6c31bc57664d71032e1166425b03f9a7aec1ef85b5ecec1164e5112e21be99a8a15fa8d636325dfa0fa1e6f00411807853320398452dbd056bac1806717eae36f727592371c6ae1d3c31c7d359ffe661ac3a3830da980cc0533b82a7e235da3cb033b292888b7ddefbeef64db8f70c187baab1ac08bf66c441b4a56a5fa2f953d5c5f2c070a933c49186b005b108ffc38bdfa9b511cd5be91169dbc4ae0a46291ef8db4ad3c19591d4fdc0f36120fe334b63af9cd2dda403c1a86d1c6000bb24b0385e2dcca98467dcfd858b02f6f2b9b2d8687b6df8b945d20005e45af3e6342fe9d52a4b63cd398160ae937dbd890c972c6a73b49e11777dca91f16e27b75e76573a1ce8c5a3a37cbab7b1343d97ac9c871bca44505f33a1ec572a9ab48bec59769fd921daefb57818f4b98842f412114f55fb2ef98b0ff8fadfdb0d8f6b91b9e62ec81f40fea9f844876de50115485a1e92b3e3cbeaeb72f1559f128d45762be1e3d0328f50d19523f2b61cdb450f7fff0368244ab11c6764bfb594cf27169d9fcc727f8d22ba621bcc40b6c9604b7801d86b95988a631b32e73411ddb798aab02277780c7dd30e8f1a27c7f15de3c6ed81490fde026c41d40858a2e5c4b92e146620fe9021a01ba807249bc14abf52414383113353e7b9a18f2da855690fe2f4ce9f2d01e9e8a8f1f2809ac30e7b20bee23b4f205377f50a1c3d899bc400bffc7f44b8f8762c21761039e7761703e9a876f76d1d6a6aef39d46bb115287868ab2bf1fe9729e72ee1f2c62ed9694e94da912e215e72b0e18ec1899e7ccc7fc2b9320fcfef2337eb5e6abc1b6bc2f6dca6d1c6380456586bc14161605110717a1675f8f164cf18fcd943b0931c24e4480b67a9bd2e90c5c6a6521464a673f65f28d5399a7234b0be5e54b3c725378a58912811a03c929e567a224dbf64f05772d1255a2243a5c694e316312"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000001380)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e6e2e5c169ca09d40175ca629fc3762cdb0d2ced9f1d11be5dc5266f4771a4955a7f9d9ffa856db1e6496fb6a6479914a109aff4cdcedc7d07bae6760a13837f62343caa90d610cd76fccb55729202bb741c578672df47652351ee"], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 1066.374128] binder: release 27848:27851 transaction 3004 out, still active [ 1066.374132] binder: undelivered TRANSACTION_COMPLETE [ 1066.374153] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.374688] binder: send failed reply for transaction 3004, target dead [ 1066.375790] binder: BINDER_SET_CONTEXT_MGR already set [ 1066.375797] binder: 27848:27851 ioctl 40046207 0 returned -16 [ 1066.375827] binder: 27848:27857 BC_INCREFS_DONE u0000000000000000 no match [ 1066.375912] binder: 27848:27851 ioctl c0185879 20000280 returned -22 16:18:34 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x4c, 0x0, &(0x7f0000000000)=[@register_looper], 0xaf, 0x0, 0x0}) [ 1066.376079] binder: 27848:27851 got transaction with invalid offset (918, min 24 max 88) or object. [ 1066.376107] binder: 27848:27851 transaction failed 29201/-22, size 88-24 line 3379 [ 1066.376412] binder: release 27848:27857 transaction 3009 out, still active [ 1066.376414] binder: undelivered TRANSACTION_COMPLETE [ 1066.376440] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.380152] binder: send failed reply for transaction 3009, target dead [ 1066.409956] binder: 27859:27860 ioctl 406855c9 20002380 returned -22 [ 1066.410691] binder: BINDER_SET_CONTEXT_MGR already set [ 1066.410698] binder: 27859:27860 ioctl 40046207 0 returned -16 [ 1066.410753] binder: 27859:27860 BC_INCREFS_DONE u0000000000000000 no match [ 1066.410863] binder: 27859:27860 BC_CLEAR_DEATH_NOTIFICATION invalid ref 3 [ 1066.410873] binder: 27859:27860 got reply transaction with bad transaction stack, transaction 3014 has target 27859:0 [ 1066.410881] binder: 27859:27860 transaction failed 29201/-71, size 96-24 line 3061 [ 1066.410995] binder: 27859:27860 got transaction with too large buffer 16:18:34 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000001480)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x0, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000100)=@req3={0x4, 0x0, 0x6, 0x401, 0x6, 0x7, 0x3e}, 0x1c) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$P9_RREADLINK(r2, &(0x7f00000014c0)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r5 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x350b3a201ef2c9f2) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r5, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x48100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000001400)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0000bd7000ffdbdf251000000008000500ad000000080004000000000040000200080005004e24526fb626ffffff08000300868900000800030000000000080002004e2400000800050007000000140001005076d2a1a50ac122192b7f18b091f20a00"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x4020000) sendmsg$IPVS_CMD_NEW_SERVICE(r4, &(0x7f00000013c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0xc20000}, 0xc, &(0x7f0000001380)={&(0x7f0000000200)={0xf0, r6, 0x20, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@rand_addr="167ffe22954fd70cc6c139113151fbb7"}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3eb}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1f}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xf56}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8000}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x401}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3211}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_TTL={0xfffffffffffffe9e, 0x8, 0x7f}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000004020000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) [ 1066.411026] binder: 27859:27860 transaction failed 29201/-22, size 104-24 line 3493 [ 1066.411284] binder: release 27859:27860 transaction 3014 out, still active [ 1066.411288] binder: undelivered TRANSACTION_COMPLETE [ 1066.411294] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.411311] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.412107] binder: send failed reply for transaction 3014, target dead [ 1066.412850] binder: 27859:27860 ioctl 406855c9 20002380 returned -22 [ 1066.413824] binder: BINDER_SET_CONTEXT_MGR already set [ 1066.413831] binder: 27859:27860 ioctl 40046207 0 returned -16 [ 1066.413861] binder: 27859:27861 BC_INCREFS_DONE u0000000000000000 no match [ 1066.413956] binder: 27859:27860 BC_CLEAR_DEATH_NOTIFICATION invalid ref 3 [ 1066.413962] binder: 27859:27860 got reply transaction with no transaction stack [ 1066.413969] binder: 27859:27860 transaction failed 29201/-71, size 96-24 line 3046 [ 1066.414040] binder: 27859:27861 got transaction with too large buffer [ 1066.414069] binder: 27859:27861 transaction failed 29201/-22, size 104-24 line 3493 [ 1066.414393] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.414404] binder: release 27859:27861 transaction 3020 out, still active [ 1066.414406] binder: undelivered TRANSACTION_COMPLETE [ 1066.414436] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.419678] binder: send failed reply for transaction 3020, target dead [ 1066.463703] binder: 27865:27868 got transaction with invalid offset (918, min 24 max 88) or object. [ 1066.463740] binder: 27865:27868 transaction failed 29201/-22, size 88-24 line 3379 [ 1066.464091] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.467483] binder: 27865:27871 got transaction with invalid offset (918, min 24 max 88) or object. [ 1066.467524] binder: 27865:27871 transaction failed 29201/-22, size 88-24 line 3379 [ 1066.467741] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.497097] binder: 27870:27872 got transaction with invalid offset (918, min 24 max 88) or object. [ 1066.497488] binder: 27870:27872 transaction failed 29201/-22, size 88-24 line 3379 [ 1066.497799] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.505240] binder: 27870:27876 got transaction with invalid offset (918, min 24 max 88) or object. [ 1066.505276] binder: 27870:27876 transaction failed 29201/-22, size 88-24 line 3379 [ 1066.505529] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.550627] binder: 27878:27879 ERROR: BC_REGISTER_LOOPER called without request [ 1066.550633] binder: 27878:27879 unknown command 0 [ 1066.550641] binder: 27878:27879 ioctl c0306201 200000c0 returned -22 [ 1066.555183] binder: 27878:27880 ERROR: BC_REGISTER_LOOPER called without request [ 1066.555189] binder: 27878:27880 unknown command 0 [ 1066.555198] binder: 27878:27880 ioctl c0306201 200000c0 returned -22 [ 1066.663451] binder: 27882:27883 got transaction with invalid offset (33816576, min 0 max 88) or object. [ 1066.663476] binder: 27882:27883 transaction failed 29201/-22, size 88-24 line 3379 [ 1066.663674] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.852126] binder: 27847:27852 got transaction to context manager from process owning it [ 1066.870658] binder: 27847:27852 transaction failed 29201/-22, size 0-0 line 3129 [ 1066.885234] binder: undelivered TRANSACTION_ERROR: 29201 [ 1066.891266] binder: 27847:27873 BC_INCREFS_DONE u0000000000000000 no match 16:18:34 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) stat(&(0x7f00000013c0)='./file0\x00', &(0x7f0000001280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ENTRY(r1, &(0x7f0000001300)={0x90, 0xfffffffffffffff5, 0x6, {0x1, 0x3, 0x3, 0xb5, 0x10001, 0x8, {0x1, 0x8000, 0x80, 0x4, 0x7, 0x0, 0x6, 0x7fff, 0x1, 0x3, 0x6, 0x0, r2, 0x7, 0x5ac7}}}, 0x90) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) ioctl$EVIOCGSW(r3, 0x8040451b, &(0x7f0000000200)=""/4096) syz_open_dev$binderN(&(0x7f0000001200)='/dev/binder#\x00', 0x0, 0x2) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) [ 1066.891281] binder: 27847:27873 transaction failed 29189/-22, size 0-0 line 3138 [ 1066.891723] binder: 27847:27852 Acquire 1 refcount change on invalid ref 3 ret -22 [ 1066.891731] binder: 27847:27852 BC_ACQUIRE_DONE u0000000000000002 no match [ 1066.961760] binder: BINDER_SET_CONTEXT_MGR already set [ 1066.961769] binder: 27890:27891 ioctl 40046207 0 returned -16 [ 1066.962326] binder_alloc: 27847: binder_alloc_buf, no vma [ 1066.962344] binder: 27890:27891 transaction failed 29189/-3, size 96-24 line 3284 [ 1066.968372] binder: BINDER_SET_CONTEXT_MGR already set [ 1066.968381] binder: 27890:27891 ioctl 40046207 0 returned -16 [ 1067.050046] binder: undelivered TRANSACTION_ERROR: 29189 [ 1067.062666] binder: undelivered TRANSACTION_ERROR: 29189 16:18:36 executing program 0: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x20048898) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="ea1d98659ba261a2be9f303b36b1f18a6b8a886b222957aecbc624877c825255f110c29bc35c06e98fc1db359a83a695d6d48f5687a648c83acf2087ae16960455b185370155cd751cc81a6f7a171c26aba292130000000000", @ANYRESHEX], 0x0, 0x48}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 16:18:36 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, 0xfffffffffffffffd) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="fa6208400000000008000000"], 0x0, 0x0, 0x0}) 16:18:36 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) getpeername(0xffffffffffffffff, &(0x7f0000000200)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f0000000140)=0x80) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000600)={{{@in6=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@multicast2}}, &(0x7f00000005c0)=0x1d3) r4 = getuid() setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@rand_addr="5ae812ded4097a9218048ccd4e744a78", @in6=@ipv4={[], [], @remote}, 0x4e20, 0x9, 0x4e22, 0x6, 0xa, 0x80, 0x80, 0x0, r3, r4}, {0x6, 0x1, 0xb3df, 0x2, 0xffff, 0x101, 0x5, 0x7}, {0x2, 0x8001, 0x4, 0x8}, 0x0, 0x6e6bb1, 0x5, 0x1, 0x3, 0x3}, {{@in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4d4, 0x93}, 0x8, @in6=@remote, 0x0, 0x1, 0xc56afa668269c0af, 0x6, 0x0, 0x0, 0x1}}, 0xe8) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r6, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r6, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r7, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r7, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, &(0x7f0000000280)={0xd8, 0x2, 0x1, r7}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@handle={0x73682a85, 0x1, 0x3}, @fda, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 16:18:36 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xfffffffffffffe0a, 0x0, 0x3ba, 0x0, 0xcb}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 16:18:36 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000200)={&(0x7f00000001c0)='./file0\x00', 0x0, 0x10}, 0x10) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.stat\x00', 0x0, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r3, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) creat(&(0x7f0000000240)='./file0\x00', 0x6c) write$P9_RLCREATE(r3, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000000c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000040)={r4, 0xb78a, 0x401}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000280)=[@enter_looper], 0x0, 0x0, 0x0}) 16:18:36 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r1, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r1, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1000, 0x0, &(0x7f0000000200)="d077434a5003f65321740a046c841a6c95903ec082034d27c02fcbddf8d880a31a97ef57dd91388ef3caa351100d559e379c42c72983c22e14fd3d0022a85ff48234d5ac8f1591728de83399592ca74e5d078dafa5afb2c69fb11bd1ba591903352e89c4f2c5632202e08573f8f4198686b278f696f3ada3bee826cd58a4c53f565603ea75bd507757fd6c8fa408c53edfb3d37f4d9ad3289b05f37a3d22c86ba0b6b5995cea5c3505d38de93914faa052d40749fbaf22c3b1d766be9b4a08fff08a4fb6811146ffa6a613f3832a22bcbad400241e5d828afa3c999e1b22d8d23b2049d4d8658e4a1b44fb692cf9bced4e9de1a25d8a44fe26a3df109b3e4e3e114a4587fcf904b0a2844c0a40c41033cda27c43d3d9b146e207b0d937a1712b68791d0958dea846b6368c518c4acf47f70861509af1e913ad48c5479c8aaa8af7b2c8f04e7b26fcb344677263f8543db786b6f6ed70c9b4f9c1e66911bef2e0231f6bbaebd8ed2a0c9f7c76af76014046e2786575e68a96e64d92472fe3ed32b57576cd66a2a198e3b4ba4324cf2635ea9d5f908f9c770280d5cc5209dc397b7b48a43b44cfb2ea334ff5ec18aaab91adb71d1f8dacf41de0ae89731c25637378893b6951b30f02c8cff1671818acb76f9502649b8b79a99dc29cf40e5b44aeeaf9d8183d04dccf5ace17c41b5f974f62f6652ff8eea978e9c4b1b0b660302cc74e93afb87a1d43155954240b618fb04b923dd95630a217f9806b8d426d2c800366ec7049a0aa1ac95f86870ce032bb35efc1ba113fc11716d6667dab854c37a287c933cf5a5d076e3b1855884d3ad14baf834d49d5cf5be520236afd39d525b4fbd006fae4c3eb2804c553ed2c2b877062dfedbe3900ae5ad77c754e2f191bd8363a56f7ae747d608a9ea354858225cff73d9f5128d1b69520b4ddeb84c3a869c04aeea5200f04ebb46f257eb02b968208f749eaf796529b4f21af4631ade1bf377c10e5f0cef7fe6521826735acea25f17fd15cff56cdebee9c490bdd58020d72807721ec03d1a70a5140fcd4992362bd7925b2112d78d54d4855e6e4ca38051890c2195424af4b76adeac4b0008200ce988f5eda3dce1a7c17ef6e1360803a9b49bfea9c2f48bd0c73eeb76529e754038b0acdcb2aa45762fea1a9e4b26edb7fc39a1f9f89dc5c123f927668739ad5832927be135984aa4e4bb493d68b4c1b91367f474d8571e0322b632f0e6da3c7313ea4e0ab2ba5f2d9defdf55f5794008e6b37cb667fb6e4e62908bf1d7611243986d447e0c121c625d13b2eff1079d798e88b1b772584fafd9318d640c17b2f1fb7385e6fd408c5d21e81e471914eb5eec3e321d821a2f117c5d0254872f4c4389df2f66f86b54491ac5165546761609cbfe573fe973a81a531c1183213429f6d030f1499ef84a7745c5a1c354f146c06f9bdf565fb60c8cb3a60ff927578f023381d6e0e71045dd5eaca102823790b3b38e9426ddc069e0be32f081bcbd0163dffe54b6446cd0b59018249fc1413e12d1bc90faa9b84736f2619004134146441aebb89c91773a10dc2f5f2a7943ae96933e1a1dc576eddff7256162386d7df586a8cb0ea647ff24bbf6ed15c8e700ab4a187448ac6f5057960ebdd271b8d83c2487d778c7e968c4a64d58e0c551898ed6d562ea5e8305cdf7a5a8869d05b285ae53261ead30ba51d689151ac6676760026b11c225afd0d8b250cae10f801b095db811c22867c7a6e8d13ff3f644a2afe8e94a06bede640e33401d6e77a36599e3c100e45b52d5a36831d45dbdb7c03ea5ba82f239dda391699db0b47ccd11d634fe3b58bb797afe97a8092ac7334b06c331d0d3d056f6a7f5752ffbc12496a8b0c95e9993bc7f43a55ef0d601dd84396b421d14e35eed85c9afd56e22076d15a53ceda3c2270d2bcc40dfecb7a3a2df503c70fad7963ea4ff887a6f329940981f891bbdeab71eaf5eee16a76a3c17228185529e033228c663977d3fa43e37495be6e536f2f1d57031a0acf8f96f60c475c681c0169dba8ccddda3d02a72a9cc1142c6a8729937ea8930e3014b6ebed5eda2c7fe65cb33ed081979fbe4f2ea7b4a4065d48c74dd6eb881a6b05a4f98f1ccca7e79bd86b63a3764c3175508884b1d2d575628db30c121e6300e66151ce4229578834c9af2bee4e595e06570a9cba22ba17042c63ac57987e4c9c9682bfe04671bbd72da9ae74b9a0c904a1386d4d5f298d94f24a0017d1bca7661e73e52971809380d3bc6c26fb6e2220a2bd4546a5c9bac0d2dc6234b7b733a6f78c7cca184833d69deb3c0c1dc3a073446a5d651271d581b1d639d51908b0ca6c35d0426b3bff97e5497dce24f7fc3547b9fe720d63b970ad3e7c8de88274e80e24118f5ece18eef4a38d7e1d1b4c04a4fb38ba03e53134750be86bc2cf81d13c9093cfa3b609c1f60692f1ffa931b7eb954458eb8b16e4664efffd3f52f32e2f59e2483be990233dcdc637d66642869228bbd8994433663265b5c7790559868ee875f207007b5d92ea93866ca6cdd04289acb4748b425c3f6ecd937fa005c47dcd0ac26b3edc72013aeed263468e459e47179b6163934253a7173c88b9e02d4ecb36fbe1ff957a7b322d3518a7a4219d7811213a7fc548ae2ef3f044414afd9da5a7a1efd5ed589b0cf3fc10c3ff007815f0ccaecdd4eb6d4cd4b78daf7014a8f4d7918220aedbf11c56902718c4c313d7c0ddd754d53a5fda83d3be32571a0e8b50b393dfb2ee5f859b168b3f65955ee07f645e390b3b5fc660518c1be7c63ed1f03b821392aa985f5ae0f368c3ab6646128b615f94b432e1fb81d26a20d5795dbe5cad156b4906f3b43875134d3712a3eea1b78e58c04195d0e142a6f6d87d9f701740b6459d41db3192a1b70700b12baa8a1f7188a4f0119227959dba83bc30e887e0f3729e0f7d3f4e2b1f5e55f32481aec9c986a4bfd82677edcf4c333e2d64e44249ff6cadb74b8e88b92e31b5d37d08d15662222e87454b99198e05726cba3a78c3b38ff8d91d414aa348a1073a60c95c07da1abb47638c7b5d5f968238f5373d69a501951cc18e5756b4114c154136bb0fb4a126f233274dce7fe236f901315e6bd5a8f7cc007f41e052fad754d1f67d4ea085cbc1ba52cebfe55c21dbab97ac9210a8279bd37d152d8e2b309c3602ac58954381d13574e9a3332fe137887dc761f779fdb0b02078cfa0688f78cfccc06785188882809dbbe9fb5b5b23334d6fd07d4d63ce13edfc8eab9bd3b55a73fc71eabaa82a46f3622389449044fb4e4028327fab830292d0c655a5190088d312f7d8d8ed0f7b7fa11e4e8eaed56dbc985aecc471860ffdde2f56df5bf905fe2876b031d1627ec593e140bd1a2bc584094cb4f40cc10eb1f266ead18f1e202ec6ba1ff2fec56d9de14f67c56e12fdcc083879db54aa19c7d30aa2fede99d3579ad1acf8a9ac584948388303dd82112336508a30d453284ccff2f01d5b471b3cb124b383d7eabc45c08bddf0a07ff6c1cb6aa63b91bebecb16cdbf5d7212a85965807d7df5fb52602d8641371f082eb9225b34865fd8615c8cad664707a21560d29c9b565481836e52cfe9aff3df2b63ab7356e49e23990cdc207e5a3cdb8791867b0bdd13c320a008e354ea6dc4f0dc878e1c821a030b395c25cef08aa2d05cadd5dc6560a704d4fcf19cce03d75d35e97d41decba247f092ee5560319d77244bf01a2d59426752a4d408d37ecc1146b46e13f10c02f5207c9be2f1e8c4b5e5f592f1a4059fe8a34faceaa60177a6012238592f703e1498bc40a55be9efc1c6958fdc39b47b2106961f3de02b427e15a19a3d59aff53be103766939d65a8be2799873b8b8199fc1655ef86289158294ff65b3ac5df42b06e8082ce52a004952c8a6846283f54a392876644195674ae5c30a82129ab68aaab7e2988d4d613fe9c9d7fd5a7893ffaf2b0c909d4008d373cba74592225400c44fa5cac104c5d6a9b14bf821a6597667cbc27da036e773342396233279e74136cd970e8587a3c69d351cd29e534f77f4dd8f55b027132098bda54fd91611c87ca39d592c46d3a31e9d6f95c9614c3f02da8d4ab18464eae7f4c93d7efc6d2f63e04f6fdc89d83f0db79f28bc1c53f6584405df7236e313f60d28119d280731b96aa45203a78a4bb8f8fb10463eebbdb5b60ace533157ac592081534ebfc478ff36ecfe99da3141a68c51cc0ebc2ebacfc3433483649cdf942f2d8d7f7ac7cb91284f308781aa44484f1f58b271ca920d5650ce9af828cc518a4181d90c9dbc1e43ca7442db69bfe5b76f032cbff3ffd2e33ae5760f5e84753a5308d1aea1dfcfa11b29ebe45b4485987f2b1d7ddf9ac1502d966a40fa86a213588689e064248c358b20efb3de41d8b5a114182ecc486fbc0ecf2e8eb55de9f969a23276b5ac04a244d65c523c73f23459fba35a997f1b4c8d4c4d0b72374e91f35334ecfb591c2259e8878c0cf5716200a751421c0d3847343adca07ab5c69cd42242c0278d527e13f56a150740c1cbe98d72452cdc2eab077256da04c034353ad9dce886dc4fa40c6b00f0a87bf8493bafac9027161cd43fc07d65ec77f6149f43d911b24f366aa5351c481981d42620d2931f626a1a3e12f632fe27ab6780a84fc8f086624e4efbabb78ab9ee61e1677b35542ea4533d81aba085597f617ff4c9b321fbd402494c74bcd19a40fd0ead0cc0ea4d62442d997eb30166ef44ea4b2b8812a8e582ca7c12c16a894d4e4898ba0a7f2b9d4c029acdb657fdc405e338b4aecfb977ff51559c1c8fcd9f26c1f6c31bc57664d71032e1166425b03f9a7aec1ef85b5ecec1164e5112e21be99a8a15fa8d636325dfa0fa1e6f00411807853320398452dbd056bac1806717eae36f727592371c6ae1d3c31c7d359ffe661ac3a3830da980cc0533b82a7e235da3cb033b292888b7ddefbeef64db8f70c187baab1ac08bf66c441b4a56a5fa2f953d5c5f2c070a933c49186b005b108ffc38bdfa9b511cd5be91169dbc4ae0a46291ef8db4ad3c19591d4fdc0f36120fe334b63af9cd2dda403c1a86d1c6000bb24b0385e2dcca98467dcfd858b02f6f2b9b2d8687b6df8b945d20005e45af3e6342fe9d52a4b63cd398160ae937dbd890c972c6a73b49e11777dca91f16e27b75e76573a1ce8c5a3a37cbab7b1343d97ac9c871bca44505f33a1ec572a9ab48bec59769fd921daefb57818f4b98842f412114f55fb2ef98b0ff8fadfdb0d8f6b91b9e62ec81f40fea9f844876de50115485a1e92b3e3cbeaeb72f1559f128d45762be1e3d0328f50d19523f2b61cdb450f7fff0368244ab11c6764bfb594cf27169d9fcc727f8d22ba621bcc40b6c9604b7801d86b95988a631b32e73411ddb798aab02277780c7dd30e8f1a27c7f15de3c6ed81490fde026c41d40858a2e5c4b92e146620fe9021a01ba807249bc14abf52414383113353e7b9a18f2da855690fe2f4ce9f2d01e9e8a8f1f2809ac30e7b20bee23b4f205377f50a1c3d899bc400bffc7f44b8f8762c21761039e7761703e9a876f76d1d6a6aef39d46bb115287868ab2bf1fe9729e72ee1f2c62ed9694e94da912e215e72b0e18ec1899e7ccc7fc2b9320fcfef2337eb5e6abc1b6bc2f6dca6d1c6380456586bc14161605110717a1675f8f164cf18fcd943b0931c24e4480b67a9bd2e90c5c6a6521464a673f65f28d5399a7234b0be5e54b3c725378a58912811a03c929e567a224dbf64f05772d1255a2243a5c694e316312"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000001380)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e6e2e5c169ca09d40175ca629fc3762cdb0d2ced9f1d11be5dc5266f4771a4955a7f9d9ffa856db1e6496fb6a6479914a109aff4cdcedc7d07bae6760a13837f62343caa90d610cd76fccb55729202bb741c578672df47652351ee"], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000096030000000000003000000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:36 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = pkey_alloc(0x0, 0x3) pkey_mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x9, r1) pkey_mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, r1) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) [ 1069.335098] binder: 27899:27900 unknown command 1074291450 [ 1069.340831] binder: 27899:27900 ioctl c0306201 20000140 returned -22 [ 1069.348860] binder: 27899:27905 unknown command 1074291450 [ 1069.354687] binder: 27899:27905 ioctl c0306201 20000140 returned -22 16:18:36 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB="852a62730000000000000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000300)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="000000000000000000000000000000000000000000000000852a747000"/64], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="003346d7ed1d97"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:36 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$P9_RCLUNK(r0, &(0x7f00000000c0)={0x7, 0x79, 0x2}, 0x7) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/user\x00') ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000200)={0x875c, 0x3ff, 0x8}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') ioctl$UI_END_FF_UPLOAD(r3, 0x406855c9, &(0x7f0000002380)={0x3, 0x1f, {0xaf, 0x8, 0x7f, {0x0, 0x1}, {0x401, 0x3}, @cond=[{0x6, 0x8280, 0x1, 0x1000, 0xff01, 0x9}, {0x0, 0x0, 0x9, 0xff, 0x1, 0x1}]}, {0x50, 0xff, 0xd4c, {0x100}, {0xd9a, 0x3}, @rumble={0x81, 0x26}}}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r5, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r5, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r5, 0x0, 0x487, &(0x7f0000000280), &(0x7f00000002c0)=0x30) write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a2900"/148, 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) pipe2$9p(&(0x7f0000000240), 0x4000) sendto$inet6(r4, &(0x7f0000001380)="fe8df4bddd71afa1d73f6912d10fde831263b11d2dbef5ab61cf1a90273dd827e2d393dbded6614ac07df473ee49687170f3c55f71888741cb4eba67e98df26f477351ef9b617bdb8c208a7a06c32effaa8dec0f8b1e900131f3d5f946354193152726499425d1eb2115aa96f1d8c05de4e71d168aa59f0b68afd793a74fa3c4bfcc1f9978f51bca3ccadda3e63add00c70deb613e143724ec3a59798c1c2a775922133f7fe85f0914367cfceefc8773964caf8c1fa58d4b027052f8b805a076527941d07b09b743871e1918c33d1116657d7e9175ca72b33c5759f728060e56a514e23dac6ff938cb0cafc0f6c380d7185f3c73ccefa0ca83bfb1162bc5bca60e1b0758a2d24ffe874bd1cc098bed03247a0247422e46fce36e002bd604ae701e079d4605962bbbf8bc31addb03a847cc5946ef687e15cc1974d389b98b6bc4abdf05ae223f9208509243c2207703cd560f53b8f2231bf766df5b41715055c0c16e9fb14823f8fc6fd78101742243d801e10ebc104cbeba5310ba70f29968d479f5faf849b216ef50fe821f8e3dd01c7b116cde9866d108862a22c8ea3b50259db3dfcc09449602d2bf6c7c9ca7c6270e2867fc9f73d764dc779086d3aaaf7052e2aa5d5f5dda253d24afe9be0498ddede5cdb2cc285cd161092b739ae419ecb442521608cd2a36c08531f2344b4d11567aa3493addac2577ddfff9aab5b80000b3ad7e0db57202f5e7eb4ddc208c03332d54286941e0ae61824c9efbec30147676605f32a6d7412bc2d539b8a4d14c42faa99acc59933ae336cadd3040d9dfba756a676388cee22610f21bf46589c38254de0f19ce739be17f0db6791ce8025b4bcc3129a1c5f336d0f22c514fd46823738bcc6f3dcf5acc8967a83f4d4a26ac95bdec9271967f384784a8b95a0bd8c83e546b81d1f3e23e0b666cad80ad1790cd00083f14415e2811a4298c193bfbb389c36bea9945c7f5a7b9b3b1dd3bdb4f3472fb22705ff879870d825f940793576ff83503fe6842d515b7573861c857a90d7f45a7e8f2999b3fac12ae78e4e0fa9fa3902a40f2167019ffbe0e5ec2a73469b923319ae7c15cf4d9eef631294e4cb040cc239a01747347e0a4537d96de7c74fdd031218567cd7b9a0fdb0c029691f407d52aa459139985bafd40c6fb76602437550ac5925e4693f6c0a0b117f13ef6e83757045351a1d8261de0b10c98df89ac80e269cdfae6b34c174166200c7d5d930e60709ea96137fcc831ffbff270c1b991639bf9c717fd3643abe7951680f385256ba83eb0f30bd13d33241eb6b8cded77ab13d9447482cd86e3b04e0327e486f32c5a0ba83d8352167ae2d9fd69523a0b8ee396b49e76a92ed5f5b63cbc5ef18248e02bb30934f7001bc8688189516841e71aeeb94058344694097e446916eb18ab79f079c3be08964dfe9e8294da6bacd4c143c4d6dc969b66d586d0d09c65599708fec338ec7bad99a6a27b30f70e9f2afdc03e9922319ea9eb5b84c44a27caf88ef2e770f8ee35f3f5f9b7d8e30b10a354da1a99cb77ee488ed751f0046e7233b6eb093b468da07658b118a5eb74f5edc90748388d26033d6db53fc533b216c1c2182f7c32514703727a9683ddbdc5b437b2c96c3671b46d024b02ec195b85eaf6d5ddfde1db678385c6508ceb5ae8ae398a65c1e527c6a3bde8a00a96dd06451eaebbc4823846a3ccb2a94ff315af94f24d427830b0a3654e4bfd70f51faa495d3e623d061fe87c1f1c63d27a4a83f4df5f63fb8dddb05a26a130bfdebde912dafc2cc4a6c4e1c642210f12691f2a2cedd7188b68e894af88f9520b584556461989386c8f8f4879a1b0d605429887c9f701784a466eda41a03af9eb292c129e93409554517a690072430591448fceb2eb278d261c0a9cadd8d6f3577c743651956b4b34998a864d0b350bbaaa279f0c1a7847fe153484d29fa7fdc8e5b89890ef3e7a9018327981d44b32b4c304e4374729e5aa17422d5406090c8b8bb3e76a0e4b4b4f2634b17a6978ab26246e654b7c551c70f3a27b189a7605467522b2ed028b2b3ee8020777af55c72ab717bf701218956e10997aadc3d92f07e2027520339caf7974f9e1a22541bbbf29868346422455607449cad011369c56579fb62c3290526eccca10d579dd59feac5568fdec1f71ae922da891154648f3985c4b853896159cdd7e6277898563a54663d43addce27af15bd653e30dd6d34f6c5e067f5aa0aac41468aa3a922c34b536a132c8c4c81ee89970f737fb6ac1b7c5c3b47a365eb4c2eb3589b4c5a6acec32949f7945a4128ca35f05bd3dc06a72003bfa80addb13479c2cd2a751ad8f4d785e295502dd79cc1b7db65dc58107cdb8efc722a2e9ade984c36224ebde1f0969c563c4529e517c6147d3f52ba69af9497a11c36869062fd9418d4cab21bf1bb6b107cf44bc3b964eb40742def1bfbdcced882884195c8c0579ded285a5c0cc4a8b7add2fd08e6eb2966e4ee272dd41baf717a1b1f22363bdccc4f9761c387b13f4eefb698513895926dcebe1ae8f0dbb39a86aca7e3f3e6d9d17444be953b0948f13dd37a0e454d80e4b1c287f659c4f1ac32783f0c2ecffe39855a94afe77f7ab9c0c758a69889f1a1b144d9e2a1093d7dee29b81128b36a5d51948ec9153aa789291fbbf05334c363e1959e66c313196f6380cdc6d0b713ae910caae1493fa8cdb6aa8227f7a254036e656e050120e92375d6e68228172bb74da8e1ea540caa40e89ab755b7e935f90ef841155d65ccedeca7905d7ea14d6288755d7513d734a4bc957e85a6978267b77cc87b01a953fbffba6edbdcebdd6d14c060a3dfffc10520ab6eebac0aedaca4f635e5e8bfac12c5f81e4c2f1a9ca3d05c994e524381faeecf379015d8b7f567c69ca838aa632d507ae2d6393b9d0a1d238644a0079b24ad9f4116f38d6187944d73c5783e7f6824da82f4833f2e230af27e471fe04837ef57cda0807799ce4bbbf7ea068735a6ec5019c772639ac71b8e9ed88ef6713a690d9b67a3555bfc7397dd816171862cc1bf3458cdd2963bed67f943ad26e7534c31a87ddc8e1d51df6e7aded80f2010c261b52f693e2cf7ad9128ba596c3416b0c257d50bbf269e360454fd66b048f2e34d8603846a41d04669630fd886aec48146e8b828b391a835657c05961797ddae9946b2fe6865addcd254bc53868ce94c2d910b9c93c742496dd0dd7f6dfc33304e464d84f8410ffa62d8267c8516e857efdd35134497dbf68ac649e3e9e59d3175609a8ea9f08bbf1ae28d64a4bbe0219b3e9c3a257c12380c3f81216ee01dacee3409d64b2a4eafefaa808a20f52c3a21e369dfada5121131205262cf52c2530f7904db5c44e966ad7f7e9c46d5245d85a1525d05d1688535768fb44291f8e611f08e4e7c27d041312d188aa963c4003cce7aa54eb748fe755d52089ed31acc8c3dd64cdac7a2ab731e615d53c8e0d71a074db95be0dd3c8773cac396ea223f68d37f88761d7733c5cd6a380d3a72119f3dd93848ce2365e4d02623f1f612444f0cb9703b6122b4e046c5453fe44e8731c13e54536cd4124bd856dd3ca902bf33afba22c84b14eb2b5724e929aee4cee7a4fd36b9f24f073c77368b4972028fe84d5bd660a620515300d921188da132affa06321010a8078796e337b8a0ba9a90771a87189290d398af1e81e27401c91bdae114c3f7cf45e5d592403632bb25586e12837b50766fab807396e3ca40918b9f8edc9352abb00256b8290073269f405bdb8dfa10ee8c0b7917964f663e972727e41caf03bb1db4f7a5560911879e833052b9d472c13b7cbc7d3351d6c3719a2cbe4ee5a9135ea25e25e993f9b530f1e27ab15322fb6cda5f02c035d0542fdbd076d5e472900f10462fdcbe3afb3146f80bacce83bb8a5f287d4c0b454343edcce8478d8d41912ebe1fd4654fa6b03d612b7c814b1a653b0531c3115259c41608bb79486682194029bed5321b913254eb2868788a38b96a4c4fbc3a0df44878a0760e6808dc85cd5997f1b9f53c3a7962f96f97bdec7a5c44e969c3a1ece82c9b14ae4e5bdcfea3752f8b7e16a4500f695eda55d2f2311d0b5118561f8aaa028d81561b57470035f5635c7b81fbb6f2262e38cd1f11c59290ba5ce4e095c2dddc9600090d49facc8d9b85776d132ccc31fd3047feb3abc83581c64c364ca981ec0fff5fe784f35bce1e4c85132ad2ea9e081b92cf0fc0dd21fa6cbfb8573ad2443f8082bca830e36a1344522db66520691ef3fcb4b4c23c29d1d83f823a38ffc19e5963178130e7b1311c202512d081c318c30f3038b4b0901c729d4627c1b88a1a865d5f87a1d805c9c8ad3392c29796903197c09947e7aa61cc10a42d316f2e2370369cf01d89906f41b34d5243543111b2708bbdbccc939fd6d5077d6efcb7b74ddc6bd03753b2222513c5602098e6bedcf963460856c85f593963e58cf40c9f18cca5da2ea853979b8a59ae72f75e64e1fc3ba99a010f177cea1cb4abb1f9583e487627995c75c772fc9f7a253af864ae939ae0e2aaea0f7df978362f07ad45c127164399805b75b8f9075ba517936f8b50d5572f73ce640116c5a5b572787b9b6d3e7f1216954bfbe0e5579795aed23a917149b4aafa0063ab90c5de8c0586cef7b8d268b9e280dbeac721bd68517b73cc2552fded64e482f2e496acfc3f12fe6d228edb13d579b06c537719a3323c6ea958cb6201dac6fe9801636d920e6b75a427cfa98e178720070cd674297bdbf2f4f2264f4606dd7b87f790400f3d789e3fb21cec7bec6805267cb7bacf27333898f6d00b3d847533786d8a7728535f07437c7d8631159e9274cb9539781d7418a2055e457bf710d2a97fa126136e6dcdead9c176f49801d07127572d0daa68effc35f183dd45df8b13e988a6c04ea6b2096f998457da768d949ec8469865879a931a4761a5d273ccd783b15e3299ea8be397d68d25d72be083127c98dba0b049ba7f0411a3d1f230db75a835742bafdc47da6c1541457f78d1bfbc910f8a35cdccab639a9e3aa9cc123771a2aa7851da5b5018aecc0bb169961cb7804b045ba5cd7de36cfd0e413968c48d4a5de3b3be2b5189afcc151f182c4f6684d7b101672958e90cd35ff0c7a24244d535c7d53e0a75230e017722fea099c71203280188cf7767cc7d975e054b4d3d7045eaae91981f97a911064c23670b30210db984f7c7ddc3643193e1ae36a2fd05689b8dabb49222e8d6eb38c41ffcc3f6582420de58a8958d09936fd6d8ef9554e4c4f7445bcd6d4436ff6bf3517409208d7f2ba0155077f04cb733b0f1792abd52387e543f6e49efb43d6dfe2586f6a9bd977ae7c68c32d89d3d5316fd37bd2d9133dff9bfe11860876a43efcf559ae22dd8da427728bc170051c379f107efc43f554b5de31044e3f613f3a2d36ddc89361903a1b0b27f8b7c310dc82f3cd229f9c6a0c8e34d90fa024809221ebf5c23f82f1d4530740533a9cd78cba8f12ef3895d7ff81ffbc1a2ef533bda8ec300ac27b03ba1635c731072e5fa15e33746c45116266eaa5e537aa2f747cb58c266e1a3815957e964829984d805e524cb79c32f782e281e9787517cb8b3e8ba0d162680438e829ddbe168efb366c0bbb03cd334d0c35f90749410797198955290aa657b18fd903b2cd9abc9ab33e460dbec3273ec866e1c93d7a905eb49a87c86b3a2dac75120599eb3c4e7c50f167dc7ad0a172a6465c0880226719e0ec53d5464cad8fa23dc2fb065f6a566f6", 0x1000, 0x20888, 0xfffffffffffffffe, 0x0) r6 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000002680)={0x5c, 0x0, &(0x7f00000025c0)=[@clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f0000002500)={@fda={0x66646185, 0x4, 0x2, 0x1b}, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000002400)=""/245, 0xf5, 0x2, 0x18}}, &(0x7f0000002580)={0x0, 0x20, 0x38}}, 0x2000}], 0x2d, 0x0, &(0x7f0000002640)="54b77e469da15132eb7409dec33399203ebba622fd6b8d4c30d5880519cc3268e6b412ff6698632b026f100490"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 1069.394827] binder: 27910:27913 got transaction with invalid offset (918, min 24 max 88) or object. [ 1069.398057] binder: 27909:27915 unknown command 0 [ 1069.398065] binder: 27909:27915 ioctl c0306201 20000180 returned -22 [ 1069.408041] binder: 27908:27914 got transaction with invalid offset (918, min 24 max 88) or object. 16:18:36 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0xffffffffffffffff) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/4096}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x396, 0x30}}}], 0x0, 0x0, 0x0}) 16:18:36 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r2, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r2, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) pipe2(&(0x7f0000000200)={0xffffffffffffffff}, 0x80000) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f0000000240)=0x101, 0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a627300000000000000000000000100000000000000008561646600000028d9136ce5e56e00000900000000000000000000000000000000000000000000852a747000"/96], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000018000000000000003800000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 16:18:37 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r0, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) write$P9_RCLUNK(r0, &(0x7f00000000c0)={0x7, 0x79, 0x2}, 0x7) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/user\x00') ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000200)={0x875c, 0x3ff, 0x8}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') ioctl$UI_END_FF_UPLOAD(r3, 0x406855c9, &(0x7f0000002380)={0x3, 0x1f, {0xaf, 0x8, 0x7f, {0x0, 0x1}, {0x401, 0x3}, @cond=[{0x6, 0x8280, 0x1, 0x1000, 0xff01, 0x9}, {0x0, 0x0, 0x9, 0xff, 0x1, 0x1}]}, {0x50, 0xff, 0xd4c, {0x100}, {0xd9a, 0x3}, @rumble={0x81, 0x26}}}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='smaps\x00\xbe#\xd7c\xbf\t\v|=\x12\x9aT\xda\x8a\x18\x1f2\x80\xd1\x1ah\x1a84\xd4\xfd\xc4\xf4g\x06\xf9\xe5\xd0=K{W\xd1Yc\xf3\xd6\t>RL\"\xc5f+%\x8d\xb9L\xc3w\x1a\xe1\xc1\xc9\xc0\xab\x1f/K\x8a\"\xf0\xf0\xa0\xa9\xeb\xb5g\xa2\xd6\xf1\xb2\xb3\x03\x92\xfe\xf6+\x15\x06\x05\xb2n\xa9\xe2\xa4\xe3\x85!M\xeb&') write$char_usb(r5, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4268e6e9bd2f44377995c43d0f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a29", 0x94) write$P9_RLCREATE(r5, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r5, 0x0, 0x487, &(0x7f0000000280), &(0x7f00000002c0)=0x30) write$char_usb(r4, &(0x7f0000000340)="eb0a14a6357058588de0aba930e5c734e20ddaa30b13d6719c13a2541c2baccbf6dfeeeee6130a068f21bb95d20856a845352e81da467d4069b8ab564dd9cafdcdca8c719ff758cd283ae3c0f29e0c92a29d0d6032a4f77e8b2569f67519bf76e90a334be77621c729dcb13afdfe0a33b992a0dc00b31fe1d43daa145a5e1a169e9cc1698f879a2900"/148, 0x94) write$P9_RLCREATE(r4, &(0x7f0000000080)={0x18, 0xf, 0x1, {{0x9, 0x2}, 0x800}}, 0x18) pipe2$9p(&(0x7f0000000240), 0x4000) sendto$inet6(r4, &(0x7f0000001380)="fe8df4bddd71afa1d73f6912d10fde831263b11d2dbef5ab61cf1a90273dd827e2d393dbded6614ac07df473ee49687170f3c55f71888741cb4eba67e98df26f477351ef9b617bdb8c208a7a06c32effaa8dec0f8b1e900131f3d5f946354193152726499425d1eb2115aa96f1d8c05de4e71d168aa59f0b68afd793a74fa3c4bfcc1f9978f51bca3ccadda3e63add00c70deb613e143724ec3a59798c1c2a775922133f7fe85f0914367cfceefc8773964caf8c1fa58d4b027052f8b805a076527941d07b09b743871e1918c33d1116657d7e9175ca72b33c5759f728060e56a514e23dac6ff938cb0cafc0f6c380d7185f3c73ccefa0ca83bfb1162bc5bca60e1b0758a2d24ffe874bd1cc098bed03247a0247422e46fce36e002bd604ae701e079d4605962bbbf8bc31addb03a847cc5946ef687e15cc1974d389b98b6bc4abdf05ae223f9208509243c2207703cd560f53b8f2231bf766df5b41715055c0c16e9fb14823f8fc6fd78101742243d801e10ebc104cbeba5310ba70f29968d479f5faf849b216ef50fe821f8e3dd01c7b116cde9866d108862a22c8ea3b50259db3dfcc09449602d2bf6c7c9ca7c6270e2867fc9f73d764dc779086d3aaaf7052e2aa5d5f5dda253d24afe9be0498ddede5cdb2cc285cd161092b739ae419ecb442521608cd2a36c08531f2344b4d11567aa3493addac2577ddfff9aab5b80000b3ad7e0db57202f5e7eb4ddc208c03332d54286941e0ae61824c9efbec30147676605f32a6d7412bc2d539b8a4d14c42faa99acc59933ae336cadd3040d9dfba756a676388cee22610f21bf46589c38254de0f19ce739be17f0db6791ce8025b4bcc3129a1c5f336d0f22c514fd46823738bcc6f3dcf5acc8967a83f4d4a26ac95bdec9271967f384784a8b95a0bd8c83e546b81d1f3e23e0b666cad80ad1790cd00083f14415e2811a4298c193bfbb389c36bea9945c7f5a7b9b3b1dd3bdb4f3472fb22705ff879870d825f940793576ff83503fe6842d515b7573861c857a90d7f45a7e8f2999b3fac12ae78e4e0fa9fa3902a40f2167019ffbe0e5ec2a73469b923319ae7c15cf4d9eef631294e4cb040cc239a01747347e0a4537d96de7c74fdd031218567cd7b9a0fdb0c029691f407d52aa459139985bafd40c6fb76602437550ac5925e4693f6c0a0b117f13ef6e83757045351a1d8261de0b10c98df89ac80e269cdfae6b34c174166200c7d5d930e60709ea96137fcc831ffbff270c1b991639bf9c717fd3643abe7951680f385256ba83eb0f30bd13d33241eb6b8cded77ab13d9447482cd86e3b04e0327e486f32c5a0ba83d8352167ae2d9fd69523a0b8ee396b49e76a92ed5f5b63cbc5ef18248e02bb30934f7001bc8688189516841e71aeeb94058344694097e446916eb18ab79f079c3be08964dfe9e8294da6bacd4c143c4d6dc969b66d586d0d09c65599708fec338ec7bad99a6a27b30f70e9f2afdc03e9922319ea9eb5b84c44a27caf88ef2e770f8ee35f3f5f9b7d8e30b10a354da1a99cb77ee488ed751f0046e7233b6eb093b468da07658b118a5eb74f5edc90748388d26033d6db53fc533b216c1c2182f7c32514703727a9683ddbdc5b437b2c96c3671b46d024b02ec195b85eaf6d5ddfde1db678385c6508ceb5ae8ae398a65c1e527c6a3bde8a00a96dd06451eaebbc4823846a3ccb2a94ff315af94f24d427830b0a3654e4bfd70f51faa495d3e623d061fe87c1f1c63d27a4a83f4df5f63fb8dddb05a26a130bfdebde912dafc2cc4a6c4e1c642210f12691f2a2cedd7188b68e894af88f9520b584556461989386c8f8f4879a1b0d605429887c9f701784a466eda41a03af9eb292c129e93409554517a690072430591448fceb2eb278d261c0a9cadd8d6f3577c743651956b4b34998a864d0b350bbaaa279f0c1a7847fe153484d29fa7fdc8e5b89890ef3e7a9018327981d44b32b4c304e4374729e5aa17422d5406090c8b8bb3e76a0e4b4b4f2634b17a6978ab26246e654b7c551c70f3a27b189a7605467522b2ed028b2b3ee8020777af55c72ab717bf701218956e10997aadc3d92f07e2027520339caf7974f9e1a22541bbbf29868346422455607449cad011369c56579fb62c3290526eccca10d579dd59feac5568fdec1f71ae922da891154648f3985c4b853896159cdd7e6277898563a54663d43addce27af15bd653e30dd6d34f6c5e067f5aa0aac41468aa3a922c34b536a132c8c4c81ee89970f737fb6ac1b7c5c3b47a365eb4c2eb3589b4c5a6acec32949f7945a4128ca35f05bd3dc06a72003bfa80addb13479c2cd2a751ad8f4d785e295502dd79cc1b7db65dc58107cdb8efc722a2e9ade984c36224ebde1f0969c563c4529e517c6147d3f52ba69af9497a11c36869062fd9418d4cab21bf1bb6b107cf44bc3b964eb40742def1bfbdcced882884195c8c0579ded285a5c0cc4a8b7add2fd08e6eb2966e4ee272dd41baf717a1b1f22363bdccc4f9761c387b13f4eefb698513895926dcebe1ae8f0dbb39a86aca7e3f3e6d9d17444be953b0948f13dd37a0e454d80e4b1c287f659c4f1ac32783f0c2ecffe39855a94afe77f7ab9c0c758a69889f1a1b144d9e2a1093d7dee29b81128b36a5d51948ec9153aa789291fbbf05334c363e1959e66c313196f6380cdc6d0b713ae910caae1493fa8cdb6aa8227f7a254036e656e050120e92375d6e68228172bb74da8e1ea540caa40e89ab755b7e935f90ef841155d65ccedeca7905d7ea14d6288755d7513d734a4bc957e85a6978267b77cc87b01a953fbffba6edbdcebdd6d14c060a3dfffc10520ab6eebac0aedaca4f635e5e8bfac12c5f81e4c2f1a9ca3d05c994e524381faeecf379015d8b7f567c69ca838aa632d507ae2d6393b9d0a1d238644a0079b24ad9f4116f38d6187944d73c5783e7f6824da82f4833f2e230af27e471fe04837ef57cda0807799ce4bbbf7ea068735a6ec5019c772639ac71b8e9ed88ef6713a690d9b67a3555bfc7397dd816171862cc1bf3458cdd2963bed67f943ad26e7534c31a87ddc8e1d51df6e7aded80f2010c261b52f693e2cf7ad9128ba596c3416b0c257d50bbf269e360454fd66b048f2e34d8603846a41d04669630fd886aec48146e8b828b391a835657c05961797ddae9946b2fe6865addcd254bc53868ce94c2d910b9c93c742496dd0dd7f6dfc33304e464d84f8410ffa62d8267c8516e857efdd35134497dbf68ac649e3e9e59d3175609a8ea9f08bbf1ae28d64a4bbe0219b3e9c3a257c12380c3f81216ee01dacee3409d64b2a4eafefaa808a20f52c3a21e369dfada5121131205262cf52c2530f7904db5c44e966ad7f7e9c46d5245d85a1525d05d1688535768fb44291f8e611f08e4e7c27d041312d188aa963c4003cce7aa54eb748fe755d52089ed31acc8c3dd64cdac7a2ab731e615d53c8e0d71a074db95be0dd3c8773cac396ea223f68d37f88761d7733c5cd6a380d3a72119f3dd93848ce2365e4d02623f1f612444f0cb9703b6122b4e046c5453fe44e8731c13e54536cd4124bd856dd3ca902bf33afba22c84b14eb2b5724e929aee4cee7a4fd36b9f24f073c77368b4972028fe84d5bd660a620515300d921188da132affa06321010a8078796e337b8a0ba9a90771a87189290d398af1e81e27401c91bdae114c3f7cf45e5d592403632bb25586e12837b50766fab807396e3ca40918b9f8edc9352abb00256b8290073269f405bdb8dfa10ee8c0b7917964f663e972727e41caf03bb1db4f7a5560911879e833052b9d472c13b7cbc7d3351d6c3719a2cbe4ee5a9135ea25e25e993f9b530f1e27ab15322fb6cda5f02c035d0542fdbd076d5e472900f10462fdcbe3afb3146f80bacce83bb8a5f287d4c0b454343edcce8478d8d41912ebe1fd4654fa6b03d612b7c814b1a653b0531c3115259c41608bb79486682194029bed5321b913254eb2868788a38b96a4c4fbc3a0df44878a0760e6808dc85cd5997f1b9f53c3a7962f96f97bdec7a5c44e969c3a1ece82c9b14ae4e5bdcfea3752f8b7e16a4500f695eda55d2f2311d0b5118561f8aaa028d81561b57470035f5635c7b81fbb6f2262e38cd1f11c59290ba5ce4e095c2dddc9600090d49facc8d9b85776d132ccc31fd3047feb3abc83581c64c364ca981ec0fff5fe784f35bce1e4c85132ad2ea9e081b92cf0fc0dd21fa6cbfb8573ad2443f8082bca830e36a1344522db66520691ef3fcb4b4c23c29d1d83f823a38ffc19e5963178130e7b1311c202512d081c318c30f3038b4b0901c729d4627c1b88a1a865d5f87a1d805c9c8ad3392c29796903197c09947e7aa61cc10a42d316f2e2370369cf01d89906f41b34d5243543111b2708bbdbccc939fd6d5077d6efcb7b74ddc6bd03753b2222513c5602098e6bedcf963460856c85f593963e58cf40c9f18cca5da2ea853979b8a59ae72f75e64e1fc3ba99a010f177cea1cb4abb1f9583e487627995c75c772fc9f7a253af864ae939ae0e2aaea0f7df978362f07ad45c127164399805b75b8f9075ba517936f8b50d5572f73ce640116c5a5b572787b9b6d3e7f1216954bfbe0e5579795aed23a917149b4aafa0063ab90c5de8c0586cef7b8d268b9e280dbeac721bd68517b73cc2552fded64e482f2e496acfc3f12fe6d228edb13d579b06c537719a3323c6ea958cb6201dac6fe9801636d920e6b75a427cfa98e178720070cd674297bdbf2f4f2264f4606dd7b87f790400f3d789e3fb21cec7bec6805267cb7bacf27333898f6d00b3d847533786d8a7728535f07437c7d8631159e9274cb9539781d7418a2055e457bf710d2a97fa126136e6dcdead9c176f49801d07127572d0daa68effc35f183dd45df8b13e988a6c04ea6b2096f998457da768d949ec8469865879a931a4761a5d273ccd783b15e3299ea8be397d68d25d72be083127c98dba0b049ba7f0411a3d1f230db75a835742bafdc47da6c1541457f78d1bfbc910f8a35cdccab639a9e3aa9cc123771a2aa7851da5b5018aecc0bb169961cb7804b045ba5cd7de36cfd0e413968c48d4a5de3b3be2b5189afcc151f182c4f6684d7b101672958e90cd35ff0c7a24244d535c7d53e0a75230e017722fea099c71203280188cf7767cc7d975e054b4d3d7045eaae91981f97a911064c23670b30210db984f7c7ddc3643193e1ae36a2fd05689b8dabb49222e8d6eb38c41ffcc3f6582420de58a8958d09936fd6d8ef9554e4c4f7445bcd6d4436ff6bf3517409208d7f2ba0155077f04cb733b0f1792abd52387e543f6e49efb43d6dfe2586f6a9bd977ae7c68c32d89d3d5316fd37bd2d9133dff9bfe11860876a43efcf559ae22dd8da427728bc170051c379f107efc43f554b5de31044e3f613f3a2d36ddc89361903a1b0b27f8b7c310dc82f3cd229f9c6a0c8e34d90fa024809221ebf5c23f82f1d4530740533a9cd78cba8f12ef3895d7ff81ffbc1a2ef533bda8ec300ac27b03ba1635c731072e5fa15e33746c45116266eaa5e537aa2f747cb58c266e1a3815957e964829984d805e524cb79c32f782e281e9787517cb8b3e8ba0d162680438e829ddbe168efb366c0bbb03cd334d0c35f90749410797198955290aa657b18fd903b2cd9abc9ab33e460dbec3273ec866e1c93d7a905eb49a87c86b3a2dac75120599eb3c4e7c50f167dc7ad0a172a6465c0880226719e0ec53d5464cad8fa23dc2fb065f6a566f6", 0x1000, 0x20888, 0xfffffffffffffffe, 0x0) r6 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r6, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000006c0)={0x58, 0x0, &(0x7f0000000240)=[@increfs_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000002680)={0x5c, 0x0, &(0x7f00000025c0)=[@clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f0000002500)={@fda={0x66646185, 0x4, 0x2, 0x1b}, @fd, @ptr={0x70742a85, 0x0, &(0x7f0000002400)=""/245, 0xf5, 0x2, 0x18}}, &(0x7f0000002580)={0x0, 0x20, 0x38}}, 0x2000}], 0x2d, 0x0, &(0x7f0000002640)="54b77e469da15132eb7409dec33399203ebba622fd6b8d4c30d5880519cc3268e6b412ff6698632b026f100490"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000001300)={@flat, @ptr={0x70742a85, 0x1, &(0x7f0000000300)=""/4096, 0x1000}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) [ 1069.408078] binder: 27908:27914 transaction failed 29201/-22, size 88-24 line 3379 [ 1069.408491] binder: undelivered TRANSACTION_ERROR: 29201 [ 1069.418229] binder: 27911:27919 got transaction with invalid handle, 3 [ 1069.418253] binder: 27911:27919 transaction failed 29201/-22, size 96-24 line 3411 [ 1069.418411] binder: undelivered TRANSACTION_ERROR: 29201 [ 1069.440330] binder: 27921:27925 got transaction with invalid offset (42535628839465728, min 0 max 88) or object. [ 1069.440354] binder: 27921:27925 transaction failed 29201/-22, size 88-24 line 3379 [ 1069.441062] binder: undelivered TRANSACTION_ERROR: 29201 [ 1069.441997] binder: 27921:27928 got transaction with invalid offset (42535628839465728, min 0 max 88) or object. [ 1069.442019] binder: 27921:27928 transaction failed 29201/-22, size 88-24 line 3379 [ 1069.442248] binder: undelivered TRANSACTION_ERROR: 29201 [ 1069.474987] binder: 27924:27926 ioctl 406855c9 20002380 returned -22 [ 1069.475560] binder_alloc: 27930: binder_alloc_buf, no vma [ 1069.475578] binder: 27930:27932 transaction failed 29189/-3, size 88-24 line 3284 [ 1069.475809] binder: undelivered TRANSACTION_ERROR: 29189 [ 1069.476335] binder: BINDER_SET_CONTEXT_MGR already set [ 1069.476342] binder: 27924:27926 ioctl 40046207 0 returned -16 [ 1069.476454] binder: 27924:27926 BC_INCREFS_DONE u0000000000000000 no match [ 1069.476907] binder: 27924:27926 BC_CLEAR_DEATH_NOTIFICATION invalid ref 3 [ 1069.476917] binder: 27924:27926 got reply transaction with bad transaction stack, transaction 3072 has target 27924:0 [ 1069.476925] binder: 27924:27926 transaction failed 29201/-71, size 96-24 line 3061 [ 1069.477187] binder: 27924:27926 got transaction with too large buffer [ 1069.477219] binder: 27924:27926 transaction failed 29201/-22, size 104-24 line 3493 [ 1069.477573] binder: undelivered TRANSACTION_ERROR: 29201 [ 1069.477738] binder: release 27924:27926 transaction 3072 out, still active [ 1069.477741] binder: undelivered TRANSACTION_COMPLETE [ 1069.477748] binder: undelivered TRANSACTION_ERROR: 29201 [ 1069.479606] binder_alloc: 27930: binder_alloc_buf, no vma [ 1069.479625] binder: 27930:27934 transaction failed 29189/-3, size 88-24 line 3284 [ 1069.479847] binder: undelivered TRANSACTION_ERROR: 29189 [ 1069.482591] binder: send failed reply for transaction 3072, target dead [ 1069.502268] ------------[ cut here ]------------ [ 1069.502272] kernel BUG at drivers/android/binder_alloc.c:1108! [ 1069.502281] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 1069.502288] Modules linked in: [ 1069.502298] CPU: 1 PID: 27936 Comm: syz-executor.4 Not tainted 4.9.205-syzkaller #0 [ 1069.502306] task: 00000000a1217469 task.stack: 00000000aa4624f7 [ 1069.502331] RIP: 0010:[] [<0000000051fa6861>] binder_alloc_do_buffer_copy+0xcb/0x500 [ 1069.502337] RSP: 0018:ffff8801a08074a8 EFLAGS: 00010216 [ 1069.502344] RAX: 0000000000040000 RBX: 0000000020ffc000 RCX: ffffc90003776000 [ 1069.502350] RDX: 00000000000004ee RSI: ffffffff8222a5bb RDI: ffff8801d9fa0558 [ 1069.502355] RBP: ffff8801a0807528 R08: ffff8801a08075a8 R09: 0000000000000008 [ 1069.502362] R10: ffffed0034100f12 R11: ffff8801a0807897 R12: 0000000000000070 [ 1069.502368] R13: 00000000000000a8 R14: 0000000000000008 R15: ffff8801a08075a8 [ 1069.502376] FS: 00007f98184a0700(0000) GS:ffff8801db700000(0000) knlGS:0000000000000000 [ 1069.502382] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1069.502387] CR2: 0000000000406eab CR3: 00000001d01e5000 CR4: 00000000001606b0 [ 1069.502395] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1069.502399] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1069.502400] Stack: [ 1069.502413] ffff8801a0807560 0000000000000246 ffff8801c60cdf00 ffff8801a08074d0 [ 1069.502423] ffff8801cb582018 ffff8801d9fa0e58 00ff8801a0807870 ffff8801d9fa0e00 [ 1069.502433] ffffffff814fdb26 ffff8801d4424f80 00000000000000a8 ffff8801a08075a8 [ 1069.502435] Call Trace: [ 1069.502446] [<00000000263b873b>] ? memcpy+0x46/0x50 [ 1069.502455] [<00000000ade6bb74>] binder_alloc_copy_from_buffer+0x37/0x42 [ 1069.502464] [<00000000972b022d>] binder_validate_ptr+0xc5/0x1b0 [ 1069.502473] [<000000004e92ffcc>] ? binder_get_object+0x1b0/0x1b0 [ 1069.502480] [<00000000ade6bb74>] ? binder_alloc_copy_from_buffer+0x37/0x42 [ 1069.502488] [<00000000b459193c>] ? binder_get_object+0x12f/0x1b0 [ 1069.502495] [<00000000812a7ff6>] binder_transaction+0x20a4/0x5890 [ 1069.502504] [<00000000eb85b65b>] ? binder_inc_ref_for_node+0xba0/0xba0 [ 1069.502520] [<00000000c4e50f59>] ? __save_stack_trace+0x7a/0xf0 [ 1069.502533] [<00000000e0848a55>] ? depot_save_stack+0x13c/0x4a0 [ 1069.502545] [<000000006e7992bd>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 1069.502556] [<000000008c8b994a>] ? __might_fault+0x114/0x1d0 [ 1069.502564] [<000000007ee45eee>] binder_thread_write+0x730/0x20e0 [ 1069.502573] [<000000005e5a8e53>] ? trace_hardirqs_on+0x10/0x10 [ 1069.502581] [<00000000ef894f13>] ? trace_hardirqs_on_caller+0x385/0x5a0 [ 1069.502588] [<000000009e4ace83>] ? binder_transaction+0x5890/0x5890 [ 1069.502597] [<000000006e7992bd>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 1069.502604] [<0000000020549fde>] binder_ioctl+0xecd/0x1720 [ 1069.502611] [<000000005f9ec473>] ? binder_poll+0x240/0x240 [ 1069.502618] [<00000000a154a7aa>] ? __lock_acquire+0x5e0/0x4390 [ 1069.502626] [<000000002a4448b1>] ? __might_sleep+0x95/0x1a0 [ 1069.502632] [<000000005f9ec473>] ? binder_poll+0x240/0x240 [ 1069.502641] [<00000000c55544ad>] do_vfs_ioctl+0xb87/0x11d0 [ 1069.502651] [<00000000fdd217e2>] ? selinux_file_ioctl+0x103/0x550 [ 1069.502660] [<000000004136f489>] ? ioctl_preallocate+0x210/0x210 [ 1069.502668] [<00000000139cbbd9>] ? selinux_parse_skb.constprop.0+0x16b0/0x16b0 [ 1069.502677] [<000000008f18ee9a>] ? __fget+0x208/0x370 [ 1069.502693] [<00000000d0d5058f>] ? __fget+0x22f/0x370 [ 1069.502704] [<000000007ca8a6ec>] ? __fget+0x47/0x370 [ 1069.502717] [<00000000b78bf6b3>] ? security_file_ioctl+0x8f/0xc0 [ 1069.502728] [<00000000ec92a7e7>] SyS_ioctl+0x8f/0xc0 [ 1069.502736] [<000000002b62cbd8>] ? do_vfs_ioctl+0x11d0/0x11d0 [ 1069.502745] [<0000000096b1f2ac>] do_syscall_64+0x1ad/0x5c0 [ 1069.502755] [<00000000b1b61cc8>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 1069.502878] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 04 00 00 4d 8b 64 24 58 49 29 dc e8 6f 81 0f ff 4d 39 e6 76 07 e8 65 81 0f ff <0f> 0b e8 5e 81 0f ff 4c 8b 6d d0 4d 29 f4 4d 39 e5 77 e8 e8 4d [ 1069.502886] RIP [<0000000051fa6861>] binder_alloc_do_buffer_copy+0xcb/0x500 [ 1069.502889] RSP [ 1069.504164] ---[ end trace 591eac8966bb0117 ]--- [ 1069.504173] Kernel panic - not syncing: Fatal exception [ 1069.505021] Kernel Offset: disabled [ 1070.089288] Rebooting in 86400 seconds..