WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x108, 0x0, &(0x7f0000000880)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000440)={@flat=@weak_handle={0x77682a85, 0xb, 0x3}, @fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r1}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x1000}, @increfs={0x40046304, 0x2}, @dead_binder_done, @request_death={0x400c630e, 0x3}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000600)={@flat=@weak_binder={0x77622a85, 0x109, 0x3}, @ptr={0x70742a85, 0x0, &(0x7f0000000380)=""/59, 0x3b, 0x0, 0x38}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000580)={0x0, 0x18, 0x40}}, 0x400}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000680)={@fd={0x66642a85, 0x0, r4}, @flat=@binder={0x73622a85, 0x15, 0x1}, @fda={0x66646185, 0x7, 0x1, 0x1f}}, &(0x7f0000000700)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x0, &(0x7f0000000740)})

[ 1914.653327] binder: BINDER_SET_CONTEXT_MGR already set
[ 1914.663481] binder: 8018:8021 unknown command 1082309865
[ 1914.672451] binder: 8016:8024 unknown command 0
[ 1914.682311] binder: 8018:8021 ioctl c0306201 20000340 returned -22
[ 1914.684019] binder: 8015:8022 ioctl 40046207 0 returned -16
[ 1914.696404] binder: 8025:8027 unknown command 0
20:21:54 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b6300000c6300000e630c400000000000000000000000000763044000000000ea103c089b09601000d9a5628e395a67d7330848386eb0e7f6a8b3de2e1024634c4246913ee4a74ea9a2808ecdcd4d4cd62666cd3364085b56686593dc8a9843065c9efe9e00d9bba88d8ea0242aa50c275b2e12f91435999ede6bd515f1b2b77d7e326a18d2fbd87f6e277cb53ca31aa686b64fc425b4a521d3b1250df2233c814891115424d9666250d8cd1eeba30ab8f11bc75eea8a2072f1dbfd2a305f84cd0cc68ac62b0bebc6263fff64339d48a1a85e818bcd23fc171000"/228], 0x0, 0x0, 0x0})

[ 1914.699399] binder: 8016:8024 ioctl c0306201 20000200 returned -22
[ 1914.711964] binder: 8025:8027 ioctl c0306201 20000200 returned -22
[ 1914.718748] binder: 8015:8028 unknown command 0
[ 1914.730909] binder: 8018:8029 unknown command 1082309865
[ 1914.731854] binder: 8015:8028 ioctl c0306201 20000200 returned -22
[ 1914.740291] binder: 8018:8029 ioctl c0306201 20000340 returned -22
[ 1914.752972] binder: 8025:8027 ioctl 4112 0 returned -22
[ 1914.764262] binder: 8016:8024 unknown command 0
[ 1914.770335] binder: 8016:8024 ioctl c0306201 20000200 returned -22
[ 1914.787447] binder: BINDER_SET_CONTEXT_MGR already set
[ 1914.790806] binder: 8016:8031 unknown command 0
[ 1914.798610] binder: 8015:8022 ioctl 40046207 0 returned -16
[ 1914.799828] binder: BINDER_SET_CONTEXT_MGR already set
[ 1914.811676] binder: 8015:8028 unknown command 0
[ 1914.816808] binder: 8015:8028 ioctl c0306201 20000200 returned -22
[ 1914.825694] binder: 8025:8035 unknown command 0
[ 1914.826490] binder: 8016:8031 ioctl c0306201 20000200 returned -22
[ 1914.849406] binder: 8025:8035 ioctl c0306201 20000200 returned -22
[ 1914.854187] binder: 8016:8024 ioctl 40046207 0 returned -16
[ 1914.869750] binder: BINDER_SET_CONTEXT_MGR already set
[ 1914.876244] binder: 8025:8027 ioctl c0306201 20000540 returned -14
[ 1914.883111] binder: 8016:8034 ioctl 40046207 0 returned -16
[ 1914.900898] binder: 8025:8035 unknown command 0
[ 1914.906465] binder: BINDER_SET_CONTEXT_MGR already set
[ 1914.918448] binder: 8025:8035 ioctl c0306201 20000200 returned -22
[ 1914.923369] binder: 8025:8051 ioctl 4112 0 returned -22
[ 1914.942314] binder: 8025:8027 ioctl 40046207 0 returned -16
[ 1914.952429] binder: BINDER_SET_CONTEXT_MGR already set
[ 1914.971376] binder: 8025:8051 ioctl 40046207 0 returned -16
[ 1914.978081] binder: 8025:8027 unknown command 0
[ 1914.986460] binder: 8025:8035 ioctl c0306201 20000540 returned -14
[ 1914.996543] binder: 8025:8027 ioctl c0306201 20000200 returned -22
20:21:54 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

20:21:54 executing program 0:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:21:54 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$SIOCRSGCAUSE(r2, 0x89e0, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:21:54 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:21:54 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:21:54 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x741d81, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000180), 0x4)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f0000000240)=[@transaction={0x40406300, {0xfffffffe, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000340)}}], 0x0, 0x0, 0x0})

[ 1915.084996] binder: 8061:8062 unknown command 0
[ 1915.094582] binder: 8061:8062 ioctl c0306201 20000200 returned -22
[ 1915.107289] binder: 8061:8062 unknown command 0
[ 1915.113643] binder: 8061:8062 ioctl c0306201 20000200 returned -22
[ 1915.161161] binder: 8065:8067 unknown command 0
[ 1915.168091] binder: 8065:8067 ioctl c0306201 20000200 returned -22
[ 1915.174839] binder: 8066:8070 unknown command 0
[ 1915.179057] binder: 8069:8072 ioctl 89e0 20000040 returned -22
[ 1915.179750] binder: 8066:8070 ioctl c0306201 20000200 returned -22
[ 1915.193523] binder: 8065:8067 unknown command 0
[ 1915.194491] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.198759] binder: 8065:8067 ioctl c0306201 20000200 returned -22
20:21:54 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r1 = dup2(r0, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x30)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000180)={'ip6tnl0\x00', <r3=>0x0, 0x29, 0x15, 0x5, 0x8, 0x18, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, 0x80, 0x8, 0x6, 0x7ff}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000660000012bbd7000ffdbdf2500000000", @ANYRES32=r3, @ANYBLOB="0900100008f763000a000b00ffff000008000b000500000008000b000100010008000b00000100"/52], 0x4c}, 0x1, 0x0, 0x0, 0x48095}, 0x20008840)

[ 1915.214843] binder: 8064:8073 ioctl 40046207 0 returned -16
[ 1915.227421] binder_alloc: 8065: binder_alloc_buf size 158913789952 failed, no address space
[ 1915.238007] binder: 8064:8073 unknown command 0
[ 1915.246044] binder: 8066:8070 unknown command 0
[ 1915.252400] binder: 8069:8074 ioctl 89e0 20000040 returned -22
[ 1915.256179] binder: 8066:8070 ioctl c0306201 20000200 returned -22
[ 1915.261123] binder: 8064:8073 ioctl c0306201 20000200 returned -22
[ 1915.269354] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1915.301918] binder: BINDER_SET_CONTEXT_MGR already set
20:21:55 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b6300000c6300000e630c400000000000000000000000000763044000000000751b4a1a4cf2d6bcc02339547896ece5fccce2e29dce1ea55c575bdd5212830b6c9535954af142525f7b71253199deee83b4eb48af5b177debe883f00b7377eb88a9f0d23c1677cc76fdb1a3e1ca85db4455cd1be795f93aa63b58f7817aaa609d6b83d295665a76520aece1ac476b2f363429082791e1bb5974543ffea178ff"], 0x0, 0x0, 0x0})

[ 1915.312176] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.324060] binder: 8064:8077 unknown command 0
[ 1915.324854] binder: 8066:8070 ioctl 40046207 0 returned -16
[ 1915.328918] binder: 8066:8081 unknown command 0
[ 1915.349260] binder: 8064:8073 ioctl 40046207 0 returned -16
[ 1915.357683] binder: 8064:8077 ioctl c0306201 20000200 returned -22
20:21:55 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
syz_mount_image$xfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0xf35, 0x0, &(0x7f00000000c0), 0x40000, &(0x7f0000000180)={[{@nogrpid}, {@filestreams}, {@noikeep}, {@swidth={'swidth', 0x3d, 0x6a}}], [{@measure}, {@subj_user={'subj_user', 0x3d, '/dev/binder#\x00'}}, {@permit_directio}, {@subj_user={'subj_user', 0x3d, '/:%K^\xfb\x96**%)+}'}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}]})
r1 = syz_open_pts(0xffffffffffffffff, 0x505000)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1915.357955] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.373987] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.379887] binder: 8066:8081 ioctl c0306201 20000200 returned -22
[ 1915.396931] binder: 8065:8086 unknown command 0
[ 1915.403895] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.409618] binder: 8065:8090 unknown command 0
[ 1915.410507] binder: 8066:8085 ioctl 40046207 0 returned -16
[ 1915.416407] binder: 8065:8086 ioctl c0306201 20000200 returned -22
[ 1915.428443] binder: 8065:8089 ioctl 40046207 0 returned -16
[ 1915.430647] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.435753] binder: 8065:8067 ioctl 40046207 0 returned -16
[ 1915.447046] binder: 8065:8090 ioctl c0306201 20000200 returned -22
20:21:55 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:21:55 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/qat_c3xxx', 0x200280, 0x80)
mmap$binder(&(0x7f000003b000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x5)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)=ANY=[@ANYBLOB="8561646600000000010000000000000002000000000000001840170000000000852a646600000000d024c300f23575e0defb3bdb4e9e0901f8b42d1b9c50c73b914f02428fc775fe61eea2eccc45845cad7caf251f28c833156471", @ANYRES32=r0, @ANYBLOB="0000000000000000000000008561646600000000080000000000000000000000000000002d00000000000000"], &(0x7f0000000180)={0x0, 0x20, 0x38}}, 0x400}], 0x0, 0x0, 0x0})

[ 1915.471901] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.484041] binder: 8093:8095 ioctl 40046207 0 returned -16
[ 1915.489893] binder: 8088:8094 ioctl 40046207 0 returned -16
20:21:55 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1915.522287] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.529146] binder: 8088:8094 ioctl 40046207 0 returned -16
[ 1915.550753] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.565032] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.579869] binder: 8093:8095 ioctl 40046207 0 returned -16
[ 1915.591193] binder: 8103:8109 unknown command 0
[ 1915.593422] binder: 8102:8104 ioctl 40046207 0 returned -16
[ 1915.610100] binder: 8103:8109 ioctl c0306201 20000200 returned -22
[ 1915.620734] binder: 8107:8118 unknown command 0
[ 1915.630135] binder: 8102:8104 unknown command 0
[ 1915.636874] binder: 8107:8118 ioctl c0306201 20000200 returned -22
[ 1915.647056] binder: 8102:8104 ioctl c0306201 20000200 returned -22
[ 1915.670850] binder: 8103:8109 unknown command 0
[ 1915.674148] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.684076] binder: 8102:8120 unknown command 0
[ 1915.685139] binder: 8103:8109 ioctl c0306201 20000200 returned -22
[ 1915.689277] binder: 8102:8120 ioctl c0306201 20000200 returned -22
[ 1915.704751] binder: 8102:8104 ioctl 40046207 0 returned -16
[ 1915.712405] binder: 8107:8118 unknown command 0
[ 1915.717234] binder: 8107:8118 ioctl c0306201 20000200 returned -22
[ 1915.740005] binder_alloc: 8107: binder_alloc_buf size 158913789952 failed, no address space
[ 1915.745706] binder: 8103:8121 unknown command 0
[ 1915.759141] binder: 8103:8121 ioctl c0306201 20000200 returned -22
[ 1915.766624] binder: 8103:8128 unknown command 0
[ 1915.776104] binder: 8103:8128 ioctl c0306201 20000200 returned -22
[ 1915.783283] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1915.807811] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.819708] binder: 8107:8123 unknown command 0
[ 1915.830731] binder: 8107:8123 ioctl c0306201 20000200 returned -22
[ 1915.840760] binder: BINDER_SET_CONTEXT_MGR already set
[ 1915.848848] binder: 8107:8131 ioctl 40046207 0 returned -16
[ 1915.851447] binder: 8107:8118 ioctl 40046207 0 returned -16
[ 1915.861463] binder: 8107:8132 unknown command 0
[ 1915.872319] binder: 8107:8132 ioctl c0306201 20000200 returned -22
[ 1915.889630] binder: 8146:8148 unknown command 0
[ 1915.899259] binder: 8146:8148 ioctl c0306201 20000200 returned -22
[ 1915.904634] ieee802154 phy1 wpan1: encryption failed: -22
[ 1915.926357] binder: 8146:8148 unknown command 0
20:21:55 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

20:21:55 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/204, 0xcc}, {&(0x7f0000000040)=""/33, 0x21}, {&(0x7f0000000080)=""/50, 0x32}, {&(0x7f0000000280)=""/150, 0x96}], 0x4, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:21:55 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r4, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
mmap(&(0x7f0000118000/0x3000)=nil, 0x3000, 0x1800003, 0x110, r4, 0x4e02d000)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0})

20:21:55 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:21:55 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000000c0)={0x20, 0x0, &(0x7f0000000040)=[@release, @decrefs, @clear_death={0x400c630f, 0x3}], 0x39, 0x0, &(0x7f0000000080)="f50579132820597c880d38fed486caff7920220208799a8907e487a69e1a32a56897dec9dd9e7cc484ede257cb29d458a9cee3ef7d6c3e962d"})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:21:55 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1915.939578] binder: 8146:8148 ioctl c0306201 20000200 returned -22
[ 1916.011966] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.015932] binder: 8155:8160 unknown command 0
[ 1916.030305] binder: 8155:8160 ioctl c0306201 20000200 returned -22
[ 1916.035949] binder: 8156:8158 ioctl 40046207 0 returned -16
20:21:55 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x30, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0bb003e4a639d301ed0000000000000000000000000000000e630c400000000000000000000000000763044000000004"], 0x0, 0x0, 0x0})

[ 1916.061125] binder: 8155:8160 unknown command 0
[ 1916.067554] binder: 8159:8165 unknown command 0
[ 1916.075187] binder: 8159:8165 ioctl c0306201 20000200 returned -22
[ 1916.078280] binder: 8156:8166 unknown command 0
[ 1916.088764] binder: 8155:8160 ioctl c0306201 20000200 returned -22
20:21:55 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x800)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300000c6300000e631d4000000000ff7f0000000000000763044000000000"], 0x0, 0x0, 0x0})

[ 1916.110949] binder: 8156:8166 ioctl c0306201 20000200 returned -22
[ 1916.120823] binder: 8155:8169 ioctl c0306201 20000540 returned -14
[ 1916.134315] binder: 8159:8165 unknown command 0
[ 1916.140560] binder: 8159:8165 ioctl c0306201 20000200 returned -22
[ 1916.147315] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.158698] binder: 8155:8169 unknown command 0
[ 1916.166525] binder_alloc: 8159: binder_alloc_buf size 158913789952 failed, no address space
[ 1916.167415] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.180779] binder: 8155:8160 ioctl 40046207 0 returned -16
[ 1916.186662] binder: 8170:8172 unknown command -469520373
[ 1916.201148] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1916.201451] binder: 8155:8169 ioctl c0306201 20000200 returned -22
[ 1916.217745] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.218800] binder: 8170:8172 ioctl c0306201 20000340 returned -22
[ 1916.232496] binder: 8155:8178 ioctl 40046207 0 returned -16
[ 1916.238388] binder: 8156:8166 unknown command 0
[ 1916.244054] binder: 8156:8166 ioctl c0306201 20000200 returned -22
[ 1916.246575] binder: 8159:8171 unknown command 0
[ 1916.254666] binder: 8156:8158 ioctl 40046207 0 returned -16
[ 1916.258756] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.270306] binder: 8155:8173 unknown command 0
[ 1916.277136] binder: 8155:8173 ioctl c0306201 20000200 returned -22
[ 1916.284215] binder: 8174:8179 unknown command 1075667726
[ 1916.290353] binder: 8174:8179 ioctl c0306201 20000340 returned -22
[ 1916.297993] binder: 8170:8186 unknown command -469520373
[ 1916.298079] binder: 8159:8171 ioctl c0306201 20000200 returned -22
20:21:56 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:21:56 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
r4 = accept$phonet_pipe(r3, &(0x7f0000000040), &(0x7f0000000080)=0x10)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000001, 0x2010, r4, 0x9e2c6000)

[ 1916.321238] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.327584] binder: 8159:8183 unknown command 0
[ 1916.331863] binder: 8170:8186 ioctl c0306201 20000340 returned -22
[ 1916.333103] binder: 8159:8182 ioctl 40046207 0 returned -16
[ 1916.345572] binder: 8159:8165 ioctl 40046207 0 returned -16
20:21:56 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
ioctl$BLKROGET(r2, 0x125e, &(0x7f0000000040))
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mmap$binder(&(0x7f000044c000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1916.387468] binder: 8159:8183 ioctl c0306201 20000200 returned -22
[ 1916.407499] binder: 8174:8187 unknown command 1075667726
20:21:56 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1916.432663] binder: 8174:8187 ioctl c0306201 20000340 returned -22
[ 1916.439662] binder: 8188:8191 unknown command 0
[ 1916.445436] binder: 8188:8191 ioctl c0306201 20000200 returned -22
[ 1916.455571] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.474512] binder: 8188:8191 ioctl 125e 20000040 returned -22
[ 1916.496452] binder: 8190:8195 ioctl 40046207 0 returned -16
[ 1916.530536] binder: 8190:8199 unknown command 0
[ 1916.547745] binder: 8188:8191 unknown command 0
[ 1916.551449] binder: 8190:8199 ioctl c0306201 20000200 returned -22
[ 1916.558933] binder: 8188:8191 ioctl c0306201 20000200 returned -22
[ 1916.583335] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.588935] binder: 8190:8195 ioctl 40046207 0 returned -16
[ 1916.597239] binder: 8202:8204 unknown command 0
[ 1916.598658] binder: 8190:8199 unknown command 0
[ 1916.602233] binder: 8188:8200 ioctl c0306201 20000540 returned -14
[ 1916.623743] binder: 8202:8204 ioctl c0306201 20000200 returned -22
[ 1916.635158] binder: 8190:8199 ioctl c0306201 20000200 returned -22
[ 1916.636261] binder: 8188:8191 unknown command 0
[ 1916.649674] binder: 8188:8200 ioctl 125e 20000040 returned -22
[ 1916.668392] binder: 8188:8191 ioctl c0306201 20000200 returned -22
[ 1916.675659] binder: 8188:8209 unknown command 0
[ 1916.676981] binder: 8202:8204 unknown command 0
[ 1916.680401] binder: 8188:8209 ioctl c0306201 20000200 returned -22
[ 1916.680533] binder: 8188:8210 ioctl c0306201 20000540 returned -14
[ 1916.686503] binder: 8202:8204 ioctl c0306201 20000200 returned -22
[ 1916.707950] binder_alloc: 8202: binder_alloc_buf size 158913789952 failed, no address space
[ 1916.717481] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1916.743726] binder: 8202:8208 unknown command 0
[ 1916.748812] binder: 8202:8208 ioctl c0306201 20000200 returned -22
[ 1916.755802] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.765681] binder: 8202:8204 ioctl 40046207 0 returned -16
[ 1916.778565] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.795331] binder: 8202:8213 ioctl 40046207 0 returned -16
[ 1916.795458] binder: 8202:8214 unknown command 37
[ 1916.812058] binder: 8217:8218 unknown command 0
[ 1916.816199] binder: 8202:8214 ioctl c0306201 20000200 returned -22
[ 1916.817541] binder: 8217:8218 ioctl c0306201 20000200 returned -22
[ 1916.845457] binder: 8217:8218 unknown command 0
[ 1916.850310] binder: 8217:8218 ioctl c0306201 20000200 returned -22
20:21:56 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xa8, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire_done={0x40106309, 0xffffffffffffffff}], 0x0, 0x0, 0x0})

20:21:56 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x804)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:21:56 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
uselib(&(0x7f00000000c0)='./file0/file0\x00')
symlinkat(&(0x7f0000000040)='./file0\x00', r3, &(0x7f0000000080)='./file0\x00')
r4 = open(&(0x7f0000000180)='./file0/file0\x00', 0x20382, 0xa0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000180)={0x1})
close(0xffffffffffffffff)
r6 = eventfd2(0x80, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000380), 0x3000020, &(0x7f00000003c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@cache_loose}], [{@euid_lt}, {@euid_lt={'euid<', 0xee00}}, {@seclabel}]}})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000012a80)={0x1c, r8, 0xa09, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_GET_INTERFACE(r4, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="00022cbd7000fb05df0300009c13", @ANYRES32=0x0, @ANYBLOB="0c009900feffffff09000000"], 0x28}, 0x1, 0x0, 0x0, 0x80c0}, 0x40800)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0b63000007630440030000000e630c4000be716b3a000000000000000463044003000000ef7fb934758b59478561899ce8b9f9060c6d2ab4d1f5fa7e8531115a5a71d32555d81d1fa6695e82834edbba070009b3050b82dd7b5d296a7db9a807a9bfd8690143746002a567c852b0d46d143bb4a5a6cf3e43f8266558f41a1ca468458bdb697b84627e6741875b8e261a22050268f6738cb255dbef81c2b0a702ea67758b7c8b206e3c51288e51e16248879601f55e5651b9f3cf7a7508dfe47951267c25c6d9cd851bc67d89f45cd3f6c8b28379d08287e415c9b476bf234e0438a7ae1c636fe10182da57f1078dbf920c03c2974c2020fafb6c6aae94e55984c6170e2116a5e3b9545b2ca0e7f5a0f749e5bbd5831cb64f4239e3d2ef3250d7c3d711e5321067a945b9eba43d65661515e38d621c354af3dbad8095ac1cd78cc851623e473effffc2198765c621ce5a6f89d62b24c2421721de0d7f7b6e890b995849b374189c799bae090e32d9cc1481752dd70f6997e53f3f5af89fdabc1297745b09b9e5827091f3da1f3c23b9a6c76950c4ede953"], 0x0, 0x0, 0x0})

20:21:56 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:21:56 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
r5 = accept4$bt_l2cap(r2, &(0x7f0000000440)={0x1f, 0x0, @none}, &(0x7f0000000480)=0xe, 0x80000)
fsetxattr$security_capability(r5, &(0x7f0000000540), &(0x7f0000000580)=@v1={0x1000000, [{0x0, 0x8}]}, 0xc, 0x1)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0xb0, 0x0, &(0x7f0000000600)=[@decrefs={0x40046307, 0x1}, @enter_looper, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r6}, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x8, 0x0, 0x22}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}}, @increfs, @increfs={0x40046304, 0x2}, @register_looper, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)={@fd={0x66642a85, 0x0, r4}, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/110, 0x6e, 0x1, 0x39}}, &(0x7f00000001c0)={0x0, 0x18, 0x30}}, 0x1000}], 0xca, 0x0, &(0x7f00000006c0)="f8b780c1e531512afbb5fe5106b1ff652c87c27fadfbae3e76ae428bb3091e3bdc9812928a33241beec090fb6895052e8cfe700831126ff8b7f87ff3b860d868c335cfecebb1f78bc02926f4c6618a7f912cde4ed7dad2761b715c7fbfadf02a515e8e640d8ed64fe0dbaa115d042d4b7d62d81084b8618492373cd9af81010a46ab38c01e851121a7880fa014ba931950d9c62aacc285af38385ec6d5291785832758b1c3657fe4ee6042c1ff6e648fbc1e3999cb6267a1b15396e3669864b4c1c4a55e5020639ea8ac"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd4, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:21:56 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1916.955007] binder: BINDER_SET_CONTEXT_MGR already set
[ 1916.962514] binder: 8227:8230 unknown command 0
[ 1916.967871] binder: 8223:8229 ioctl 40046207 0 returned -16
[ 1916.974931] binder: 8227:8230 ioctl c0306201 20000200 returned -22
[ 1916.982941] binder: 8224:8231 unknown command 0
[ 1916.988181] binder: 8224:8231 ioctl c0306201 20000200 returned -22
[ 1917.006006] binder: 8227:8230 unknown command 0
[ 1917.012533] binder: 8223:8237 unknown command 0
[ 1917.017889] binder: 8227:8230 ioctl c0306201 20000200 returned -22
20:21:56 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$PPPIOCSACTIVE(r2, 0x40107446, &(0x7f00000000c0)={0xe, &(0x7f00000001c0)=[{0x5, 0x3, 0x7f, 0x6}, {0x800, 0x3f, 0x1, 0xfffffff8}, {0x8, 0x8, 0x4, 0x800}, {0x7, 0x40, 0x20, 0x4}, {0x44cf, 0x7, 0x4, 0x8}, {0x3, 0x20, 0x21, 0x200}, {0x3, 0x3f, 0x8, 0x6}, {0x7f, 0x7, 0x5, 0x400}, {0x95e, 0xfe, 0x7, 0x1b00}, {0xff, 0x0, 0x0, 0x75}, {0x800, 0x3f, 0x3f, 0xabfb}, {0x0, 0x20, 0x60, 0xeb4}, {0x3, 0x1, 0x81, 0x4a}, {0x5, 0x8, 0x7, 0x6}]})
ioctl$KDFONTOP_COPY(r2, 0x4b72, &(0x7f0000000040)={0x3, 0x1, 0x6, 0x18, 0x1eb, &(0x7f0000000400)})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1917.047552] binder: 8238:8239 unknown command 0
[ 1917.060449] binder: 8224:8231 unknown command 0
[ 1917.067918] binder_alloc: 8227: binder_alloc_buf size -16 failed, no address space
[ 1917.069404] binder: 8223:8237 ioctl c0306201 20000200 returned -22
[ 1917.083831] binder: 8224:8231 ioctl c0306201 20000200 returned -22
[ 1917.099895] binder_alloc: 8224: binder_alloc_buf size 158913789952 failed, no address space
[ 1917.111109] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1917.123198] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.129900] binder: 8223:8229 ioctl 40046207 0 returned -16
[ 1917.136074] binder: 8223:8237 unknown command 0
[ 1917.141046] binder: 8223:8237 ioctl c0306201 20000200 returned -22
20:21:56 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$FUSE(r5, &(0x7f0000004280)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
ioctl$SIOCAX25ADDUID(r4, 0x89e1, &(0x7f00000000c0)={0x3, @bcast, r6})
ioctl$SIOCAX25ADDUID(r3, 0x89e1, &(0x7f00000000c0)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, r6})
r7 = getegid()
r8 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r9=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000300)='./file0\x00', 0xffffffffffffffff, r9)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="02000000010004000000000002000400", @ANYRES32, @ANYBLOB="02000200", @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES32=r6, @ANYBLOB="02000500", @ANYRES32=0xee00, @ANYBLOB="040004000000000008000600", @ANYRES32=0xee01, @ANYBLOB="08000600", @ANYRES32=r7, @ANYBLOB="08000400", @ANYRES32=r9, @ANYBLOB="08000400", @ANYRES32, @ANYBLOB="100002000000000020000400000000e7"], 0x64, 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x420c40, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r10, 0x0)
preadv(r10, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300004e6300000e630c40ff00000000000000000000000763044000000000"], 0x0, 0x0, 0x0})

[ 1917.144142] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1917.164658] binder: 8241:8244 ioctl 40107446 200000c0 returned -22
[ 1917.178323] binder: 8227:8240 ioctl c0306201 20000040 returned -14
20:21:56 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x68}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1917.202499] binder: 8241:8244 ioctl 4b72 20000040 returned -22
[ 1917.213914] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.220034] binder: 8227:8230 ioctl 40046207 0 returned -16
[ 1917.226370] binder: 8227:8240 unknown command 0
[ 1917.237062] binder: 8248:8250 unknown command 25422
[ 1917.244993] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.245276] binder: 8241:8251 ioctl 40107446 200000c0 returned -22
[ 1917.256880] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.256898] binder: 8227:8254 ioctl 40046207 0 returned -16
[ 1917.261023] binder: 8224:8253 unknown command 0
[ 1917.262491] binder: 8227:8240 ioctl c0306201 20000200 returned -22
[ 1917.272130] binder: 8224:8253 ioctl c0306201 20000200 returned -22
[ 1917.284037] binder: 8248:8250 ioctl c0306201 20000340 returned -22
[ 1917.288938] binder: 8224:8231 ioctl 40046207 0 returned -16
[ 1917.294282] binder: 8241:8244 ioctl 4b72 20000040 returned -22
[ 1917.303185] binder: 8227:8254 unknown command 0
[ 1917.311394] binder: 8227:8254 ioctl c0306201 20000200 returned -22
[ 1917.318214] binder: 8227:8257 unknown command 1179403647
[ 1917.323687] binder: 8224:8262 unknown command 0
[ 1917.323713] binder: 8224:8262 ioctl c0306201 20000200 returned -22
[ 1917.325118] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.337969] binder: 8227:8257 ioctl c0306201 20000040 returned -22
[ 1917.358484] binder: 8255:8263 ioctl 40046207 0 returned -16
[ 1917.394102] binder: 8255:8268 unknown command 0
20:21:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x7a1100, 0x11f)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:21:57 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
pipe2(&(0x7f0000001a80)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80000)
ioctl$INCFS_IOC_PERMIT_FILL(r4, 0x40046721, &(0x7f0000001ac0)={r0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x9c, 0x0, &(0x7f0000000240)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000040)={@fda={0x66646185, 0x4, 0x2, 0x34}, @fda={0x66646185, 0x6, 0x2}, @flat=@weak_binder={0x77622a85, 0x100}}, &(0x7f00000000c0)={0x0, 0x20, 0x40}}}, @register_looper, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/4096, 0x1000, 0x0, 0x26}, @fd, @fda={0x66646185, 0x3, 0x2, 0x1c}}, &(0x7f0000000200)={0x0, 0x28, 0x40}}, 0x1000}], 0xfe, 0x0, &(0x7f0000001400)="a1d0ecd6301b2008f2836757626f42d196fd6e85df85409ccd8d769531d4b7c42c4d16f4ffb794482f363d7dcd4449014e36bfad917106ac2ff7dfad46d970b36f4bc0fe286e6eabbdc85ef67baf7230dc350d423936b08ffc527f298225f93614d244c03ffa3a0f2d4cae82235784f3568d5af696b64f0df288d2018a2828e3e5e0d95be89af4efa3600e185de5b93100416dd2bf01bb76cdfa366ebc185ac2268ed1dc87ac32be4b7386e96f238cae3e9c1bfc3f57cda5834ceba94c490e08349becffd8f74ea3a6cce8fe7e759d18f8def4c49fd3a58c2fa57d666c602c9cae7aac6acd4c6cce5b18d2425e5f24d503e77da2391f910c81a35021b360"})
pipe(&(0x7f0000001a00)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
inotify_add_watch(r5, &(0x7f0000001a40)='./bus\x00', 0x30000810)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000180)={0x1})
close(r6)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000019c0)={0x104, 0x0, &(0x7f00000017c0)=[@register_looper, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000001500)={@flat=@weak_handle={0x77682a85, 0x100, 0x2}, @fda={0x66646185, 0x8, 0x0, 0x11}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000380)={0x0, 0x18, 0x38}}, 0x1000}, @acquire_done, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000001580)=ANY=[@ANYBLOB="8561646600000001010000000000000000000000000000002b0000000000000085616466000000000300000000000000000000000000000004000000000000008561646600000000040000000000000000000000000000002d00000000000000"], &(0x7f0000001600)={0x0, 0x20, 0x40}}, 0x400}, @release={0x40046306, 0x2}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x60, 0x18, &(0x7f0000001700)={@fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x1, &(0x7f0000001640)=""/137, 0x89, 0x0, 0x25}, @fda={0x66646185, 0x6, 0x0, 0x14}}, &(0x7f0000001780)={0x0, 0x18, 0x40}}, 0x40}], 0xbb, 0x0, &(0x7f0000001900)="65147ca17b70470b014fa8487106fb57f5fcc9d3e8e32c9792c7cc87cb2d3fbad6993397f0f20078a09b0f70d777d69a273be0ba03152948aaa5ebac35b19b5245abbf4c1b5d5f169aaca5bf03ea80121b08ae92a1066e3f3b985fc2fef69426949fa0dbb882c350fadb6bb92612e00bb48d493478c9a5baddd98cd6f96d7977cec0e3a2069324eb825ba8a3689742e17ba9ac91bcfe4bea041f9362358c264f77026fbf86a5b6946b62eda71907bf7a08ab76c457c8cdcb3e1a32"})

20:21:57 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1917.417237] binder: 8255:8268 ioctl c0306201 20000200 returned -22
[ 1917.441486] binder_alloc_new_buf_locked: 16 callbacks suppressed
[ 1917.441494] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1917.486657] binder: 8255:8268 unknown command 0
[ 1917.493621] binder: 8255:8268 ioctl c0306201 20000200 returned -22
[ 1917.500360] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.524300] binder: 8255:8263 ioctl 40046207 0 returned -16
[ 1917.530368] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1917.530561] binder: 8272:8280 unknown command 0
[ 1917.553041] binder: 8272:8280 ioctl c0306201 20000200 returned -22
[ 1917.584680] binder: 8272:8280 unknown command 0
[ 1917.598102] binder: 8272:8280 ioctl c0306201 20000200 returned -22
[ 1917.607987] binder_alloc: 8272: binder_alloc_buf size 158913789952 failed, no address space
[ 1917.624863] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1917.639165] binder: 8238:8243 unknown command 0
[ 1917.649713] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.667121] binder: 8272:8280 ioctl 40046207 0 returned -16
[ 1917.677330] binder: 8272:8285 unknown command 0
[ 1917.686924] binder: 8272:8285 ioctl c0306201 20000200 returned -22
[ 1917.692586] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.699979] binder: 8238:8243 ioctl c0306201 20000200 returned -22
[ 1917.707987] binder: 8272:8288 ioctl 40046207 0 returned -16
[ 1917.710814] binder: 8238:8239 ioctl c0306201 20000200 returned -22
[ 1917.726562] binder: 8272:8280 unknown command 0
20:21:57 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xa8, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire_done={0x40106309, 0xffffffffffffffff}], 0x0, 0x0, 0x0})

20:21:57 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x7, &(0x7f0000000080)={0x1})
dup2(r4, r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
close(r5)
write$binfmt_elf64(r5, &(0x7f0000000880)=ANY=[@ANYBLOB="7f454c46dea60601050000000000000002003e00070000008803000000000000400000000000000046010000000000000900000054003800020081006800090003000000c90000001f00000000000000010000000000000009000000000000004a000000000000000500000000000000f9ffffffffffffff659174f5b9003d075b183e086cfc957d5b915f49806f6d642b4b5ba3d979fb9de9da9cae3714c9e27ee525bbed77c31832f49d23bccd4388724c6c401685122da9414fa2b271336fa7422a1409a068b46964477375bca9d3d22da22fd056dcc13218336b765c0161806a52cf2f13c34f95fceaf387a991ff9bcb4a67eaff35825d58502020d5c10e8631deef38e47d0fc459a6b2772d8e23380c4638976bef1b8fe0fd85ca97cc85cfc37066a26f287930b8c394a7ffe53227f3ec52ebfd72fe24569bf5bed8923248ccba34a977e28f286c6524d628e4b8aacd87bdbd639cda0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3000000000000000000000000000000000000000000000000000000000000000000000500"/2389], 0x958)

20:21:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0})
getpeername$unix(r2, &(0x7f0000000040)=@abs, &(0x7f00000000c0)=0x6e)

20:21:57 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6c}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:21:57 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000080), 0x0, 0x2)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x1c, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @free_buffer, @decrefs], 0x0, 0x0, 0x0})

20:21:57 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1917.738890] binder: 8272:8280 ioctl c0306201 20000200 returned -22
[ 1917.805697] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.812853] binder: 8291:8299 unknown command 0
[ 1917.824758] binder: 8293:8298 ioctl 40046207 0 returned -16
[ 1917.827883] binder: 8291:8299 ioctl c0306201 20000200 returned -22
[ 1917.841849] binder: 8293:8298 unknown command 0
[ 1917.850346] binder: 8296:8303 unknown command 0
20:21:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = request_key(&(0x7f0000000280)='dns_resolver\x00', &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0)
r3 = dup2(r1, r0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
request_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='/dev/binder#\x00', r2)

[ 1917.854869] binder: 8293:8298 ioctl c0306201 20000200 returned -22
[ 1917.865769] binder: 8296:8303 ioctl c0306201 20000200 returned -22
[ 1917.874550] binder: 8291:8305 unknown command 0
[ 1917.908467] binder: 8296:8303 unknown command 0
[ 1917.914464] binder: 8291:8305 ioctl c0306201 20000200 returned -22
[ 1917.922974] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1917.925106] binder: 8296:8303 ioctl c0306201 20000200 returned -22
[ 1917.938012] binder: 8291:8299 ioctl c0306201 20000540 returned -14
[ 1917.942745] binder: BINDER_SET_CONTEXT_MGR already set
[ 1917.953114] binder: 8293:8306 unknown command 0
[ 1917.958827] binder: 8293:8306 ioctl c0306201 20000200 returned -22
[ 1917.964661] binder_alloc: 8296: binder_alloc_buf size 158913789952 failed, no address space
[ 1917.965885] binder: 8293:8298 ioctl 40046207 0 returned -16
[ 1917.988760] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1917.996416] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:21:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = dup3(r0, r0, 0x80000)
ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000380)=0xc7c9)
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r3 = dup2(r2, r0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
r5 = accept$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14)
ioctl$INCFS_IOC_CREATE_FILE(r5, 0xc058671e, &(0x7f0000000580)={{'\x00', 0x2}, {0x7}, 0x12, 0x0, 0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='.\x00', &(0x7f00000001c0)="4da4d31ebfe47712a8d96579cda27838360ae1a256debf1959ce57e0db3a7515f156dc0d2ec86fab890e49925036ae1a543901a5e19c34f3adf6de7151805ef9a2dc6ba1e6b9a65e42523825e3b1d5675ca8216b2d4b2aa6c589dd5d7a9b66f631de695e626492c7321607ca50e4ed5893864aa37967486f89493f01f6242fd8ac40d8cbfa6616c3a2dce9571fb0708241e29aa15bb1b9271c6f04861c6d6038f1436d7c548b9a8ac20d94793a8313a90fcba912b1059146999343742f90d01958a73a882577b1c2633c513e954e599ef73d3a40c1dd30ba9d48f0f5b16b4b2abf147be389ddd819d84451cbc5f3560fc34e644daf6f54f85694f702794b1a814f0d35f7a7d3833e0ca51ea4dd1df1cb3029b9e7030c3516ac5e6237a81e4242b4085e8e97b67a946ec746572be5b25f44bd53915c24ad021d77d5bc4a0102828835e432b4c069ba6ab71b86bc", 0x14d, 0x0, &(0x7f0000000400)={0x2, 0xad, {0x1, 0xc, 0x54, "b2dafd810af789dd737c8c4b5712ecc23038105e32a5ca87da04ab7b41afeaeae44f881ba3bba41b97671a343652af7a74406f271af96e11b8a056a1fd916dc9626559455f1a630a718049716f0563c8fb04c3bf", 0x4c, "3bdcab45a2fbdba2b29ddda0263b92951bc01a8f7d430e26a23a6846925ca2c73e09c25e0cbe94e52f4896d9d202a16c6bc5c4cd60eacc6affec54dfb65c104e1413f73ef30be273e8f48422"}, 0x89, "b3155688504dcf7ee7b932768ec8b7df043724cec4f8867d79fa8aadb503161ef57713e108cabe6f7c7ff2ff11899dfff7a7236d52e9f1d4f614553eeed39bd515b8ad7916e42babd909c3de75aff46b33ced185a8f2928ca7956c66bcf625daac031e3cf84167078b957ae43929eca65a70715680ecb5c35638b542a0ef516a2d8a85a6c24f199dd1"}, 0x142})
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1918.014301] binder: 8291:8305 unknown command 0
[ 1918.019018] binder: 8291:8305 ioctl c0306201 20000200 returned -22
[ 1918.049361] binder: BINDER_SET_CONTEXT_MGR already set
20:21:57 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1918.060743] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.067284] binder: 8296:8303 ioctl 40046207 0 returned -16
[ 1918.067322] binder: 8296:8313 unknown command 0
[ 1918.086567] binder: 8291:8305 ioctl 40046207 0 returned -16
[ 1918.103190] binder: 8291:8323 unknown command 0
[ 1918.108141] binder: BINDER_SET_CONTEXT_MGR already set
20:21:57 executing program 0:
mount(&(0x7f00000000c0)=@sg0, &(0x7f0000000180)='./bus/file0\x00', &(0x7f00000001c0)='bdev\x00', 0x40000, &(0x7f0000001480)='/dev/binder#\x00')
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x280000, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x7, &(0x7f0000000080)={0x1})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r5, 0x81e8943c, &(0x7f0000000200)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, <r6=>0x0})
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r5, 0x5000943f, &(0x7f0000000480)={{}, r6, 0x4, @inherit={0x50, &(0x7f0000000400)={0x1, 0x1, 0x0, 0x0, {0x6, 0x6, 0x9, 0x8, 0x1a10}, [0x7]}}, @subvolid=0x2})
ioctl$BTRFS_IOC_WAIT_SYNC(r4, 0x40089416, &(0x7f0000000040)=r6)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1918.119791] binder: 8296:8313 ioctl c0306201 20000200 returned -22
[ 1918.133634] binder: 8296:8303 ioctl 40046207 0 returned -16
[ 1918.133799] binder: 8296:8320 unknown command 0
[ 1918.140111] binder: 8291:8323 ioctl c0306201 20000200 returned -22
[ 1918.154573] binder: 8291:8305 ioctl c0306201 20000540 returned -14
20:21:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x40010, r3, 0xffffc000)
r4 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0)
close(r4)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300000c6300000e630c400000000000000763044000200000"], 0x0, 0x0, 0x0})

[ 1918.176773] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.182703] binder: 8296:8320 ioctl c0306201 20000200 returned -22
[ 1918.188383] binder: 8329:8330 unknown command 0
[ 1918.203005] binder: 8324:8328 ioctl 40046207 0 returned -16
20:21:58 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0)
ioctl$KVM_GET_NR_MMU_PAGES(r4, 0xae45, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1918.235334] binder: 8324:8333 unknown command 0
[ 1918.240346] binder: 8324:8333 ioctl c0306201 20000200 returned -22
[ 1918.260638] binder: 8332:8336 unknown command 0
[ 1918.266176] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1918.293920] binder: 8324:8333 unknown command 0
[ 1918.294162] binder: 8332:8336 ioctl c0306201 20000340 returned -22
[ 1918.302231] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.313283] binder: 8324:8328 ioctl 40046207 0 returned -16
[ 1918.320873] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1918.333970] binder: 8324:8333 ioctl c0306201 20000200 returned -22
[ 1918.353373] binder: 8339:8343 unknown command 0
[ 1918.354978] binder: 8332:8344 unknown command 0
[ 1918.364119] binder: 8339:8343 ioctl c0306201 20000200 returned -22
[ 1918.388496] binder: 8339:8343 unknown command 0
[ 1918.398954] binder: 8332:8344 ioctl c0306201 20000340 returned -22
[ 1918.408397] binder: 8339:8343 ioctl c0306201 20000200 returned -22
[ 1918.427849] binder: 8339:8343 ioctl c0306201 20000540 returned -14
[ 1918.464661] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.484408] binder: 8339:8343 ioctl 40046207 0 returned -16
[ 1918.484487] binder: 8339:8349 unknown command 0
[ 1918.500680] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.520980] binder: 8339:8349 ioctl c0306201 20000200 returned -22
[ 1918.528104] binder: 8339:8350 ioctl 40046207 0 returned -16
[ 1918.536194] binder: 8339:8343 unknown command 0
[ 1918.536208] binder: 8339:8352 ioctl c0306201 20000540 returned -14
[ 1918.561550] binder: 8339:8343 ioctl c0306201 20000200 returned -22
20:21:58 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xa8, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire_done={0x40106309, 0xffffffffffffffff}], 0x0, 0x0, 0x0})

20:21:58 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:21:58 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7a}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:21:58 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat$cgroup_int(r2, &(0x7f00000000c0)='io.max\x00', 0x2, 0x0)
sendfile(r0, r3, &(0x7f0000000380)=0xf33e, 0x5)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
ioctl$LOOP_GET_STATUS(r4, 0x4c03, &(0x7f0000000180))
preadv(r4, &(0x7f0000001600)=[{&(0x7f0000000080)=""/36, 0x24}, {&(0x7f0000000240)=""/122, 0x7a}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/98, 0x62}, {&(0x7f0000001400)=""/173, 0xad}, {&(0x7f00000014c0)=""/179, 0xb3}, {&(0x7f0000001580)=""/68, 0x44}], 0x7, 0xda0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/tm6000_dvb', 0x20400, 0x142)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:21:58 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
dup2(r1, r2)
r3 = syz_open_dev$binderN(&(0x7f0000000280), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
getsockopt$TIPC_SOCK_RECVQ_DEPTH(r5, 0x10f, 0x84, &(0x7f0000000080), &(0x7f00000001c0)=0x4)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1918.677813] binder: 8329:8338 unknown command 0
[ 1918.697042] binder: 8329:8330 ioctl c0306201 20000200 returned -22
[ 1918.704694] binder: 8329:8338 ioctl c0306201 20000200 returned -22
[ 1918.763618] binder: 8358:8364 unknown command 0
[ 1918.768691] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.775422] binder: 8361:8363 unknown command 0
[ 1918.775631] binder: 8359:8362 ioctl 40046207 0 returned -16
[ 1918.780135] binder: 8361:8363 ioctl c0306201 20000200 returned -22
[ 1918.792936] binder: 8358:8364 ioctl c0306201 20000200 returned -22
[ 1918.806412] binder: 8361:8363 unknown command 0
[ 1918.808141] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.811221] binder: 8361:8363 ioctl c0306201 20000200 returned -22
[ 1918.819794] binder: 8359:8367 unknown command 0
[ 1918.824585] binder: 8358:8364 ioctl 40046207 0 returned -16
[ 1918.829002] binder_alloc: 8361: binder_alloc_buf size 158913789952 failed, no address space
[ 1918.845913] binder: 8358:8364 ioctl c0306201 20000200 returned -22
20:21:58 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300000c6300000e631c4000000000000016ce385af91c73e1b18b74000000"], 0x0, 0x0, 0x0})
ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f0000000040))

[ 1918.862577] binder: 8358:8364 ioctl c0306201 20000540 returned -14
[ 1918.866289] binder: 8359:8367 ioctl c0306201 20000200 returned -22
[ 1918.883780] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1918.893940] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1918.903824] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.910356] binder: 8358:8364 unknown command 0
[ 1918.915622] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.925802] binder: 8358:8364 ioctl c0306201 20000200 returned -22
[ 1918.933877] binder: BINDER_SET_CONTEXT_MGR already set
[ 1918.936084] binder: 8359:8362 ioctl 40046207 0 returned -16
[ 1918.939244] binder: 8359:8367 unknown command 0
[ 1918.948970] binder: 8358:8374 ioctl c0306201 20000540 returned -14
[ 1918.960760] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1918.972226] binder: 8361:8363 ioctl 40046207 0 returned -16
[ 1918.973317] binder: 8358:8369 ioctl 40046207 0 returned -16
[ 1918.978397] binder: 8358:8371 ioctl c0306201 20000200 returned -22
[ 1918.980480] binder: 8361:8377 unknown command 0
[ 1918.997999] binder: 8359:8367 ioctl c0306201 20000200 returned -22
[ 1919.006448] binder: BINDER_SET_CONTEXT_MGR already set
20:21:58 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x300}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1919.014356] binder: 8361:8379 unknown command 0
[ 1919.019064] binder: 8361:8379 ioctl c0306201 20000200 returned -22
[ 1919.028681] binder: 8361:8363 ioctl 40046207 0 returned -16
[ 1919.039297] binder: 8373:8380 unknown command 1075602190
[ 1919.045657] binder: 8361:8377 ioctl c0306201 20000200 returned -22
20:21:58 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1919.079227] binder: 8373:8380 ioctl c0306201 20000340 returned -22
[ 1919.088219] binder: 8373:8380 ioctl 80085617 20000040 returned -22
[ 1919.109560] binder: 8373:8383 unknown command 1075602190
[ 1919.120002] binder: BINDER_SET_CONTEXT_MGR already set
[ 1919.129534] binder: 8373:8383 ioctl c0306201 20000340 returned -22
[ 1919.140452] binder: 8382:8384 ioctl 40046207 0 returned -16
[ 1919.165993] binder: 8382:8384 unknown command 0
[ 1919.170993] binder: 8382:8384 ioctl c0306201 20000200 returned -22
[ 1919.191763] binder: 8387:8390 unknown command 0
[ 1919.196483] binder: 8387:8390 ioctl c0306201 20000200 returned -22
[ 1919.217992] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1919.232756] binder: 8387:8390 unknown command 0
20:21:59 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1919.237726] binder: 8387:8390 ioctl c0306201 20000200 returned -22
[ 1919.272405] binder: BINDER_SET_CONTEXT_MGR already set
[ 1919.277996] binder: 8382:8384 ioctl 40046207 0 returned -16
[ 1919.280132] binder: 8382:8394 unknown command 0
[ 1919.295691] binder_alloc: 8387: binder_alloc_buf size 158913789952 failed, no address space
[ 1919.300299] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1919.330068] binder: 8382:8394 ioctl c0306201 20000200 returned -22
[ 1919.345019] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:21:59 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = syz_open_dev$vcsu(&(0x7f0000000040), 0x36, 0x400)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x4d06c3f8f6cb0909, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r3, 0x8008f511, &(0x7f0000000280))
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000180)=0x4)
r5 = openat(r3, &(0x7f0000000000)='./file0\x00', 0xf0201, 0x1a0)
perf_event_open(&(0x7f0000000200)={0x4, 0x80, 0x68, 0xf7, 0x9, 0x8, 0x0, 0x101, 0x20, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, @perf_bp={&(0x7f00000001c0), 0x1}, 0x0, 0x4, 0x40, 0x4, 0x0, 0x0, 0xfffc, 0x0, 0x5, 0x0, 0x1f}, 0x0, 0x2, r2, 0x3)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:21:59 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x500}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1919.390004] binder: 8405:8406 unknown command 0
[ 1919.395116] binder: 8405:8406 ioctl c0306201 20000200 returned -22
[ 1919.411251] binder: BINDER_SET_CONTEXT_MGR already set
[ 1919.417485] binder: 8387:8390 ioctl 40046207 0 returned -16
[ 1919.417734] binder: 8387:8398 unknown command 0
[ 1919.457130] binder: 8387:8398 ioctl c0306201 20000200 returned -22
[ 1919.466709] binder: 8387:8413 unknown command 0
[ 1919.501872] binder: 8387:8413 ioctl c0306201 20000200 returned -22
[ 1919.521423] binder: BINDER_SET_CONTEXT_MGR already set
[ 1919.526761] binder: 8412:8417 ioctl 40046207 0 returned -16
[ 1919.570987] binder: 8412:8418 unknown command 0
[ 1919.587193] binder: 8412:8418 ioctl c0306201 20000200 returned -22
20:21:59 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x40010, r2, 0x6fda9000)
preadv(r3, &(0x7f0000000180)=[{&(0x7f00000001c0)=""/150, 0xe2}], 0x1, 0xda3, 0x4000000)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x28, 0x0, &(0x7f0000000040)=[@register_looper, @enter_looper, @request_death, @request_death={0x400c630e, 0x2}], 0x0, 0x0, 0x0})

[ 1919.617385] binder: BINDER_SET_CONTEXT_MGR already set
[ 1919.639404] binder: 8412:8417 ioctl 40046207 0 returned -16
[ 1919.639445] binder: 8412:8418 unknown command 0
[ 1919.674625] binder: 8412:8418 ioctl c0306201 20000200 returned -22
[ 1919.812539] binder: 8405:8406 unknown command 0
[ 1920.221840] binder: 8405:8406 ioctl c0306201 20000200 returned -22
20:22:00 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done={0x40106309, 0xffffffffffffffff}, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:00 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:00 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x20000, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3800003, 0x30, r3, 0xdd9ad000)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = syz_mount_image$romfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x40, 0x2, &(0x7f00000000c0)=[{&(0x7f0000000180)="85d94aca3468a3f10886715be0059f3ede37f935e1ea8ef5ecfe9bf1c32184dfbd201f37ab393e81fa6ecd459c2bc17ffafbb99f785da51446b07f7dd8b26d6065efb4e2ec69b36fa052131a7113ce430e3c50fe", 0x54}, {&(0x7f0000000200)="efd114974f664f447ba2cc57981cfdefad4de7ad54ee47a0d4713e41c402516f88f9b5e8bcfe31a711fd5504d286f555cce4225251f560f88ff4ddd800ae54a01241fbfb230a9739876f24480f185d7e3af4876c3e7101e3b4e7abd0c65ad0f5a5c21071251fbea238506f08608b653d220225c5a5f5aa8d11954b", 0x7b, 0x5}], 0x8402, &(0x7f0000000380)=ANY=[@ANYBLOB="040065635ad0ff87799f7a001bbc240f031a6c6162656c2c00"])
fsetxattr$trusted_overlay_redirect(r4, &(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x8, 0x1)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:00 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x600}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1920.707078] binder: 8435:8439 unknown command 0
[ 1920.720209] binder: BINDER_SET_CONTEXT_MGR already set
[ 1920.727663] binder: 8435:8439 ioctl c0306201 20000200 returned -22
[ 1920.740073] binder: 8436:8441 ioctl 40046207 0 returned -16
[ 1920.765535] binder: 8436:8441 unknown command 0
[ 1920.770373] binder: 8435:8439 unknown command 0
[ 1920.787372] binder: 8436:8441 ioctl c0306201 20000200 returned -22
[ 1920.794543] binder: 8435:8439 ioctl c0306201 20000200 returned -22
20:22:00 executing program 5:
connect$bt_sco(0xffffffffffffffff, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1920.817000] binder: BINDER_SET_CONTEXT_MGR already set
[ 1920.824819] binder_alloc: 8435: binder_alloc_buf size 158913789952 failed, no address space
[ 1920.844546] binder: 8436:8447 unknown command 0
[ 1920.849575] binder: 8436:8441 ioctl 40046207 0 returned -16
[ 1920.860128] binder: 8436:8447 ioctl c0306201 20000200 returned -22
[ 1920.871557] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1920.899774] binder: BINDER_SET_CONTEXT_MGR already set
[ 1920.906577] binder: 8435:8439 ioctl 40046207 0 returned -16
[ 1920.913834] binder: 8435:8446 unknown command 0
20:22:00 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x700}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1920.927786] binder: BINDER_SET_CONTEXT_MGR already set
[ 1920.937417] binder: 8435:8446 ioctl c0306201 20000200 returned -22
[ 1920.938643] binder: 8435:8439 unknown command 0
20:22:00 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300000c630000000763044000000000"], 0x0, 0x0, 0x0})

[ 1920.989973] binder: 8435:8456 ioctl 40046207 0 returned -16
[ 1921.006766] binder: 8435:8439 ioctl c0306201 20000200 returned -22
[ 1921.012484] binder: BINDER_SET_CONTEXT_MGR already set
[ 1921.020153] binder: 8459:8460 ioctl 40046207 0 returned -16
[ 1921.045205] binder: 8459:8460 unknown command 0
[ 1921.066812] binder: 8459:8460 ioctl c0306201 20000200 returned -22
[ 1921.079852] binder: 8462:8463 unknown command 73598720
[ 1921.103434] binder: 8462:8463 ioctl c0306201 20000340 returned -22
20:22:00 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1921.114816] binder: BINDER_SET_CONTEXT_MGR already set
[ 1921.134231] binder: 8459:8460 ioctl 40046207 0 returned -16
[ 1921.134285] binder: 8459:8466 unknown command 0
[ 1921.153581] binder: 8462:8470 unknown command 73598720
[ 1921.167220] binder: 8459:8466 ioctl c0306201 20000200 returned -22
[ 1921.179014] binder: 8462:8470 ioctl c0306201 20000340 returned -22
[ 1921.182810] binder: 8468:8472 unknown command 0
[ 1921.208265] binder: 8468:8472 ioctl c0306201 20000200 returned -22
[ 1921.241877] binder: 8468:8472 unknown command 0
20:22:01 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1921.252295] binder: 8468:8472 ioctl c0306201 20000200 returned -22
20:22:01 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000002c0), 0x80000, 0x0)
ioctl$KVM_X86_SET_MCE(r3, 0x4040ae9e, &(0x7f0000000300)={0x700000000000000, 0xd000, 0x400, 0x8, 0x2})
pipe2(&(0x7f0000000380)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
mmap$binder(&(0x7f0000747000/0x1000)=nil, 0x1000, 0x1, 0x11, r4, 0xfff)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x12180, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x14, 0x0, &(0x7f0000000080)=[@acquire_done={0x40106309, 0x1}], 0xd1, 0x0, &(0x7f0000000180)="55cbda5e95c3dacc15238f0987d7babc2f09a54d8379a23519e47524858aaaed2cefafb6bebc8d2d4e5b0ebcf4a77c92e84955a56080b6889a332716a37967021618e3ee354d3a35ee7472f085a76c933f604b893d20afe4c366fcdf92f754b6144a6b3c4b8791edc35062716881c5dc77ac9575125da7323f9ca35092e9135a3e2c879fe981a4445094aa0964501b374efb88224fc8a7db14b26fc7f131529155fa45fff7a60de9bf3a2c41dbfe78c5cb4f25c7010ca04b6692a6349b7db6348a324774849ad05389709d6ee88ad3a409"})
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
accept4$x25(r5, 0x0, &(0x7f0000000280), 0x80800)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1921.295755] binder_alloc: 8468: binder_alloc_buf size 158913789952 failed, no address space
[ 1921.308230] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1921.329410] binder: BINDER_SET_CONTEXT_MGR already set
[ 1921.341110] binder: BINDER_SET_CONTEXT_MGR already set
[ 1921.347701] binder: 8468:8472 ioctl 40046207 0 returned -16
[ 1921.356031] binder: 8468:8475 unknown command 0
[ 1921.369857] binder: 8478:8480 ioctl 40046207 0 returned -16
[ 1921.372019] binder: 8468:8483 unknown command 0
[ 1921.385222] binder: 8468:8475 ioctl c0306201 20000200 returned -22
[ 1921.396440] binder: 8478:8485 unknown command 0
[ 1921.412258] binder: 8478:8485 ioctl c0306201 20000200 returned -22
[ 1921.420082] binder: 8468:8483 ioctl c0306201 20000200 returned -22
[ 1921.444061] binder: BINDER_SET_CONTEXT_MGR already set
20:22:01 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1921.444078] binder: 8478:8480 ioctl 40046207 0 returned -16
[ 1921.445211] binder: 8478:8480 unknown command 0
20:22:01 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4800}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1921.445229] binder: 8478:8480 ioctl c0306201 20000200 returned -22
[ 1921.569836] binder: 8492:8495 unknown command 0
[ 1921.586069] binder: 8492:8495 ioctl c0306201 20000200 returned -22
[ 1921.599063] binder: BINDER_SET_CONTEXT_MGR already set
[ 1921.625482] binder: 8492:8495 unknown command 0
[ 1921.628422] binder: 8494:8496 ioctl 40046207 0 returned -16
[ 1921.641861] binder: 8492:8495 ioctl c0306201 20000200 returned -22
[ 1921.656449] binder: 8494:8499 unknown command 0
[ 1921.665669] binder_alloc: 8492: binder_alloc_buf size 158913789952 failed, no address space
[ 1921.672327] binder: 8494:8499 ioctl c0306201 20000200 returned -22
[ 1921.695716] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1921.717839] binder: BINDER_SET_CONTEXT_MGR already set
[ 1921.725681] binder: BINDER_SET_CONTEXT_MGR already set
[ 1921.727957] binder: 8494:8496 ioctl 40046207 0 returned -16
[ 1921.731457] binder: 8494:8499 unknown command 0
[ 1921.750725] binder: 8494:8499 ioctl c0306201 20000200 returned -22
[ 1921.758337] binder: 8492:8495 ioctl 40046207 0 returned -16
[ 1921.767723] binder: 8492:8502 unknown command 0
[ 1921.776541] binder: 8492:8502 ioctl c0306201 20000200 returned -22
[ 1921.785667] binder: BINDER_SET_CONTEXT_MGR already set
[ 1921.801252] binder: 8492:8504 ioctl 40046207 0 returned -16
[ 1921.801851] binder: 8492:8505 unknown command 0
[ 1921.826307] binder: 8492:8505 ioctl c0306201 20000200 returned -22
[ 1921.947614] binder: 8511:8512 unknown command 0
[ 1921.952682] binder: 8511:8512 ioctl c0306201 20000200 returned -22
[ 1921.974349] binder: 8511:8512 unknown command 0
[ 1921.979163] binder: 8511:8512 ioctl c0306201 20000200 returned -22
[ 1921.995886] binder: 8511:8512 ioctl c0306201 20000380 returned -14
20:22:03 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x9c, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @increfs], 0x0, 0x0, 0x0})

20:22:03 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x0, 0x4, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:03 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c00}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:03 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1923.324705] binder: 8516:8518 unknown command 0
[ 1923.341098] binder: 8516:8518 ioctl c0306201 20000200 returned -22
[ 1923.344972] binder: BINDER_SET_CONTEXT_MGR already set
20:22:03 executing program 5:
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80000)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r1=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000180)={'ip6gre0\x00', <r2=>r1, 0x4, 0x80, 0x3, 0x80000001, 0x1c, @mcast2, @loopback, 0x20, 0x1, 0x80, 0x401}})
r3 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r4 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r5 = dup2(r4, r3)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000280)={'syztnl1\x00', &(0x7f0000000200)={'syztnl0\x00', r2, 0x4, 0x80, 0x20, 0x4, 0x30, @empty, @dev={0xfe, 0x80, '\x00', 0x2b}, 0x7800, 0x1, 0xb8f5, 0x7fff}})
preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b6300000c6300000e630c4000000000000000000000000007630440000000008ff97bbc22207d16a3c2c4d1"], 0x0, 0x0, 0x0})

[ 1923.370697] binder: 8516:8518 unknown command 0
[ 1923.385144] binder: 8516:8518 ioctl c0306201 20000200 returned -22
[ 1923.395982] binder: 8515:8519 ioctl 40046207 0 returned -16
[ 1923.406247] binder_alloc: 8516: binder_alloc_buf size 158913789952 failed, no address space
[ 1923.410271] binder: 8515:8522 unknown command 0
[ 1923.429073] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1923.448639] binder: 8515:8522 ioctl c0306201 20000200 returned -22
[ 1923.467130] binder_alloc_new_buf_locked: 10 callbacks suppressed
[ 1923.467138] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1923.480730] binder: BINDER_SET_CONTEXT_MGR already set
[ 1923.497868] binder: BINDER_SET_CONTEXT_MGR already set
[ 1923.525199] binder: 8516:8526 unknown command 0
[ 1923.525205] binder: BINDER_SET_CONTEXT_MGR already set
[ 1923.525231] binder: 8516:8527 ioctl 40046207 0 returned -16
[ 1923.530473] binder: 8516:8518 ioctl 40046207 0 returned -16
[ 1923.530837] binder: 8516:8526 ioctl c0306201 20000200 returned -22
[ 1923.539545] binder: 8516:8528 unknown command 0
[ 1923.578454] binder: 8515:8522 unknown command 0
[ 1923.578488] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1923.584528] binder: 8515:8522 ioctl c0306201 20000200 returned -22
[ 1923.596486] binder: 8515:8519 ioctl 40046207 0 returned -16
[ 1923.610442] binder: 8516:8528 ioctl c0306201 20000200 returned -22
20:22:03 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:03 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6800}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:03 executing program 5:
ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f0000000300))
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x800)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r3 = dup2(r1, r2)
r4 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r5 = dup2(r4, r0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x18, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0863104001000000000000459cc4669d8bee9bac630c1900"], 0x89, 0x0, &(0x7f0000000400)="445206f149939c6440ef33c01db838e79f891f5b2900ba580e9fba3aa770515b4a0816a9feb0861d732804a4c7c33e93c9a8d447e61b9961adcea055af5f90d6cd412bacc4396df1eb98d38e592277f2e6761bdba9567df0c3f3600ec18fdbdd69445543764774d77d3fe7059f225ae47a66834d044fe9752b093195606a64337b6befa0bf5532b241"})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f00000000c0)=[@dead_binder_done, @acquire], 0xb3, 0x0, &(0x7f0000000240)="d859ed758f95f2cc0988ffa9fcf8af9ee2e69e1b78302a033b2a1e8269cf93f0149c42b257b922fd4aa83d6760650314cce909d908abf09ebb9146d59b970f8f0fd475f52b9a7fe804cde40040939dacff867c95ea30ea27212a6208fdfdadcc4b17654fc4f8fc3b098c1c7a9748df6033a1ca4f3bf9a66aafb2b7304b17a770f5be53d0516df8a8b41fa6e2b6d8fd5d984cef7b54fb48785b51fa32ebd5ebac1612590b04f89f62b264e4893d82d231282ac7"})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0)
fstatfs(r3, &(0x7f00000004c0)=""/140)
ioctl$VIDIOC_DQBUF(r6, 0xc0585611, &(0x7f0000000180)={0x8000, 0xb, 0x4, 0x100, 0x0, {}, {0x1, 0x8, 0x0, 0x80, 0xfe, 0x1f, "029d0c2b"}, 0x4, 0x1, @fd=r5, 0x100, 0x0, <r7=>0xffffffffffffffff})
mmap(&(0x7f00006b5000/0x3000)=nil, 0x3000, 0x1000000, 0x110, r7, 0xfb084000)
preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b63001622eb1126302e67000c6300b011755cb15bad6f000000000000000000"], 0x0, 0x0, 0x0})

[ 1923.739642] binder: BINDER_SET_CONTEXT_MGR already set
[ 1923.752993] binder: 8536:8540 unknown command 0
[ 1923.754053] binder: 8537:8538 ioctl 40046207 0 returned -16
[ 1923.777565] binder: 8536:8540 ioctl c0306201 20000200 returned -22
[ 1923.778166] binder: 8537:8538 unknown command 0
[ 1923.790165] binder: 8537:8538 ioctl c0306201 20000200 returned -22
[ 1923.801365] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1923.810806] binder: BINDER_SET_CONTEXT_MGR already set
[ 1923.818824] binder: 8536:8542 unknown command 0
[ 1923.828691] binder: 8536:8542 ioctl c0306201 20000200 returned -22
[ 1923.836415] binder: 8537:8543 unknown command 0
[ 1923.841910] binder: 8537:8538 ioctl 40046207 0 returned -16
[ 1923.848590] binder: 8537:8543 ioctl c0306201 20000200 returned -22
[ 1923.858648] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1923.866999] binder_alloc: 8536: binder_alloc_buf size 158913789952 failed, no address space
[ 1923.879983] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1923.909076] binder: 8536:8542 unknown command 0
[ 1923.914939] binder: 8536:8542 ioctl c0306201 20000200 returned -22
[ 1923.922536] binder: BINDER_SET_CONTEXT_MGR already set
[ 1923.931534] binder: 8536:8540 ioctl 40046207 0 returned -16
20:22:03 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6c00}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1923.955808] binder: BINDER_SET_CONTEXT_MGR already set
[ 1923.962887] binder: 8536:8548 ioctl 40046207 0 returned -16
[ 1923.963093] binder: 8536:8549 unknown command 0
[ 1923.970547] binder: 8544:8550 unknown command 369124107
[ 1923.988358] binder: 8544:8550 ioctl c0306201 20000340 returned -22
[ 1924.011950] binder: BINDER_SET_CONTEXT_MGR already set
[ 1924.014813] binder: 8536:8549 ioctl c0306201 20000200 returned -22
[ 1924.017662] binder: 8552:8555 ioctl 40046207 0 returned -16
[ 1924.051129] binder: 8552:8555 unknown command 0
20:22:03 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1924.068674] binder: 8552:8555 ioctl c0306201 20000200 returned -22
[ 1924.088309] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1924.125362] binder: BINDER_SET_CONTEXT_MGR already set
[ 1924.148719] binder: 8552:8556 unknown command 0
[ 1924.155139] binder: 8552:8555 ioctl 40046207 0 returned -16
[ 1924.158102] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1924.167010] binder: 8552:8556 ioctl c0306201 20000200 returned -22
[ 1924.201215] binder: 8558:8561 unknown command 0
[ 1924.225075] binder: 8558:8561 ioctl c0306201 20000200 returned -22
20:22:04 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7400}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1924.266927] binder: 8558:8561 unknown command 0
[ 1924.281966] binder: 8558:8561 ioctl c0306201 20000200 returned -22
[ 1924.312764] binder_alloc: 8558: binder_alloc_buf size 158913789952 failed, no address space
[ 1924.315057] binder: BINDER_SET_CONTEXT_MGR already set
[ 1924.339842] binder: 8566:8567 ioctl 40046207 0 returned -16
[ 1924.356669] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1924.366510] binder: 8566:8567 unknown command 0
[ 1924.381494] binder: 8566:8567 ioctl c0306201 20000200 returned -22
[ 1924.396088] binder: BINDER_SET_CONTEXT_MGR already set
[ 1924.409949] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1924.410371] binder: 8558:8561 ioctl 40046207 0 returned -16
[ 1924.415802] binder: 8558:8563 unknown command 0
[ 1924.427275] binder: BINDER_SET_CONTEXT_MGR already set
[ 1924.436999] binder: 8558:8570 ioctl 40046207 0 returned -16
[ 1924.444178] binder: 8558:8569 unknown command 0
[ 1924.450609] binder: 8558:8563 ioctl c0306201 20000200 returned -22
[ 1924.462257] binder: BINDER_SET_CONTEXT_MGR already set
[ 1924.472118] binder: 8558:8569 ioctl c0306201 20000200 returned -22
[ 1924.489888] binder: 8566:8572 unknown command 0
[ 1924.496398] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1924.504740] binder: 8566:8572 ioctl c0306201 20000200 returned -22
20:22:04 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1924.513488] binder: 8566:8567 ioctl 40046207 0 returned -16
[ 1924.605555] binder: 8575:8578 unknown command 0
[ 1924.626628] binder: 8575:8578 ioctl c0306201 20000200 returned -22
[ 1924.659098] binder: 8575:8578 unknown command 0
[ 1924.675775] binder: 8575:8578 ioctl c0306201 20000200 returned -22
[ 1924.698644] binder_alloc: 8575: binder_alloc_buf size 158913789952 failed, no address space
[ 1924.724561] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1924.753017] binder: BINDER_SET_CONTEXT_MGR already set
[ 1924.770480] binder: 8575:8578 ioctl 40046207 0 returned -16
[ 1924.770643] binder: 8575:8582 unknown command 0
[ 1924.801911] binder: 8575:8583 unknown command 0
[ 1924.802353] binder: 8575:8582 ioctl c0306201 20000200 returned -22
[ 1924.806629] binder: 8575:8583 ioctl c0306201 20000200 returned -22
[ 1924.810483] binder_alloc: 8575: binder_alloc_buf size 158913789952 failed, no address space
[ 1924.848674] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1925.401495] binder: 8581:8590 unknown command 0
[ 1925.414566] binder: 8581:8590 ioctl c0306201 20000200 returned -22
[ 1925.671474] binder: 8581:8590 unknown command 0
20:22:05 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x9c, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @increfs], 0x0, 0x0, 0x0})

20:22:05 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7a00}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:05 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:05 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
close(r4)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
io_submit(0x0, 0x2, &(0x7f0000000300)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0xfffc, r4, &(0x7f0000000200)="f07d3b1e669a1c6a851940c9ebdb656fde423175ee72bcecca5c741bd7131b5796a5f0a60fbce19c75510ee5ddeaca1c227cc78b25fff59bfedca38e3e276e2012c8b8c4e8e34179deffbb494347aabe4580f7f2c424032068db9dd986e264c6c5720f", 0x63, 0x1, 0x0, 0x0, r5}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000400)="2732780d3ecab0f376df1b5fb09b3b8692c9ffbdf3e9ca654973a19bac75ecb3f266deb12d82722d9ce6f261a87f48c6f6997aa5ba10e81f474c1fc36791745f41b01c1245505eadfb60d609cd4da266c5949ee6710d011ca1343623c80c9cb1ea5f7371de2c46cd2b1eea1bf06243e1b18aab0641ea47c189bc56ed59035b580ca190cb53185744f8c387a3bcbe886cca9c5513fbbc00f6ef149c175f0360102bed175e36441dd0feb57f3f2558f717cc353fb24a3d10a76a2af64de9d0e911a097871ff6051baea3a2c810133c9c06d1086c7c13211bb00dc9c0703e49b1e6c1c4b7a7bcc9aa210f309dcb045d07f0ee501201b8fbd004f6531697f48e97ffb8757af13c7614dc78b3093b1e209816a2fadaff03b745625e050bb7ac855e8af41a2da6955db890d008dc353db590ee929c7f36daf04c1a312aa1318b56e4f18c99a8ea3d0be315b7485d305ec2efd9e1b76a7ee61b382a830fa2549b48fc558b2491ab29b8321ada959b6cb76f0eacafe1cab77bf33437886bfc16f7240e84463ee5f6af92848bd2bac7b983ac5017f218716bb9e93f74c169ed4f474a899727e1a29618a441d3b03390778a765dbcbdf90e288b15e1acd444e231132851bd91209df11a9d585a79ec2109f8b0b2fbe2098310dcf3e54618c4f518fc3c255a7c35dec0d6e22df9c9eafe58c742c24577fd4b58a8e0dfaf4e30ffdef0f479a7d8ff8980a1882d3205ed2dc2c9be29387e29c249c01275452305e0a7fb257e6c24b3309e80a09b2dc6de7d754e69893cfd2862be2f02c62d6ed56afe3abf2a6e4776202e0be74d5a729aa1da1c2986dda366216906c5927fec25c564463cfc160b59c5a948970eaf099f6e53efd6ce8e1f8be18595f41d7b8e7b3047e2a32200138e93f83aee20d11e7acda4963feb041dc1e4a00698b2cbd7f17e2f4bf70c91c70f2bb6bb17973bd49773ba9deab14f2cc5c713a319c1e208e65658842627471c316bed55d1e20ccbbf60d394560a03483c27dedc615fe117d0d97a0c5409bf9d73d5d6293437de0aa068b1d684a8eff7d249d97dd6d81d0e65025e5b2852ed338e5c819cc6b0de64cd702436e80b45dc18b1d4bdb230985dfb3b1792b3d0cacf0649b94edcc118e8eb15f4e3982c5074902f44c09c50a9f7864fbcbeff4f4a00b4d01e87d923d55d0ba06e5c41af19be5a77d929dbeb44ad88319569b3283f521d575edf1aa20b32f660e485df539f10e659c9618dfa6cb514561bd94e61c3a94c3176e24e84ee846ab16dfc7292b59d92c46de8860952fcbfab58fb7a30779dc6ab22abe9ad69133522dcf13ad1ed48328d11d2f4421b4a77ec0e03993f3c73be71f1ccd5339c78a3530dc892d3d729e6e8e6e08a096b78c7d657f8a2da51412d33d77160ed319cdf895d275c6bfbd70ede8ebf68a8f947f7efb0fc601cd0d19968617ebfaa89509edc8cd4b9e410e742b7e7967e73852247ff834d88a69d667909cc72150da9847e0433c745afb3d4521625ac3322d9dddd03123009f2a88553510626ee961994f6df16ff8044c6484c0c79fe678972065ce99163d6e9881847da1961570ef032db4bfb5493eca76915661870545fc510129d5c0a034b77534185da69fcbbc04b338aa484628b5eec0b0a6078a87bf2c3ee69ec2d27e0d92bbdc0cf5435e17bed9d9ac7828158d3debf2fb2e73e699a8fd99a6919ee50dd470edcd6a9e0a44bbab9cadbe5d2285ec7554307e5e951c117a9eb35b1eb93e665bdde23d5015b27e5456c6d97e3a6f81226cd3a6f232bc5231b0ed55534ed330b03c59aa657a47c90bbb28c9aadaf499599ad0b7a3fa1b26fa7f761b3fc000041522f0db9798b3e45831a93d9578beed98d58e62ed2f724795ef91188d1044c26aa284059e4122c79468fd997d9f9e97bcf2ccfdcff0ba47e96543a3e526e7855a4cda93faf45ee40768120796f1cc5a1ca1c97cb92ef6beb6df3ddaf245ebbaeb2cfb4f4326d48b0260680f43653c00882854577b9a6b3479af048a3d3ac8c13bc2a923a9c7dd9fe645dc62ddc409f34a296eaab407a8f041f32037babc1aaf1351d0fcc89499b90f0be1f486d8e61c3a1d73d64a34d596010d4a42a4695d2aaf9cb25556ad8d52cc917e8a844a031792a2ac6a9de5457e6919d67e8c75b44bfbe4879241d8d3ffb46f7000f262136659915978ee872eff47ccab626d9ea2307078a79e1aedb1a55c2b5bff486d32ae729391097c2e403051bdb1235b4a9cd1c0d64c9461b03930303bb216ef3ccdc5a0538e8a802dd5a2369f68c3ab3a9ca83e330ab8e87885c435b2228f4236255ba0c8c6427b23568353ff9cea8200c823faa968eadd93b74eaf0a1bb235ed8320ec5d87ce8170b4b26b439368ae7dfd9135989ac340dd33aa926b1efc8e79af4d8203528fac30e8335e8f5c19c176559e60ebbf841b930ac6b4f1b879768532ac0584e8e642c4e5aae2d4cc82393e4e1a3487b413a2063998deab45806b5a581ddb55944ced15d9cc496b5440f891ecbee39f97ffc8b5941f5815920e8409b3904ee7030b78db81c1995af11ef60036944416fbe7833332da8bf58af884e37b2784a0e70633370f3c341f866aa876c39e7c54c0e11f3eaca48718972f6dcacbcf3ea47d3ec72e127ae12d810555c26d8df209fde3f4d7f6e15d6f69039eafc3e6330efabeb3039f7033abcd524f424a3a7e91a45ddb3f07aec4fd3d226340ee60f9791c460a4feb4d2e301298c27aafedc37053261fa438592b58dd01084d15aa8402966ac40b151d0fe61f041365fef98a5c974d840b14efab6086f30b8dc062303a6878a30241c195e2dcaacf52301dd900d43c0d274ff81b4ae40fe7754ec64298ef2fbe0d3aa347d32572cb341b93e074894e14caa5b00225ce3215028526e8523a5bf761a5e602884d5cbaaeb8d6f22fe3db90028480cd7b5f77e7dc2c70a1c7ed461c58c943d7d6382f61e20e2ab446f64da3b099dbcdb29a0aa4ab8e563128bf6ed654bd15ce6d8713a52216b7a3c636bf17ab2dd6da612e73677928c71f5b82ec6b23c73ebdf8c1c69240e0346eea9d15ac74a8fbab8fab05cf81e0bcde1f9b108c2b6f696c7620986cf012af37360d8e0643802b88d05701d58040503151fae343f5567ef8842c884b94e543dd9ebb7ed349cf4adf3265514a38b19fc250af1270da9e68ef385b18f3d3b1bb1ba925460c5a50e0cba195029842732c7b50cf55acc1e9ab3baeb3927dd516746edd6c200ce1b7dd1e56cfb3fc7a719d973304257f0cfe044f6e3f9fa87aa0f60297e655ef02285ad7baf1c3d1fd5abe5beb06369085bd676599fd98b635e6510865db8f4c55f1a7ff1d669389ca0fe9705893d3638d7cd33721f392ac816a71f5d91888247a74052b506c1b1d68b255aeb6c1af8a996cb721cb801483ae0d7cde1b33061fadfe532448e156ba1d6864e555e0c04caba0ed0b21ea438c83206d11af00ba5f28dfe671f3958e5338bf5143a474d4ac28ce614909e5acc4331e426a3f35ffbb3ad6a3de5197cb281f8b2842d85d6e7272c9f2e69c94b4a39463303166ae7a41888953661c5abe59e234bb3427ff3f85e7a77f20ee4a577d3830469cce76ef09e52b050418bfbbdf837faa86f538203b120ec7b32d6ae319fb640bfa3e80983083ec9974d6614b2d68dce1207b10895830c3ce3da465b116021b23cf2017135de07dc8b24999e50df50c38f9e795899c8709397b149031c7955de06df996a89e194d8ef9055418a521b842d430251fe9ca50768d78ad26c9c63fb485928251b21f2a3a32814367f0a02ebf44bb514f6ed8f1c6295c785338c8382cbbeba39480d6877e9fa53c9eff1ae95185d11dd71f0c3e9e4409074aa079f063178a539c7fd9ffa8d2778d5d15fd0a3d9ded1ba113827994ac90283a0c0853ea12efedf9d31b6e757291a254469441415fdc872aa5b0e1e5d996a4c7ae6c916be141a5f5731613205f77e01fe7cd9871a887b1cad4505413992090fb50c4d75d4942640b69fa6cde0a287ea51bdb9b365c9950f172cefcdbd1cfef551edf23f88a45b11ce3a9218f7fd2a6fdf3993e86849e85c3d5379bb97775dc17ba24796b065617927b446417904ad89cac4932f523722f15a59c1d8cfd3894fc834617baeaba860412122528318f3c7f1414848b9f8bc922e76f768fc42019f9ade7012715104a9da55080e0e39ffff21d48b1b8854fbf07220db9ce909337d920598cdf2aae593241831159eea01414a362dfaf29d929ee25ec812164529c010b2379d848c0f32b5f11d59ded9de6e257747d393003b03aa5840879a76cd52ee766f162e05086d643759763d96f1508006dcdd5006616522e41775c3a3524b452f60ff2a0ee877cf5bb04327520fbb91adbed1a2596a0e68e33ed537a9eed22398f1bccad0b139279fc2252e82c8e4937438a5820797547049b28527dba2a243633efcb550b7d9fa8f04c9fc22731bbab39cef0604e7642b47a0c2734fb2df28810552d23a41a5f99923592535e73b25560274835fb43de44e5e052dc973042812f4843bbb69f2703653838d96e0527feaa1ffb1ebaa9d724ae8a0c0583c1b7976b392fb22bf85d106f9cb2c3e4abdd0ad8ac610f4fbe32fca209aed29bd6ddead3275531bc3aebfd4016b3a2b7ca8cb129d2be939a10520440d80efa55e12fba9fa12914d39831112d02a82ed3fbd449c0c87733fe27a5e28213eb6ce0b9c581f0c0d56f63f2963c1dea59d3b7923aa15d239ddfbc9f9aff7f5fa0d29d6af7b16eb5f00a13908401eca96fe51cf333b68ac06ba93425b9535be1fbe99cf43cb5c8af7b99d67ef85d17cb77ca6dda01e1cea5885306c641fffd13d5c05322827072970842d459e03d1148164fb39049de1356a1b674a58d2e966e176242a382917968b18de708278766755035739533dbcfb5ccd2417a746e9f1eafaeb575cf4c68052641264d152b88b61a56de107df0ca506ca1e131adf93dfc89eb58d13f231293871b9553d05511da3b2e0f1aeaf27f6ec6e10adf125b73dfeae3cca16873b250f7dede37b5b28531cbaeea47fe786c482678d3eaca4ecaeb933b56bd2c3dd6afe3158d207928f3ec029b81055d38519feaae99422882cd4f5eac6fc89d6e1b257c5ed2d7eeacd50d3d3ec98fb27c2ea7f5f3ba5e36080a6640ccca4bea9aa7edb0cc300a793eeabfcb5b0ea4f49a73adbfd1b0389d39d473f5bcff122d07e1b14666da83cc0cf43f8906bc1c3d5e5d9cbcaee3bad8142a64c2a53cd5d9d8e9eff3bcca172f8940f95643e08bead61bc1892b032e1cc2bfb8e31a5fa7cb77cb8b0ac85fd12364ab3ed0c6d06120f91b687574b778f19f37affb1574c0a88e55e78400bc30db303ec05fd85f1b36af4a6ac9725f7398b63574a6d26e51ac1a4ab32a7d8021e27783aca948f8f4900293ad6fa278b56c543c81375f6091df69a18c0a4261310b29db7dbf87e733b804da37bf32d3c02d2b22a2be9e626ef0205fb6d196e9754f689970e20676fc79c730c9c9167f24dc3f84e407832fe93a421d57bcd99bfb6f631aa28524c89e95ab531f11aef3d5fcfb42c62cac14d426f56b490d13d44664bb242e47ad5f39c38a3b8f9102f675733b5ca5022671b3ddac145d96d03f77bcc4bd8a49efa8609c54a9558927d2836a8b6b3ce2f3381d31b375876b5f99fb8b348e378350e461998a1d43de119e91c12088810f33f962d1938023ab49ce97b612e74dffbeb5ce9ebbe507adf8b6396f61ae4622928be1acb007fbe", 0x1000, 0x1000000000}])
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x240000, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv4_newnexthop={0x20, 0x68, 0x400, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x8d7373a273094220, 0x0, 0x15}, [@NHA_GROUP_TYPE={0x6}]}, 0x20}, 0x1, 0x0, 0x0, 0xc000085}, 0x4010)

20:22:05 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$binderN(&(0x7f0000000180), 0x0, 0x0)
dup3(0xffffffffffffffff, r5, 0x0)
splice(r4, &(0x7f0000000100), 0xffffffffffffffff, 0x0, 0xffffffffffff131d, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000003, 0x50, r4, 0xb1e3a000)
r6 = syz_open_dev$video4linux(&(0x7f0000000140), 0x5, 0x240c00)
r7 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r8 = openat$userio(0xffffffffffffff9c, &(0x7f0000000480), 0x400000, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000680)={0x160, 0x0, &(0x7f00000008c0)=[@request_death, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f00000006c0)={@flat=@weak_handle={0x77682a85, 0x100}, @fda={0x66646185, 0x8, 0x0, 0x29}, @ptr={0x70742a85, 0x0, &(0x7f0000000080)=""/100, 0x64, 0x1, 0x2f}}, &(0x7f0000000740)={0x0, 0x18, 0x38}}, 0x1040}, @increfs_done={0x40106308, 0x1}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000240)={@fda={0x66646185, 0x6, 0xfdfdffff00000000, 0x7}, @ptr={0x70742a85, 0x1, &(0x7f00000001c0)=""/124, 0x7c, 0x1, 0x1b}, @flat=@binder={0x73622a85, 0xbe9cbbd1e344ff7c, 0x3}}, &(0x7f0000000040)={0x0, 0x20, 0x48}}, 0x1000}, @acquire_done, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000003c0)={@fd={0x66642a85, 0x0, r4}, @fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/194, 0xc2, 0x2, 0x14}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x50, 0x18, &(0x7f00000004c0)=ANY=[@ANYBLOB="062a646600000000", @ANYRES32=r8, @ANYBLOB="000000000000000000000000852a687705100000030000000000000000000000000000008561646600000000060000000000000001000000000000001900000000000000"], &(0x7f0000000540)={0x0, 0x18, 0x30}}, 0x1000}], 0xe1, 0x0, &(0x7f0000000580)="1bf3ba046e33b72a2cd85d2e1b8ae94db8e3a2c5d3edfbc6a905c0e71674cf0a8d8c7731a0a43d8b272dc3f57fef52d1e5d517330db3bb8b4e1718a2595f691a5120c48e05328029ff35837a9be3f3af824e2f049196a4bc284be0c062bc6e0498ee60fddfc4a79a1c57e7453cb6a35237c0a42112f4a40affdf72b3169563f789346ed617711b9c787f55121613b804f7841d2c395b3ff586f720371300f5d8a396e2984997dc37a5dde0d099b5f07330f36b50c292629ee1dfcb835f8e6ccb3daa88ae6e0dbb69b0ffb85bb11b6a3bf9bb7e415042ec74498d4cf1202e220e1b"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x28, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r7}, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1925.899815] binder: 8581:8590 ioctl c0306201 20000200 returned -22
20:22:05 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, &(0x7f0000000100), 0xffffffffffffffff, 0x0, 0xffffffffffff131d, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000003, 0x50, 0xffffffffffffffff, 0xb1e3a000)
r4 = syz_open_dev$video4linux(&(0x7f0000000140), 0x5, 0x240c00)
r5 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0xd8, 0x0, &(0x7f0000000480)=[@request_death, @register_looper, @increfs_done={0x40106308, 0x1}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000240)={@fda={0x66646185, 0x6, 0xfdfdffff00000000, 0x7}, @ptr={0x70742a85, 0x1, &(0x7f00000001c0)=""/124, 0x7c, 0x1, 0x1b}, @flat=@binder={0x73622a85, 0xbe9cbbd1e344fe76, 0x3}}, &(0x7f0000000040)={0x0, 0x20, 0x48}}, 0x1000}, @acquire_done, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000003c0)={@fd, @fd={0x66642a85, 0x0, r4}, @ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/194, 0xc2, 0x2, 0x14}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @free_buffer={0x40086303, r5}], 0xe1, 0x0, &(0x7f0000000580)="1bf3ba046e33b72a2cd85d2e1b8ae94db8e3a2c5d3edfbc6a905c0e71674cf0a8d8c7731a0a43d8b272dc3f57fef52d1e5d517330db3bb8b4e1718a2595f691a5120c48e05328029ff35837a9be3f3af824e2f049196a4bc284be0c062bc6e0498ee60fddfc4a79a1c57e7453cb6a35237c0a42112f4a40affdf72b3169563f789346ed617711b9c787f55121613b804f7841d2c395b3ff586f720371300f5d8a396e2984997dc37a5dde0d099b5f07330f36b50c292629ee1dfcb835f8e6ccb3daa88ae6e0dbb69b0ffb85bb11b6a3bf9bb7e415042ec74498d4cf1202e220e1b"})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0xa4, 0x0, &(0x7f0000000740)=[@request_death={0x400c630e, 0x1}, @decrefs={0x40046307, 0x2}, @register_looper, @free_buffer={0x40086303, r5}, @acquire_done, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="856148660000000007000000d08f0000010200000000007bde79952851a3602b6177beaa191635001a00000000000000852a62770a0100000000006466000000000200000000000000"], &(0x7f0000000180)={0x0, 0x20, 0x38}}, 0x2000}, @acquire_done={0x40106309, 0x2000000000080}, @release={0x40046306, 0x3}], 0x96, 0x0, &(0x7f0000000600)="dd4dbcd81144e3de5ee9d0b09d1440c1cfd14b7d96b9acda54b93c467e5f69e471f6dddc1f1c287e6d563b09de5862fbb3d7dfbfb0bce3ddda131b45bfd719311278a9dde1774ac5012bf50c7ad857687d015680f184eb3457a0bc9ab38beac9a656a74edc5b95e1a433d5d2ac7450bbccbbda345faec6a20d2b34d92208568be0c009cc581b3f29d583d0c28610bd0619496bcfd917"})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1925.991201] binder: 8595:8599 unknown command 0
[ 1925.996687] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.003162] binder: 8595:8599 ioctl c0306201 20000200 returned -22
[ 1926.025656] binder: 8592:8598 ioctl 40046207 0 returned -16
20:22:05 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r3 = dup2(r2, r0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
close(r4)
r5 = openat(r4, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b6300002c6300000e630dc00615833e331a5c32c90000010063044000000000"], 0x0, 0x0, 0x0})

[ 1926.037514] binder: 8595:8599 unknown command 0
[ 1926.050429] binder: 8595:8599 ioctl c0306201 20000200 returned -22
[ 1926.058502] binder: 8592:8605 unknown command 0
[ 1926.065826] binder: 8604:8606 unknown command 0
[ 1926.079248] binder: 8592:8605 ioctl c0306201 20000200 returned -22
20:22:05 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x7, &(0x7f0000000080)={0x1})
dup(r2)
r3 = dup2(r1, r0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1926.087959] binder: 8604:8606 ioctl c0306201 20000200 returned -22
[ 1926.096218] binder_alloc: 8595: binder_alloc_buf size 158913789952 failed, no address space
[ 1926.109414] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1926.123276] binder: 8592:8605 unknown command 0
[ 1926.128158] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.138007] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1926.149287] binder: 8604:8610 unknown command 0
[ 1926.154685] binder: 8592:8605 ioctl c0306201 20000200 returned -22
[ 1926.163221] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1926.172636] binder: 8592:8598 ioctl 40046207 0 returned -16
[ 1926.184063] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.190039] binder: 8595:8599 ioctl 40046207 0 returned -16
[ 1926.190994] binder: 8595:8609 unknown command 0
[ 1926.196727] binder: 8604:8610 ioctl c0306201 20000200 returned -22
[ 1926.208516] binder: 8604:8606 ioctl c0306201 20000540 returned -14
[ 1926.215293] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.223975] binder: 8608:8612 unknown command 25388
[ 1926.225609] binder: 8595:8609 ioctl c0306201 20000200 returned -22
[ 1926.229268] binder: 8608:8612 ioctl c0306201 20000340 returned -22
[ 1926.246511] binder: 8595:8619 unknown command 0
[ 1926.252071] binder: 8595:8618 ioctl 40046207 0 returned -16
[ 1926.260818] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.261209] binder: 8595:8619 ioctl c0306201 20000200 returned -22
[ 1926.272990] binder: 8604:8606 ioctl 40046207 0 returned -16
[ 1926.280808] binder: 8604:8610 unknown command 0
20:22:06 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:06 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300000c6300000e630c40000000000000000000000000076304e5a5f24840"], 0x0, 0x0, 0x0})

[ 1926.293186] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.299919] binder: 8604:8610 ioctl c0306201 20000200 returned -22
[ 1926.308647] binder: 8604:8624 unknown command 0
[ 1926.315717] binder: 8604:8623 ioctl 40046207 0 returned -16
[ 1926.322296] binder: 8604:8624 ioctl c0306201 20000200 returned -22
20:22:06 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/100, 0x64}], 0x1, 0xec, 0x2)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x1, 0x10)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:06 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1926.371087] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.402982] binder: 8627:8630 ioctl 40046207 0 returned -16
[ 1926.425763] binder: 8629:8632 unknown command -452697337
[ 1926.437918] binder: 8627:8630 unknown command 0
[ 1926.443809] binder: 8629:8632 ioctl c0306201 20000340 returned -22
[ 1926.456045] binder: 8627:8630 ioctl c0306201 20000200 returned -22
[ 1926.464260] binder: 8634:8637 unknown command 0
[ 1926.476149] binder: 8634:8637 ioctl c0306201 20000200 returned -22
[ 1926.487462] binder: 8629:8641 unknown command -452697337
[ 1926.494452] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.504250] binder: 8629:8641 ioctl c0306201 20000340 returned -22
[ 1926.518213] binder: 8634:8637 unknown command 0
[ 1926.532963] binder: 8627:8630 ioctl 40046207 0 returned -16
[ 1926.533067] binder: 8627:8635 unknown command 0
[ 1926.539633] binder: 8634:8637 ioctl c0306201 20000200 returned -22
[ 1926.556245] binder: 8627:8635 ioctl c0306201 20000200 returned -22
[ 1926.563034] binder_alloc: 8634: binder_alloc_buf size 158913789952 failed, no address space
[ 1926.583135] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1926.609116] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.616002] binder: 8634:8637 ioctl 40046207 0 returned -16
[ 1926.623798] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.626232] binder: 8634:8647 unknown command 0
[ 1926.635428] binder: 8634:8648 unknown command 0
[ 1926.640252] binder: 8634:8648 ioctl c0306201 20000200 returned -22
[ 1926.647257] binder: 8634:8637 ioctl 40046207 0 returned -16
[ 1926.667956] binder: 8634:8647 ioctl c0306201 20000200 returned -22
[ 1926.677355] binder: 8652:8653 unknown command 0
20:22:06 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x9c, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @increfs], 0x0, 0x0, 0x0})

20:22:06 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0xe8, 0x0, &(0x7f0000000600)=[@request_death={0x400c630e, 0x1}, @register_looper, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000040)={@fda={0x66646185, 0x4, 0x1, 0x1e}, @fda={0x66646185, 0x4, 0x0, 0x14}, @fda={0x66646185, 0x5, 0x0, 0xc}}, &(0x7f00000000c0)={0x0, 0x20, 0x40}}}, @clear_death={0x400c630f, 0x2}, @increfs_done={0x40106308, 0x1}, @exit_looper, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000880)=ANY=[@ANYBLOB="852a68730101000000000000000000000000000000000000852a646600000000", @ANYRES32=r0, @ANYBLOB="000000000000000000000000852a68a8988865ccaf6db00000000000000000000000000098db5c078267d19f12c19aa9a1eed9de0992c396f86d910f7c9a3c79410967427436ef6cfc810ee8aeb03ff1038db2a13d95c10d4e1e351653e90a19e83f6f92c4276d52ab69ee95daf8087df4a3d7959d9c8db02e4a09aa4ddc7d3bcbb1682b15e3a86ed0f32670681162a2f71fab0e666a8368bec533320a5cbbf8eca1d289e288159cd70c8f11bbf897cfb49ae18a9f8e7bf7bc98ca52a1617de0534937ef49c416e0586114a8a0042a0a0d592bdd6a9ef5691447b7408a088b281efb736c7827e1f91d166169f30a0a703f77a4ebb0fcb512410f0ff8627cd636b4b40639991d2954ea0f0dfb59d72ded69b7ffb557ca"], &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x400}, @release={0x40046306, 0x2}, @release={0x40046306, 0x1}, @free_buffer], 0x90, 0x0, &(0x7f0000000280)="5910020530172b970630c748ebc6543ccc8baa3b88795142c8f59d620cf13922bc91ddcd2b3fc63de507c96883afbb493766c338c20440d8c9924eae11c634bd885376fa51e60cc9671a0277cc07c0af9a34ca85072bc89cdf667214e6f068f3fbdfc8953dfed35224374e76ed3a89ef2a72643ee578e9a6d6fd8fc7f190e51f41b06b2251196fbfc2975d0dc4369114"})
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:06 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x802)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1926.683062] binder: 8652:8653 ioctl c0306201 20000200 returned -22
[ 1926.706536] binder: 8652:8653 unknown command 0
[ 1926.721855] binder: 8652:8653 ioctl c0306201 20000200 returned -22
20:22:06 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
r4 = openat$incfs(r2, &(0x7f0000000040)='.log\x00', 0x280000, 0x2a)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000180)={'sit0\x00', <r5=>0x0, 0x8088ff787e840973, 0x2, 0x80, 0x2, 0x40, @mcast1, @loopback, 0x8000, 0x80, 0x7fffffff, 0x9}})
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0xb4, 0x0, 0x72c, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}]}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010100}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_ADDR={0x44, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x1c}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x4044938}, 0x804)

20:22:06 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:06 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1926.791156] binder: 8657:8661 unknown command 0
[ 1926.816734] binder: 8659:8665 unknown command 0
[ 1926.820473] binder: 8657:8661 ioctl c0306201 20000200 returned -22
[ 1926.829322] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.833505] binder: 8659:8665 ioctl c0306201 20000200 returned -22
[ 1926.840266] binder: 8658:8663 ioctl 40046207 0 returned -16
[ 1926.854992] binder: 8657:8661 unknown command 0
[ 1926.856519] binder: 8659:8665 unknown command 0
[ 1926.868655] binder: 8657:8661 ioctl c0306201 20000200 returned -22
[ 1926.874080] binder: 8659:8665 ioctl c0306201 20000200 returned -22
[ 1926.882060] binder: 8658:8663 unknown command 0
[ 1926.890287] binder_alloc: 8659: binder_alloc_buf size 158913789952 failed, no address space
[ 1926.892590] binder: 8658:8663 ioctl c0306201 20000200 returned -22
[ 1926.909016] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:06 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x2)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b6300000c6300000e636c277361cd9204633acb4fd16c0ceb7d480d0035bc00d8754a3fee74b3964319bbfd1b3ee7afb5a9c083630e252956dc929da2e47e67f862d6ba917d60dbf64e3e0c31622fda11140bd93a4046bbc3fad6b3b4381119b581703a99cb5ffc09e8b5fe636a10a220ff77448250bbeb6f915a0b2a446e55bc63ed19b466549cc3260c72647550e9bc4992da9248aacbb70df324f3b1d6808274ac2192015f481c04e49f3565bff108c025ab617e0a5d43"], 0x0, 0x0, 0x0})

20:22:06 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f00005f4000/0x2000)=nil, 0x2000, 0x1800003, 0x12, r2, 0xffffd000)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x18, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @decrefs={0x40046307, 0x2}, @decrefs], 0x0, 0x0, 0x0})
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0x48200, 0x0)
ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82)

[ 1926.921168] binder: 8657:8670 ioctl c0306201 20000540 returned -14
[ 1926.940980] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.948615] binder: 8657:8661 ioctl 40046207 0 returned -16
[ 1926.950205] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.961463] binder: 8657:8672 unknown command 0
[ 1926.963428] binder: BINDER_SET_CONTEXT_MGR already set
[ 1926.973062] binder: 8657:8672 ioctl c0306201 20000200 returned -22
[ 1926.986250] binder: 8658:8671 unknown command 0
[ 1926.989934] binder: 8659:8673 unknown command 0
[ 1926.991246] binder: 8658:8671 ioctl c0306201 20000200 returned -22
[ 1926.998581] binder: 8659:8665 ioctl 40046207 0 returned -16
[ 1927.002956] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.014492] binder: 8659:8673 ioctl c0306201 20000200 returned -22
[ 1927.015548] binder: 8658:8663 ioctl 40046207 0 returned -16
[ 1927.029030] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.035565] binder: 8657:8670 ioctl 40046207 0 returned -16
[ 1927.043623] binder: binder_mmap: 8675 205f4000-205f6000 bad vm_flags failed -1
[ 1927.047201] binder: 8659:8677 unknown command 0
[ 1927.056608] binder: 8659:8676 ioctl 40046207 0 returned -16
[ 1927.065605] binder: 8678:8685 unknown command 661414670
20:22:06 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x3000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1927.072071] binder: 8657:8670 unknown command 0
[ 1927.072826] binder: 8659:8677 ioctl c0306201 20000200 returned -22
[ 1927.080661] binder: 8657:8670 ioctl c0306201 20000200 returned -22
[ 1927.089597] binder: 8678:8685 ioctl c0306201 20000340 returned -22
[ 1927.109199] binder: binder_mmap: 8675 205f4000-205f6000 bad vm_flags failed -1
[ 1927.128264] binder: 8678:8688 unknown command 661414670
20:22:06 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:06 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000040)=0xd7da, 0x4)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:06 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1927.149884] binder: 8678:8688 ioctl c0306201 20000340 returned -22
[ 1927.189974] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.230724] binder: 8690:8691 ioctl 40046207 0 returned -16
[ 1927.245001] binder: 8692:8696 unknown command 0
[ 1927.250325] binder: 8690:8697 unknown command 0
[ 1927.258949] binder: 8692:8696 ioctl c0306201 20000200 returned -22
[ 1927.271589] binder: 8690:8697 ioctl c0306201 20000200 returned -22
[ 1927.271818] binder: 8693:8698 unknown command 0
[ 1927.295458] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.299491] binder: 8692:8696 unknown command 0
[ 1927.306606] binder: 8693:8698 ioctl c0306201 20000200 returned -22
[ 1927.308324] binder: 8690:8691 ioctl 40046207 0 returned -16
[ 1927.322319] binder: 8690:8697 unknown command 0
[ 1927.325107] binder: 8692:8696 ioctl c0306201 20000200 returned -22
[ 1927.341410] binder: 8690:8697 ioctl c0306201 20000200 returned -22
[ 1927.350365] binder_alloc: 8692: binder_alloc_buf size 158913789952 failed, no address space
[ 1927.360049] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1927.374913] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.382679] block nbd4: shutting down sockets
[ 1927.389647] binder: 8693:8698 unknown command 0
[ 1927.399242] binder: 8692:8696 ioctl 40046207 0 returned -16
[ 1927.407674] binder: 8692:8705 unknown command 0
[ 1927.425224] binder: 8693:8698 ioctl c0306201 20000200 returned -22
[ 1927.428974] binder: 8692:8705 ioctl c0306201 20000200 returned -22
[ 1927.432460] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.441931] binder: 8693:8703 ioctl c0306201 20000540 returned -14
[ 1927.462334] binder: 8693:8703 unknown command 0
[ 1927.466466] binder: 8692:8709 unknown command 0
[ 1927.467142] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.471985] binder: 8692:8709 ioctl c0306201 20000200 returned -22
[ 1927.472314] binder: 8692:8708 ioctl 40046207 0 returned -16
[ 1927.484102] binder: 8693:8703 ioctl c0306201 20000200 returned -22
[ 1927.499190] binder: 8693:8698 ioctl 40046207 0 returned -16
[ 1927.507097] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.519998] binder: 8693:8713 ioctl 40046207 0 returned -16
[ 1927.537729] block nbd4: shutting down sockets
[ 1927.545195] binder: 8693:8703 unknown command 0
[ 1927.566563] binder: 8693:8703 ioctl c0306201 20000200 returned -22
20:22:07 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:07 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x2)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:07 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = epoll_create(0x7)
preadv(r4, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/40, 0x28}, {&(0x7f0000000180)=""/74, 0x4a}, {&(0x7f0000000200)=""/4, 0x4}, {&(0x7f0000000240)=""/187, 0xbb}], 0x4, 0x2, 0x3)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
readlinkat(r5, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400)=""/4096, 0x1000)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:07 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1927.599057] binder: 8719:8722 unknown command 0
[ 1927.603929] binder: 8719:8722 ioctl c0306201 20000200 returned -22
[ 1927.616721] binder: 8719:8722 unknown command 0
[ 1927.627559] binder: 8719:8722 ioctl c0306201 20000200 returned -22
20:22:07 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:07 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0), 0x741000, 0x0)
r5 = mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x5)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000440)={0x14, 0x0, &(0x7f0000000400)=[@free_buffer={0x40086303, r5}, @increfs={0x40046304, 0x1}], 0xe1, 0x0, &(0x7f0000000600)="f422e585e77b7b54ce8a8143f11eb38a6ebccd001bcd706366fab8663403b8ba745223ad1e529ce8982276ad5897d5db54ec402d5729205af4b71e2ca7bb02e7fe45d51d84f859f5340d28456fb6b23a66cc9f3172363c0beae709cc4ce295de434042b0577b77d1fda78375971aa3c17022c981e2f926e9c241f96d0570ecc0d3bcd59c47b15fb5b085481d91be3e034ef5713bed60b4789bc70f5b775fde380ce1ada42f06d6a642594420a3bd062d9c4339800bb982be3f7a9817e57aeddb3b521295497c200a466bac4301aeb4856e039ba27027c8e17dc0b5d7d50bd89068"})
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r6, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x60, 0x0, &(0x7f0000000340)=[@acquire_done={0x40106309, 0x3}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@fd={0x66642a85, 0x0, r6}, @ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/235, 0xeb, 0x0, 0x24}, @fd={0x66642a85, 0x0, r2}}, &(0x7f00000000c0)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

[ 1927.708739] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.709856] binder: 8729:8735 unknown command 0
[ 1927.716118] binder: 8726:8734 unknown command 0
[ 1927.725121] binder: 8727:8733 ioctl 40046207 0 returned -16
[ 1927.730082] binder: 8729:8735 ioctl c0306201 20000200 returned -22
[ 1927.732165] binder: 8726:8734 ioctl c0306201 20000200 returned -22
[ 1927.747858] binder: 8727:8733 unknown command 0
[ 1927.753321] binder: 8727:8733 ioctl c0306201 20000200 returned -22
[ 1927.767319] binder: 8726:8734 unknown command 0
[ 1927.770174] binder: 8729:8735 unknown command 0
[ 1927.776031] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.785323] binder: 8726:8734 ioctl c0306201 20000200 returned -22
[ 1927.786141] binder: 8729:8735 ioctl c0306201 20000200 returned -22
[ 1927.795308] binder: 8727:8739 unknown command 0
20:22:07 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x14000, 0x0)
preadv(r4, &(0x7f00000002c0)=[{&(0x7f0000000040)=""/162, 0xfffffffffffffeaf}, {&(0x7f0000000200)=""/187, 0xbb}, {&(0x7f0000000500)=""/240, 0xe5}], 0x3, 0xd9f, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
close(r5)
ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300010c6300000e630c400000000000000000000000000763044000000000"], 0x0, 0x0, 0x0})

[ 1927.805408] binder: 8727:8733 ioctl 40046207 0 returned -16
[ 1927.819094] binder: 8727:8739 ioctl c0306201 20000200 returned -22
[ 1927.824899] binder_alloc: 8729: binder_alloc_buf size 158913789952 failed, no address space
[ 1927.837214] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.849107] binder: 8726:8744 unknown command 0
20:22:07 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x806)
r1 = dup2(0xffffffffffffffff, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1927.854840] binder: 8726:8734 ioctl 40046207 0 returned -16
[ 1927.865806] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.874161] binder: 8726:8744 ioctl c0306201 20000200 returned -22
[ 1927.885722] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1927.905769] binder: 8726:8747 ioctl 40046207 0 returned -16
[ 1927.915930] binder: 8726:8746 unknown command 0
[ 1927.918726] binder: 8749:8751 unknown command 16802571
[ 1927.920895] binder: 8726:8746 ioctl c0306201 20000200 returned -22
[ 1927.933943] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.933959] binder: 8729:8735 ioctl 40046207 0 returned -16
[ 1927.934252] binder: 8729:8735 unknown command 0
20:22:07 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x5000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1927.960413] binder: BINDER_SET_CONTEXT_MGR already set
[ 1927.975053] binder: 8729:8755 unknown command 0
[ 1927.982530] binder: 8729:8745 ioctl 40046207 0 returned -16
[ 1927.988803] binder: 8729:8735 ioctl c0306201 20000200 returned -22
[ 1927.999297] binder: 8749:8751 ioctl c0306201 20000340 returned -22
20:22:07 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x800)
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r3, r3)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0xc, 0x0, &(0x7f00000003c0)=[@dead_binder_done], 0x0, 0x0, 0x0})

20:22:07 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
write$cgroup_freezer_state(r2, &(0x7f0000000040)='THAWED\x00', 0x7)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1928.007856] binder: 8729:8755 ioctl c0306201 20000200 returned -22
[ 1928.021165] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.041393] binder: 8758:8762 ioctl 40046207 0 returned -16
[ 1928.089304] binder: 8758:8762 unknown command 0
20:22:07 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1928.122575] binder: 8758:8762 ioctl c0306201 20000200 returned -22
[ 1928.151184] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.160038] binder: 8758:8765 unknown command 0
[ 1928.165836] binder: 8766:8770 unknown command 0
[ 1928.170395] binder: 8758:8762 ioctl 40046207 0 returned -16
[ 1928.178695] binder: 8758:8765 ioctl c0306201 20000200 returned -22
[ 1928.185373] binder: 8766:8770 ioctl c0306201 20000200 returned -22
[ 1928.195908] binder: 8766:8770 unknown command 0
[ 1928.216155] binder: 8766:8770 ioctl c0306201 20000200 returned -22
[ 1928.227984] binder: 8771:8777 unknown command 0
[ 1928.255232] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.267413] binder: 8771:8777 ioctl c0306201 20000200 returned -22
[ 1928.285340] binder: 8766:8770 ioctl 40046207 0 returned -16
[ 1928.285385] binder: 8766:8778 unknown command 0
[ 1928.296288] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.309194] binder: 8766:8781 ioctl 40046207 0 returned -16
[ 1928.316066] binder: 8766:8780 unknown command 0
[ 1928.320932] binder: 8766:8780 ioctl c0306201 20000200 returned -22
[ 1928.333705] binder: 8771:8777 unknown command 0
[ 1928.344711] binder: 8771:8777 ioctl c0306201 20000200 returned -22
[ 1928.346107] binder: 8766:8778 ioctl c0306201 20000200 returned -22
[ 1928.365008] binder_alloc: 8771: binder_alloc_buf size 158913789952 failed, no address space
[ 1928.390489] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1928.394019] binder: 8782:8787 unknown command 0
[ 1928.410826] binder: 8782:8787 ioctl c0306201 20000200 returned -22
[ 1928.425448] binder: 8782:8787 unknown command 0
[ 1928.428132] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.430976] binder: 8782:8787 ioctl c0306201 20000200 returned -22
[ 1928.436372] binder: 8771:8783 unknown command 0
[ 1928.448362] binder: 8771:8777 ioctl 40046207 0 returned -16
[ 1928.455090] binder: 8771:8783 ioctl c0306201 20000200 returned -22
[ 1928.464260] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.472155] binder: 8771:8790 ioctl 40046207 0 returned -16
[ 1928.472289] binder: 8771:8777 unknown command 0
[ 1928.485637] binder: 8771:8777 ioctl c0306201 20000200 returned -22
[ 1928.508939] binder: 8782:8794 ioctl c0306201 20000380 returned -14
20:22:08 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xa4, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:08 executing program 0:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = dup2(r0, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0})

20:22:08 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:08 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
write(r2, &(0x7f0000000040)="451d78f8903d8eede7308ad5cefa53a6da3b2fcb0acd8e383c3b0d00d89d10723b3d22041214f36e4aba69db142624965cf0a7a06a02e097aa1968dd0b", 0x3d)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000080), 0x0, 0x2)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:08 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r5, 0x5, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000002})
r6 = syz_open_dev$vcsa(&(0x7f00000004c0), 0x1, 0x20c0)
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r7, 0x7, &(0x7f0000000080)={0x1})
r8 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r8, 0x7, &(0x7f0000000080)={0x1})
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000900)=[{&(0x7f0000000080)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000000400)=[{&(0x7f00000001c0)="b92fcf677fb49f7023591963271348e3c8f5e45a6b8dfc5e0146397581c9ee5008b45d55c9365eca686950d82b63cb96e97f6ab81ad49e2a5ae43ef6f6e78f7c5bb1435aad1a80b836c1ec05b061c9d57a213de3231fa7672fe2df0f0258ce9dbb00", 0x62}, {&(0x7f0000000240)="a248f05e475601f0e3a24f8833ba6b6b6c0f149ce730fab2e8a1a3499b082bd7e3b0e4dac88d3a95a6a2ca1f2065b331e32884ade0d975e7459ef9b6d7b708ce65a2fd2ea40d53111711d6e74506478986779ca7fb1b6f5912ed88d935c2ee24dcc5c939c16b9ef9dbc7ca3e1bc87f9db8e8c54bfb6eeff749f2bf9f4e746488ae1d4490fcec3d9db90fdda0948a3696c8ec5b9bdf5ef11134fab0e7e085c5d7c82ab032a2c7079137ee1f165b3a9735deae2360108fc4ed8a8ef90f226564fffcc61838c2a140", 0xc7}, {&(0x7f0000000380)="9d0c635690175f9c7ac01d704f6e941c55d3c9a62d2528198d6dd6335c8be58466b9d29dc10d9996076daa34abcef93c26c9e4c3", 0x34}], 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="30000000000000000100000000000000", @ANYRES32, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRES32=r1, @ANYRES32, @ANYRES32=r3, @ANYRES32=r1, @ANYBLOB="14000000000000000100000001000000", @ANYRES32, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32=r5, @ANYRES32=r3, @ANYRES32=r1, @ANYRES32=r4, @ANYRES32=r4, @ANYRES32=r6, @ANYRES32=r3, @ANYRES32=r7, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32=r8, @ANYRES32=r4, @ANYRES32=r2, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0xb0, 0x6800}, {&(0x7f00000005c0)=@file={0x0, './bus\x00'}, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000640)="059cbaf6c30e6720a4818fe52f4fbaf50ecd60f49b0b8c147ee07f40bd049bc95cda1687257f6e5b1958dbca122929ae2917851262c8c684514c8e1a71e2bc9b8133783a63390c819d9605f5af2a9922b9dbe72c9203ed0486c4489ec0188555de98acf03aaeaaa26239ff758efa96d8c46eeff54ca9c7b98f0406dd517ce793", 0x80}, {&(0x7f00000006c0)}, {&(0x7f0000000700)="b308bd8dbf5364644e4758089de9d4827e02d188184a7b406240d71c8451296b327ab9e6cc86", 0x26}, {&(0x7f0000000740)="85bb116fbacf2f651a8a8a1cf488e5f29c4435b1e61927dce6cbdcf8554bcecefbcc8089f5d1881b6683732a", 0x2c}, {&(0x7f0000000780)="b081c42b2082bb1376b00d6f8832a63768231a01cedb082fb6df1423d4dd3893e6923451d2ed9533458cf0df606ef7319822d5da33dfda211d05110abaa73e3094c78fd6e21b54a54a0e8b8b773527891c04ca62c5b7e381656c20df7de6aad8c000eb781e21305f07f5f154c2573c328d2df39c26134eb4218fcf466e27959e", 0x80}, {&(0x7f0000000800)="6798e3da0795558a93276d14e734829b690ce09be9c87302e30780cc530ec49b66ebac9b07867ef72f3ad46e37d9f792a4932617c8d86789ee3da6ff38e712fd20df32", 0x43}], 0x6, 0x0, 0x0, 0x4}], 0x2, 0x40808)
close(r4)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0bcfb70483e66572242ca0504eb26717bb6300000c6300000e630c4000000000"], 0x0, 0x0, 0x0})

20:22:08 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x4c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1928.619314] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.624515] binder: 8803:8811 unknown command 0
[ 1928.625979] binder: 8800:8806 ioctl 40046207 0 returned -16
[ 1928.629785] binder: 8803:8811 ioctl c0306201 20000200 returned -22
[ 1928.649397] binder: 8804:8805 unknown command 0
[ 1928.655370] binder: 8800:8806 unknown command 0
[ 1928.655706] binder: 8804:8805 ioctl c0306201 20000200 returned -22
20:22:08 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000040)=0xd7da, 0x4)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1928.670760] binder: 8800:8806 ioctl c0306201 20000200 returned -22
[ 1928.686968] binder_alloc_new_buf_locked: 10 callbacks suppressed
[ 1928.686975] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1928.702204] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.703560] binder: 8803:8811 unknown command 0
[ 1928.708410] binder: 8800:8806 ioctl 40046207 0 returned -16
[ 1928.720306] binder: 8800:8814 unknown command 0
[ 1928.725365] binder: 8804:8805 ioctl c0306201 20000540 returned -14
[ 1928.727123] binder: 8800:8814 ioctl c0306201 20000200 returned -22
[ 1928.741073] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1928.743365] binder: 8803:8811 ioctl c0306201 20000200 returned -22
20:22:08 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1928.764493] binder_alloc: 8803: binder_alloc_buf size 158913789952 failed, no address space
[ 1928.775311] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.781145] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1928.793595] binder: 8804:8805 ioctl 40046207 0 returned -16
[ 1928.795457] binder: 8804:8820 unknown command 0
[ 1928.800752] binder: 8802:8822 unknown command 79154955
[ 1928.812062] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.821046] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.833748] binder: 8802:8822 ioctl c0306201 20000340 returned -22
[ 1928.840613] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.844832] binder: 8804:8827 ioctl 40046207 0 returned -16
[ 1928.848596] binder: 8803:8811 ioctl 40046207 0 returned -16
[ 1928.859483] binder: 8803:8813 unknown command 0
[ 1928.860790] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.870650] binder: BINDER_SET_CONTEXT_MGR already set
[ 1928.871641] binder: 8804:8820 ioctl c0306201 20000200 returned -22
[ 1928.880992] binder: 8826:8830 ioctl 40046207 0 returned -16
[ 1928.883041] binder: 8818:8821 ioctl 40046207 0 returned -16
[ 1928.891737] binder: 8818:8832 unknown command 0
[ 1928.898292] binder: 8803:8813 ioctl c0306201 20000200 returned -22
[ 1928.900204] binder: 8803:8831 unknown command 0
[ 1928.912047] binder: 8803:8829 ioctl 40046207 0 returned -16
[ 1928.917964] binder: 8818:8832 ioctl c0306201 20000200 returned -22
[ 1928.928311] binder: 8826:8830 unknown command 0
[ 1928.947490] binder: 8826:8830 ioctl c0306201 20000200 returned -22
[ 1928.955940] binder: 8803:8831 ioctl c0306201 20000200 returned -22
[ 1928.976545] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1929.008572] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.014448] binder: 8818:8821 ioctl 40046207 0 returned -16
[ 1929.018567] binder: 8826:8834 unknown command 0
20:22:08 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x54, 0x0, &(0x7f0000000240)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @request_death={0x400c630e, 0x1}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000152000/0x4000)=nil, 0x4000, 0x180000e, 0x8010, r2, 0x800000)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x8, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="41320400000000619492d60dec23d1088115ba24386134008e2e6a110ca23e9e1d52e7857c6b37b17a1cc0b82829fbcf2a32f1b275fc8491a9005e0faa7ead23e3e20d4142c0dcb19ec9a3d8ef3a050046e8439220ff60e9a980953aef98b971be237ef38b5cd9d5021876857bf793d32abab821ab2bb9d0db32619f4930240cdc802061805d17609436fa06150bf7bfc690b1d7efc14686a478e7eb9c83eb050e12704f46cbcbf7e870925f2e3444b0e7e4b670b25a49b86822fce556f56c3e6f928a52737180f11a009986a5271aed09066c879e4acab6732378e0388b83975a3edd1d51881a5f57a22dc627ed5ce5ac7a0540d62acaedfeb5e34efc64035114775ea97ff8282e6d38201531542856c65a56a494fbcfb8b6b2504ff45572d00a4f9f1a235bcf84c282733c42fd00"/318], 0x0, 0x0, 0x0})
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1, 0x0, 0x8})
close(r5)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000180)={0x1})
close(r6)
perf_event_open$cgroup(&(0x7f0000000080)={0x5, 0x80, 0x41, 0x0, 0xfb, 0x1f, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x1, 0xffff, 0xa2, 0x1, 0x9, 0x0, 0x400, 0x0, 0x8, 0x0, 0xffffffffffffffc1}, r5, 0x6, r6, 0xe)

20:22:08 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1929.030197] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1929.034934] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.048921] binder: 8826:8834 ioctl c0306201 20000200 returned -22
20:22:08 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x20000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1929.072390] binder: 8826:8830 ioctl 40046207 0 returned -16
[ 1929.082370] block nbd0: shutting down sockets
[ 1929.090452] binder: 8818:8821 unknown command 0
[ 1929.105387] binder: 8842:8843 unknown command 0
[ 1929.116444] binder: 8842:8843 ioctl c0306201 20000200 returned -22
[ 1929.121545] binder: 8818:8821 ioctl c0306201 20000200 returned -22
[ 1929.145294] binder: 8842:8843 unknown command 0
[ 1929.146666] binder: 8818:8821 ioctl c0306201 20000540 returned -14
[ 1929.165468] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.166415] binder: 8845:8850 unknown command 0
[ 1929.172085] binder: 8842:8843 ioctl c0306201 20000200 returned -22
[ 1929.191655] binder: 8846:8848 ioctl 40046207 0 returned -16
[ 1929.203622] binder: 8846:8848 unknown command 0
[ 1929.207003] binder: 8842:8851 unknown command 275009
[ 1929.208519] binder: 8846:8848 ioctl c0306201 20000200 returned -22
20:22:09 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000040)=0xd7da, 0x4)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1929.213911] binder: 8845:8850 ioctl c0306201 20000200 returned -22
[ 1929.228378] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1929.239969] binder: 8845:8853 unknown command 0
[ 1929.246436] binder: 8842:8851 ioctl c0306201 20000540 returned -22
[ 1929.246522] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.278322] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.284101] binder: 8845:8853 ioctl c0306201 20000200 returned -22
[ 1929.293255] binder_alloc: 8845: binder_alloc_buf size 158913789952 failed, no address space
[ 1929.295415] binder: 8842:8843 ioctl 40046207 0 returned -16
[ 1929.302346] binder: 8842:8851 unknown command 0
[ 1929.316645] binder: 8846:8854 unknown command 0
[ 1929.320406] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.322918] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1929.327655] binder: 8842:8856 ioctl 40046207 0 returned -16
[ 1929.335030] binder: 8846:8854 ioctl c0306201 20000200 returned -22
[ 1929.341189] binder: 8842:8857 unknown command 0
[ 1929.348209] binder: 8846:8848 ioctl 40046207 0 returned -16
[ 1929.356793] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.361045] binder: 8842:8861 unknown command 275009
[ 1929.363819] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1929.377303] binder: 8842:8861 ioctl c0306201 20000540 returned -22
[ 1929.384699] binder: 8842:8851 ioctl c0306201 20000200 returned -22
[ 1929.394930] binder: 8842:8857 ioctl c0306201 20000200 returned -22
[ 1929.404600] binder: 8855:8860 ioctl 40046207 0 returned -16
[ 1929.416034] binder: 8855:8864 unknown command 0
[ 1929.436423] binder: 8855:8864 ioctl c0306201 20000200 returned -22
[ 1929.456506] binder: 8802:8822 unknown command 79154955
[ 1929.465836] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.478307] binder: 8802:8822 ioctl c0306201 20000340 returned -22
[ 1929.480504] binder: 8845:8853 unknown command 0
[ 1929.492395] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.498183] binder: 8845:8850 ioctl 40046207 0 returned -16
[ 1929.504368] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.510031] binder: 8855:8860 ioctl 40046207 0 returned -16
[ 1929.510846] binder: 8845:8867 ioctl 40046207 0 returned -16
[ 1929.519640] binder: 8845:8853 ioctl c0306201 20000200 returned -22
[ 1929.523308] binder: 8845:8868 unknown command 0
[ 1929.551489] binder: 8845:8868 ioctl c0306201 20000200 returned -22
[ 1929.581969] block nbd0: shutting down sockets
[ 1929.592413] binder: 8855:8860 unknown command 0
[ 1929.625757] binder: 8855:8860 ioctl c0306201 20000200 returned -22
[ 1929.642623] binder: 8855:8864 ioctl c0306201 20000540 returned -14
20:22:09 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xa4, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:09 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:09 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x802)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:09 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = syz_mount_image$bfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x5, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77adb9411c62f6e6052452a0471aee1c569dfc28d189a0023738f8f7368ad50db8c9199a987abc589eea35496be8a3b393c9ad92e922b5d4c5115e2c9d774f93b89aa45c", 0x44, 0x1}], 0x67081, &(0x7f0000000200)={[{'/++'}, {'I}'}, {')(*[%>$$H-'}, {'/dev/binder#\x00'}], [{@smackfsroot={'smackfsroot', 0x3d, '/dev/binder#\x00'}}]})
r4 = openat(r3, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x104)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r5, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0xffffffffffffffff, 0x2000000000})
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0xe, 0x4, 0x300, 0xffffffff, 0x1d0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x268, 0x268, 0x268, 0xffffffff, 0x4, &(0x7f0000000240), {[{{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x81, {0x4}}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x7, 0x1}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x80, 0x5, 0x9, 0xfffffff7, 0x3a4, 0x1, 0x5, 0x3]}}}, {{@ip={@remote, @rand_addr=0x64010102, 0xff, 0x0, 'ip_vti0\x00', 'erspan0\x00', {0xff}, {}, 0x6, 0x6, 0x10}, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r6, 0x7, &(0x7f0000000080)={0x1})
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000280)={'wlan0\x00'})

20:22:09 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:09 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000040)=0xd7da, 0x4)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1929.679227] binder: 8876:8877 unknown command 0
[ 1929.689047] binder: 8876:8877 ioctl c0306201 20000200 returned -22
[ 1929.706324] binder: 8876:8877 unknown command 0
[ 1929.711193] binder: 8876:8877 ioctl c0306201 20000200 returned -22
[ 1929.775200] binder: 8884:8888 unknown command 0
[ 1929.784363] binder: 8884:8888 ioctl c0306201 20000200 returned -22
[ 1929.791983] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.797661] binder: 8885:8889 ioctl 40046207 0 returned -16
[ 1929.803159] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.807261] binder: 8884:8888 unknown command 0
[ 1929.810673] binder: 8882:8886 unknown command 0
[ 1929.818990] binder: 8885:8889 unknown command 0
[ 1929.824745] binder: 8884:8888 ioctl c0306201 20000200 returned -22
[ 1929.827844] binder: 8882:8886 ioctl c0306201 20000200 returned -22
[ 1929.831999] binder: 8885:8889 ioctl c0306201 20000200 returned -22
[ 1929.847152] binder: 8880:8890 ioctl 40046207 0 returned -16
[ 1929.847527] binder_alloc: 8884: binder_alloc_buf size 158913789952 failed, no address space
[ 1929.859507] binder: 8880:8894 unknown command 0
[ 1929.878377] binder: 8882:8886 unknown command 0
[ 1929.879688] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1929.886624] binder: 8882:8886 ioctl c0306201 20000200 returned -22
[ 1929.906028] binder: 8880:8894 ioctl c0306201 20000200 returned -22
[ 1929.910256] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.916513] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1929.920580] binder: 8885:8889 ioctl 40046207 0 returned -16
[ 1929.935438] binder: 8882:8886 ioctl c0306201 20000540 returned -14
[ 1929.942345] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.942362] binder: 8884:8888 ioctl 40046207 0 returned -16
[ 1929.946547] binder: 8884:8888 unknown command 0
[ 1929.953312] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.959383] binder: 8884:8888 ioctl c0306201 20000200 returned -22
[ 1929.972592] binder: BINDER_SET_CONTEXT_MGR already set
[ 1929.974131] binder: 8880:8894 unknown command 0
[ 1929.981989] block nbd0: shutting down sockets
[ 1929.988646] binder: 8880:8890 ioctl 40046207 0 returned -16
[ 1929.995580] binder: 8885:8889 unknown command 0
[ 1929.997440] binder: 8880:8894 ioctl c0306201 20000200 returned -22
[ 1930.000775] binder: 8884:8897 unknown command 0
[ 1930.012117] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.014302] binder: 8884:8896 ioctl 40046207 0 returned -16
[ 1930.019538] binder: 8882:8886 ioctl 40046207 0 returned -16
[ 1930.025726] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1930.035678] binder: 8885:8889 ioctl c0306201 20000200 returned -22
[ 1930.035814] binder: 8882:8901 unknown command 0
[ 1930.045270] binder: 8884:8897 ioctl c0306201 20000200 returned -22
[ 1930.055204] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.055230] binder: 8882:8902 ioctl 40046207 0 returned -16
[ 1930.064527] binder: 8882:8902 unknown command 0
[ 1930.071977] binder: 8885:8895 ioctl c0306201 20000540 returned -14
20:22:09 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000040)=0xd7da, 0x4)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

20:22:09 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:09 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1930.087554] binder: 8882:8901 ioctl c0306201 20000200 returned -22
[ 1930.101410] binder: 8882:8902 ioctl c0306201 20000200 returned -22
20:22:09 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r5 = open(&(0x7f0000000040)='./file0\x00', 0x801, 0x3)
mmap$binder(&(0x7f0000213000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0xc09)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})
socketpair(0x2a, 0x1, 0x40000, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
mmap(&(0x7f0000152000/0x4000)=nil, 0x4000, 0x2, 0x100010, r6, 0xb76b6000)

[ 1930.200707] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.211743] binder: 8905:8910 unknown command 0
[ 1930.222397] binder: 8908:8909 ioctl 40046207 0 returned -16
[ 1930.230551] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.233185] binder: 8905:8910 ioctl c0306201 20000200 returned -22
[ 1930.250936] binder: 8904:8914 ioctl 40046207 0 returned -16
[ 1930.261117] binder: 8904:8914 unknown command 0
[ 1930.261689] binder: 8908:8909 unknown command 0
[ 1930.271896] binder: 8908:8909 ioctl c0306201 20000200 returned -22
[ 1930.274653] binder: 8904:8914 ioctl c0306201 20000200 returned -22
[ 1930.289631] binder: 8905:8910 unknown command 0
[ 1930.300378] binder: 8912:8916 unknown command 0
[ 1930.305697] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1930.313736] binder: 8912:8916 ioctl c0306201 20000200 returned -22
[ 1930.315174] binder: 8905:8910 ioctl c0306201 20000200 returned -22
[ 1930.328418] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.338312] binder: 8912:8916 ioctl c0306201 20000540 returned -14
[ 1930.340788] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.348372] binder: 8904:8919 ioctl 40046207 0 returned -16
[ 1930.358311] binder_alloc: 8905: binder_alloc_buf size 158913789952 failed, no address space
[ 1930.361026] binder: 8908:8915 unknown command 0
[ 1930.374562] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1930.380482] binder: 8908:8909 ioctl 40046207 0 returned -16
[ 1930.384868] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1930.405474] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.406160] binder: 8908:8915 ioctl c0306201 20000200 returned -22
[ 1930.410955] binder: 8912:8916 ioctl 40046207 0 returned -16
[ 1930.426919] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.428530] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.436576] block nbd0: shutting down sockets
[ 1930.438842] binder: 8905:8910 ioctl 40046207 0 returned -16
[ 1930.447016] binder: 8905:8920 unknown command 0
[ 1930.457610] binder: 8904:8914 unknown command 0
[ 1930.465500] binder: 8912:8927 ioctl 40046207 0 returned -16
[ 1930.471832] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.478662] binder: 8905:8920 ioctl c0306201 20000200 returned -22
[ 1930.487289] binder: 8904:8914 ioctl c0306201 20000200 returned -22
[ 1930.492976] binder: 8905:8910 ioctl 40046207 0 returned -16
[ 1930.496577] binder: 8912:8925 unknown command 0
20:22:10 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x68000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1930.506831] binder: 8905:8928 unknown command 0
[ 1930.512452] binder: 8905:8928 ioctl c0306201 20000200 returned -22
[ 1930.519201] binder: 8912:8925 ioctl c0306201 20000200 returned -22
[ 1930.546115] binder: 8912:8916 ioctl c0306201 20000540 returned -14
20:22:10 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000040)=0xd7da, 0x4)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)

[ 1930.657631] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.680095] binder: 8934:8938 ioctl 40046207 0 returned -16
[ 1930.683829] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.696417] binder: 8934:8938 unknown command 0
[ 1930.700470] binder: 8937:8939 ioctl 40046207 0 returned -16
[ 1930.705947] binder: 8934:8938 ioctl c0306201 20000200 returned -22
[ 1930.715922] binder: 8937:8939 unknown command 0
[ 1930.721765] binder: 8937:8939 ioctl c0306201 20000200 returned -22
[ 1930.733588] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.739692] binder: 8937:8939 ioctl 40046207 0 returned -16
[ 1930.749687] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.760147] binder: 8932:8946 unknown command 0
[ 1930.765363] binder: 8932:8946 ioctl c0306201 20000200 returned -22
[ 1930.765929] binder: 8934:8938 ioctl 40046207 0 returned -16
[ 1930.772061] binder: 8934:8943 unknown command 0
[ 1930.787177] block nbd0: shutting down sockets
[ 1930.789934] binder: 8932:8946 unknown command 0
[ 1930.810816] binder: 8934:8943 ioctl c0306201 20000200 returned -22
20:22:10 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xa4, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:10 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:10 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
close(0xffffffffffffffff)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r5, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r6 = syz_mount_image$efs(&(0x7f0000000300), &(0x7f0000000380)='./file0\x00', 0x3f, 0x8, &(0x7f0000000ac0)=[{&(0x7f0000000440)="8142b7785f025120df3c67765d6338711dbc163267d8ea40ee7a3ee02647", 0x1e, 0x1000}, {&(0x7f0000000600)="d690c7f82ea62d97d4f38789b9c26627efba0550594b161a8ce2f5a9596e18aa321b659f8fd31e81e94c64027b0324c39d9ea2058f43cf8c7eb026314ea133247a2a1d00194f1ee6170cd1a6055715409c028c01f296955e1d134841178e74217151e3f9c6d38dba8347fe92cd4398cb4647f465021799b87297dd115c61dc", 0x7f, 0x7}, {&(0x7f0000000680)="03ab25a4e696faeeaeed747b12f61cbf70594d034c9d342f14b3769f25783aeeeae6211061e342bb210f379e5d62a3bb84ca02f745ce21f4fafbc25b77decd6ed542165f17717f0867b9b5e22e5476c0b05465156cb870c585c9b5eeb26790479a5263b3cc1e1bec93dce896437601de55664faef1d201aed77bd6591a3f9fd8561a0554c5", 0x85, 0x401}, {&(0x7f0000000740)="f02bfeea8555333d49d5062566ec077f9a96f7b45f1fd84b87d4e2d00d47f5bcd0002b4f18a86c335dc64c1907dd96ca28424225a70b5f6a83cc68080dad5820a9139e5a0a36655c880e2f6ab74bb3441ec2b5fb857fee8fcc098640d3067e3aba7feb2778d634bd982539f91e0116f7416247e5ad45fe1a02410b193b4b995482d6cd074b6d4ce2e043a3501dd5e3bf39726e243cb2fc4090e232aad6743e11d7e6bfca9f6dfa936f183c77009cafd137718c7041993bf3f2d07619", 0xbc, 0x4d08}, {&(0x7f0000000880)="6bc7f88878535830818a1f14397f80dfa4b5a874d7a2966acbea6e6348be8e45cb77aac5dac11a6bdf510d3a1b22983e6e9db6090a9bbfa13eff4532fa4ceee22c41c8e1bfddd5e9a6f9294a93658795b10e655ade78b94a7211707d1536a2d650ab892602b049af6c1a33389d6cd5be9e9a35b18d08811b76f06f10c951a70a09c48b4b3e98d4a586c6d6aa724d92c01f1fee351f25bd9c0c9035dd41de7b2948fee5b4b85c39a5", 0xa8, 0x3ff}, {&(0x7f0000000940)="c1bce8d798c007a53a11eec696d4774dbb36658643594cb2a3a0bce5141d14513af6833f52a9d7d655cfd18b3885f414ce0503a3fbba6d05e564a042119e00c7d607e483bef402b1e8d029ff071eaa9854cffd97f169d7c7695686908fb10ba35a76e5fcf3654e4c41fa79613ccb1e14d4c95ceb76c70fa5bad45584581f71888698b9fd791f7c0f9bd6d83d136767606297b1cb66139d6eadd588495a63606135a98297a10c2a6066a97eafa9d140", 0xaf, 0x9}, {&(0x7f0000000480)="21dbbaabc2e1c902c1f23d3e660f98f4c0b04a709a884c5da8c04d72b187e622c0bb4e468a151e168985", 0x2a, 0x8}, {&(0x7f0000000a00)="96b1c5c130c781d00af525149b0c2d3d36a387e93d61b6c6b11de0b6c10052f6760e3829197ce01036760dd6f0b42e8b2fe87d3795d2f53ffb19243e73339b79f6c642fbc71c79799c606a613b8b05eef5980aca560b2614c11d5545d7a97af42784d08b1818455b98ed10010285d4eb441430b5d7440639add960e939e28abd599e375ed2fddc94ece6fec603d1d72488", 0x91, 0x9}], 0x26, &(0x7f0000000b80)={[{'.'}, {'/dev/binder#\x00'}, {'/@+*\xd8*]['}], [{@subj_type={'subj_type', 0x3d, '/dev/binder#\x00'}}, {@permit_directio}, {@hash}, {@smackfsdef}, {@smackfsdef={'smackfsdef', 0x3d, '#!-'}}]})
r7 = mmap$binder(&(0x7f000023f000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000e00)={0x11c, 0x0, &(0x7f0000000c80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000180)={@flat=@handle={0x73682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/65, 0x41, 0x1, 0x3b}, @fda={0x66646185, 0x8, 0x2, 0x3a}}, &(0x7f00000000c0)={0x0, 0x18, 0x40}}}, @clear_death={0x400c630f, 0x2}, @enter_looper, @enter_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000240)={@fd={0x66642a85, 0x0, r3}, @flat=@weak_binder={0x77622a85, 0x90b, 0x3}, @fd={0x66642a85, 0x0, r5}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x400}, @acquire_done, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000c00)={@flat=@handle={0x73682a85, 0x10a}, @fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r6}}, &(0x7f0000000580)={0x0, 0x18, 0x30}}, 0x40}, @acquire={0x40046305, 0x2}, @free_buffer={0x40086303, r7}], 0x0, 0x0, &(0x7f0000000dc0)})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:10 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
setsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x1, &(0x7f0000000040)=0xd7da, 0x4)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)

20:22:10 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @register_looper, @request_death, @decrefs], 0x55, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x18, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0c6300ff0000ecff00000000cce022de94dde3c718863c7d9932052dce46bb8e4026a718ac1a0adb117337f393dafc0c58dfac6ea76e6e526454732c6123e112480d2452c100677d6d6151cad099d3fe20ba5def4ec1eb8278fc1787e243e9ee70076b6c0f18a4efc517ee23eb5801953e0d7222a46085c441420487271c42922edfc2fd2c9477bec7a212f5e008e2910674bcd44d25524293951dcea19a36e00aee9dd80994545139f53019f469b5604c17695d4b776a5913342f80421d58077062ae4784032edd54214bcb2859f318c16f260ff95706d0d3167536c77d504f502213f23c95cc26a847dca57c38747fcc6ba10ea09d128f888ef51e7d4a600800"/270], 0x40, 0x0, &(0x7f0000000080)="71f993f3d29a74c14ac6a540c3ed0d559f9c20cb9312be034aef3fdd1390e955cc516ba4977adfbbd45d25f39d88a62b38cdc3abc9ea8335b1911df615245e55"})
r4 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x20)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r5, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
sendmsg$nl_route(r5, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="cf440000520014002dbd7000fbdbdf25020800020047a5692c0fe620e41e330000080005001ccb00000800a52300002800000000200000004c91aed206d7a5051ec99e12f188a22c3e8f92fd80cf4a2fe87171122d25d9f2f3e0d96b7d390c5498fb3d98a5c3c5f9bbf93c7b59e37a04ccd4bee5c7eef43fc9101f670d7308e4547e95c22fa02776a10ebc92472bd5abad30017b360b7d0c4978f964f718b0c5fbc9d84423dbee765f97bf05ef728ae1fe82ced1d425e0e29079c120181485a200"/203], 0x34}, 0x1, 0x0, 0x0, 0x81}, 0x24000080)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000400)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000004c0)={'syztnl2\x00', &(0x7f0000000440)={'sit0\x00', r6, 0x4, 0x3, 0x6, 0x3, 0x40, @private2, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x20, 0x700, 0x8000, 0x7}})
clock_gettime(0x0, &(0x7f0000000600)={<r7=>0x0, <r8=>0x0})
setsockopt$sock_timeval(r5, 0x1, 0x42, &(0x7f0000000640)={r7, r8/1000+10000}, 0x10)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f00000002c0)={0x3})
ioctl$EVIOCGABS3F(r3, 0x8018457f, &(0x7f0000000040)=""/4)
fdatasync(r2)

[ 1930.850705] binder: 8932:8946 ioctl c0306201 20000200 returned -22
20:22:10 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6c000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1930.944662] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.950958] binder: 8951:8960 unknown command 0
[ 1930.951994] binder: 8952:8958 unknown command 0
[ 1930.956935] binder: 8951:8960 ioctl c0306201 20000200 returned -22
[ 1930.961028] binder: 8952:8958 ioctl c0306201 20000200 returned -22
[ 1930.978099] binder: BINDER_SET_CONTEXT_MGR already set
[ 1930.980420] binder: 8951:8960 unknown command 0
[ 1930.985314] binder: 8953:8957 ioctl 40046207 0 returned -16
[ 1930.995548] binder: 8954:8956 ioctl c0306201 20000340 returned -14
[ 1930.997260] binder: 8955:8959 ioctl 40046207 0 returned -16
[ 1931.005429] binder: 8951:8960 ioctl c0306201 20000200 returned -22
[ 1931.013500] binder: 8955:8959 unknown command 0
[ 1931.018023] binder: 8953:8961 unknown command 0
[ 1931.022273] binder: 8955:8959 ioctl c0306201 20000200 returned -22
[ 1931.025230] binder: 8954:8956 unknown command -16751860
[ 1931.038995] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.044472] binder: 8954:8956 ioctl c0306201 200000c0 returned -22
[ 1931.050918] binder: 8953:8961 ioctl c0306201 20000200 returned -22
[ 1931.058585] binder: 8952:8958 unknown command 0
[ 1931.067775] binder: 8952:8958 ioctl c0306201 20000200 returned -22
[ 1931.079606] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.080983] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.087208] binder: 8953:8957 ioctl 40046207 0 returned -16
[ 1931.102549] binder: 8951:8963 unknown command 0
[ 1931.106801] binder: 8955:8964 unknown command 0
[ 1931.108609] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.113836] binder: 8952:8962 ioctl c0306201 20000540 returned -14
[ 1931.118416] binder: 8951:8960 ioctl 40046207 0 returned -16
[ 1931.125751] binder: 8955:8959 ioctl 40046207 0 returned -16
[ 1931.135827] binder: 8951:8963 ioctl c0306201 20000200 returned -22
[ 1931.137824] binder: 8955:8964 ioctl c0306201 20000200 returned -22
[ 1931.147612] binder: 8951:8967 ioctl 40046207 0 returned -16
[ 1931.156993] binder: 8951:8968 unknown command 0
[ 1931.160786] binder: 8954:8956 ioctl c018620c 200002c0 returned -22
[ 1931.168609] binder: 8951:8968 ioctl c0306201 20000200 returned -22
[ 1931.172187] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.182378] binder: 8952:8958 ioctl 40046207 0 returned -16
[ 1931.183167] binder: binder_mmap: 8954 20000000-20400000 bad vm_flags failed -1
[ 1931.189695] binder: 8952:8962 unknown command 0
[ 1931.209012] block nbd0: shutting down sockets
[ 1931.217110] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.229259] binder: 8952:8975 ioctl 40046207 0 returned -16
20:22:11 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:11 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x74000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:11 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r7, 0xab04)

[ 1931.246303] binder: 8952:8977 unknown command 0
[ 1931.256594] binder: 8952:8962 ioctl c0306201 20000200 returned -22
[ 1931.265320] binder: 8954:8956 ioctl c018620c 200002c0 returned -22
[ 1931.272203] binder: 8952:8977 ioctl c0306201 20000200 returned -22
20:22:11 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = dup2(r1, r0)
ioctl$SNDRV_PCM_IOCTL_DELAY(r3, 0x80084121, &(0x7f00000000c0))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:11 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x74, 0x0, &(0x7f0000000180)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000040)={@ptr={0x70742a85, 0x1, &(0x7f0000000880)=""/4096, 0x1000, 0x2, 0x17}, @ptr={0x70742a85, 0x1, &(0x7f0000001880)=""/4096, 0x1000, 0x1, 0xb}, @flat=@weak_handle={0x77682a85, 0x100a, 0x2}}, &(0x7f00000000c0)={0x0, 0x28, 0x50}}, 0x40}, @decrefs={0x40046307, 0x2}, @decrefs={0x40046307, 0x1}, @clear_death={0x400c630f, 0x1}, @register_looper, @register_looper], 0x0, 0x0, &(0x7f0000000240)})
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000002c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f00000007c0)=[{&(0x7f0000000680)=""/131, 0x83}, {&(0x7f0000002880)=""/235, 0xeb}, {&(0x7f0000000740)=""/113, 0x71}], 0x3, 0xb76c, 0x0)
preadv(r3, &(0x7f0000000240), 0x0, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000380)={0x54, 0x0, &(0x7f0000000580)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/61, 0x3d, 0x0, 0x1b}, @fda={0x66646185, 0x7, 0x1, 0x13}, @flat=@weak_binder={0x77622a85, 0x2, 0x3}}, &(0x7f0000000300)={0x0, 0x28, 0x48}}, 0x1000}, @release], 0x54, 0x0, &(0x7f0000000600)="88834a7bfafd595af45184792c20ec593df7f315fbbaa80383359d6839a8eb8e68c8325348eee88986065e078bd2cc749c3e58cfedbbc80194d4db221905bc03370a60d39909565b46d117d481aeb23850a81d62"})

[ 1931.372625] binder: 8979:8983 unknown command 0
[ 1931.378309] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.383550] binder: 8979:8983 ioctl c0306201 20000200 returned -22
[ 1931.390282] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.401903] binder: 8981:8986 ioctl 40046207 0 returned -16
[ 1931.405951] binder: 8980:8985 ioctl 40046207 0 returned -16
[ 1931.428043] binder: 8981:8986 unknown command 0
[ 1931.437143] binder: 8980:8985 unknown command 0
[ 1931.447282] binder: 8979:8983 unknown command 0
[ 1931.452783] binder: 8987:8991 ioctl 80084121 200000c0 returned -22
[ 1931.455381] binder: 8981:8986 ioctl c0306201 20000200 returned -22
[ 1931.462990] binder: 8979:8983 ioctl c0306201 20000200 returned -22
[ 1931.474063] binder: 8980:8985 ioctl c0306201 20000200 returned -22
[ 1931.494792] binder: 8992:8997 unknown command 0
[ 1931.500902] binder_alloc_new_buf_locked: 1 callbacks suppressed
[ 1931.500913] binder_alloc: 8979: binder_alloc_buf size 158913789952 failed, no address space
[ 1931.506267] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.511516] binder_alloc_new_buf_locked: 1 callbacks suppressed
[ 1931.511530] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1931.520613] binder: 8992:8997 ioctl c0306201 20000200 returned -22
[ 1931.523198] binder: 8987:8996 ioctl 80084121 200000c0 returned -22
[ 1931.537384] binder: 8981:8993 unknown command 0
[ 1931.537399] binder: 8981:8993 ioctl c0306201 20000200 returned -22
[ 1931.538408] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.575482] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.581158] binder: 8979:8983 ioctl 40046207 0 returned -16
[ 1931.587937] binder: 8979:8990 unknown command 0
[ 1931.593431] block nbd0: shutting down sockets
[ 1931.594166] binder: 8980:8985 ioctl 40046207 0 returned -16
[ 1931.599187] binder: 8979:8990 ioctl c0306201 20000200 returned -22
[ 1931.611696] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.625369] binder: 8992:8997 unknown command 0
[ 1931.630276] binder: 8992:8997 ioctl c0306201 20000200 returned -22
[ 1931.638616] binder: 8979:8983 unknown command 0
[ 1931.644518] binder: 8979:8983 ioctl c0306201 20000200 returned -22
[ 1931.666186] binder: 8979:9004 ioctl 40046207 0 returned -16
20:22:11 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b63000040000063044000000000"], 0x0, 0x0, 0x0})
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
close(r4)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r4, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r5, 0x4, 0x70bd27, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4845)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r7 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r7, 0x26, &(0x7f0000000180)={0x1})
close(r7)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000640), 0xe3, 0x0, &(0x7f0000000700)="bf5d8a262968bb5a7ce939b3399d80382c283d72b1b82dffe68ac680777edbac7dbf5a6118c7bef727c9368c1e553d1381183a346ff574faa23630757c872368e34f7251f5502782e488792eff234e5d78e05f4089b7106f84d5c7417eccd4e5ef2c929d180092528f14f96e868fdf7899c4352604e5f76cafc1d7765cd199c901d9aabb564687da010c9cd3b7f4f7971e25ea94c1e52a7989438825024992ec8ad4ac4faa435f535dc022a20e5b3dfd73a5eace290054a880c0096bec3dbb427fa45eea99ea77eb90ecb98ca20b428ef636186ab6279dad6d32a7a8963b42c5bc3e78"})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0)
preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r6, 0x84, 0x15, &(0x7f0000000040)={0x7}, 0x1)

[ 1931.677245] binder: 8992:9003 ioctl c0306201 20000540 returned -14
[ 1931.696355] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.711468] binder: 8981:8986 ioctl 40046207 0 returned -16
[ 1931.722273] binder: 8992:9003 ioctl 40046207 0 returned -16
[ 1931.751864] binder: 8992:9009 unknown command 0
[ 1931.763853] binder: 8992:9009 ioctl c0306201 20000200 returned -22
[ 1931.773939] binder: 9007:9010 unknown command 1660944448
[ 1931.788580] binder: 9007:9010 ioctl c0306201 20000340 returned -22
[ 1931.797465] binder: BINDER_SET_CONTEXT_MGR already set
[ 1931.804999] binder: 8992:9009 ioctl c0306201 20000540 returned -14
[ 1931.815610] binder: 8992:8997 ioctl 40046207 0 returned -16
[ 1931.821629] binder: 8992:9003 unknown command 0
[ 1931.821648] binder: 8992:9003 ioctl c0306201 20000200 returned -22
[ 1931.852174] binder: 9007:9015 unknown command 1660944448
[ 1931.858474] binder: 9007:9015 ioctl c0306201 20000340 returned -22
20:22:11 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x6c, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:11 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04)

20:22:11 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:11 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7a000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:11 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000580)={0x9c, 0x0, &(0x7f00000006c0)=[@acquire={0x40046305, 0x1}, @release={0x40046306, 0x3}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/170, 0xaa, 0x1, 0xe}, @flat=@weak_binder={0x77622a85, 0xb, 0x3}, @fd={0x66642a85, 0x0, r4}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}}, @exit_looper, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/34, 0x22, 0x0, 0x30}, @flat=@handle={0x73682a85, 0xa}, @ptr={0x70742a85, 0x1, &(0x7f0000000600)=""/161, 0xa1, 0x2, 0x15}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}}], 0x57, 0x0, &(0x7f0000000440)="83935ad4d25776109d0c21353d943e5269e1b872f8d7da12364f286bb99f79c26d5f641bbd6918ca5289d8a6a6d7ff7dd53a75a70ea9803d975f84b51bc5231cd82b9ee11de0e3e5bfff1c29209da1b676f4089e5b2c9c"})
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:11 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r3, 0x8008f512, &(0x7f0000000040))
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1931.905047] binder: 9012:9018 unknown command 0
[ 1931.910040] binder: 9012:9018 ioctl c0306201 20000200 returned -22
[ 1931.923015] binder: 9012:9018 unknown command 0
[ 1931.927802] binder: 9012:9018 ioctl c0306201 20000200 returned -22
[ 1932.005613] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.014962] binder: 9022:9029 unknown command 0
[ 1932.020467] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.020539] binder: 9023:9027 unknown command 0
[ 1932.026636] binder: 9025:9026 ioctl 40046207 0 returned -16
[ 1932.027330] binder: 9025:9026 unknown command 0
[ 1932.050351] binder: 9024:9030 ioctl 40046207 0 returned -16
[ 1932.050593] binder: 9025:9026 ioctl c0306201 20000200 returned -22
[ 1932.058687] binder: 9022:9029 ioctl c0306201 20000200 returned -22
[ 1932.076052] binder: 9024:9034 unknown command 0
[ 1932.077757] binder: 9023:9027 ioctl c0306201 20000200 returned -22
[ 1932.087264] binder: 9022:9033 unknown command 0
[ 1932.097462] binder: 9023:9035 unknown command 0
20:22:11 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1932.098646] binder: 9024:9034 ioctl c0306201 20000200 returned -22
[ 1932.107258] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.122508] binder: 9023:9035 ioctl c0306201 20000200 returned -22
[ 1932.134290] binder: 9022:9033 ioctl c0306201 20000200 returned -22
[ 1932.140116] binder: 9025:9036 ioctl 40046207 0 returned -16
[ 1932.150495] binder: 9022:9029 ioctl c0306201 20000540 returned -14
[ 1932.161507] binder_alloc: 9023: binder_alloc_buf size 158913789952 failed, no address space
[ 1932.164109] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.173804] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.187905] binder: 9024:9030 ioctl 40046207 0 returned -16
[ 1932.188534] binder: 9024:9034 unknown command 0
[ 1932.199514] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1932.202237] binder: 9022:9033 unknown command 0
[ 1932.211735] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.220040] binder: 9022:9029 ioctl 40046207 0 returned -16
[ 1932.227039] binder: 9024:9034 ioctl c0306201 20000200 returned -22
[ 1932.237557] block nbd0: shutting down sockets
[ 1932.244372] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.247932] binder: 9023:9035 unknown command 0
[ 1932.254985] binder: 9022:9029 ioctl 40046207 0 returned -16
[ 1932.255185] binder: 9022:9029 unknown command 0
[ 1932.263817] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.266474] binder: 9022:9043 ioctl c0306201 20000540 returned -14
[ 1932.271796] binder: 9023:9027 ioctl 40046207 0 returned -16
[ 1932.287158] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.293926] binder: 9037:9038 ioctl 40046207 0 returned -16
[ 1932.299725] binder: 9023:9047 unknown command 0
20:22:12 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04)

[ 1932.299868] binder: 9023:9035 ioctl c0306201 20000200 returned -22
[ 1932.307232] binder: 9023:9046 ioctl 40046207 0 returned -16
[ 1932.315813] binder: 9022:9033 ioctl c0306201 20000200 returned -22
[ 1932.320355] binder: 9023:9047 ioctl c0306201 20000200 returned -22
[ 1932.334868] binder: 9022:9029 ioctl c0306201 20000200 returned -22
[ 1932.336473] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.347750] binder: 9037:9044 ioctl 40046207 0 returned -16
20:22:12 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffff7f}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:12 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:12 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x121640, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=@newqdisc={0x138, 0x24, 0x10, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x9, 0x8}, {0xffe0, 0xfff0}, {0xc, 0xffe0}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x2, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}, @TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0xffffffe0}]}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1ff}, @TCA_STAB={0xec, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x0, 0x81, 0x58, 0x2, 0x6, 0x386e41b9, 0x1}}, {0x6, 0x2, [0x6]}}, {{0x1c, 0x1, {0x2, 0x89, 0x80, 0xcf0d, 0x0, 0x800, 0x4975, 0x6}}, {0x10, 0x2, [0x6, 0x9, 0x101, 0xffff, 0x1000, 0x3]}}, {{0x1c, 0x1, {0xf4, 0x1, 0x0, 0x1ff, 0x2, 0xe1, 0xa3ba, 0x1}}, {0x6, 0x2, [0x9]}}, {{0x1c, 0x1, {0x20, 0x1b, 0x8, 0x1000, 0x1, 0x9, 0x6, 0x5}}, {0xe, 0x2, [0xb34, 0x4075, 0x3, 0x2173, 0x8]}}, {{0x1c, 0x1, {0x3f, 0x20, 0x80, 0xfcd, 0x0, 0x7f, 0x35}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x8, 0x2, 0x14ba, 0x2, 0x139, 0x0, 0x3}}, {0xa, 0x2, [0x4, 0x8, 0x7]}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x2804}, 0x4000000)

20:22:12 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x800)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1932.424470] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.430095] binder: 9049:9052 ioctl 40046207 0 returned -16
[ 1932.449376] binder: 9049:9052 unknown command 0
[ 1932.482422] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.486270] binder: 9049:9052 ioctl c0306201 20000200 returned -22
[ 1932.504631] binder: 9051:9056 ioctl 40046207 0 returned -16
[ 1932.513981] binder: 9055:9058 unknown command 0
[ 1932.518936] binder: 9055:9058 ioctl c0306201 20000200 returned -22
[ 1932.522427] binder: 9051:9056 unknown command 0
[ 1932.535512] binder: 9051:9056 ioctl c0306201 20000200 returned -22
[ 1932.541214] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.548390] binder: 9049:9052 ioctl 40046207 0 returned -16
[ 1932.554529] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.554548] binder: 9051:9056 ioctl 40046207 0 returned -16
[ 1932.571502] binder: 9051:9064 unknown command 0
[ 1932.578787] binder: 9057:9063 unknown command 0
[ 1932.581331] binder: 9055:9065 unknown command 0
[ 1932.594084] binder: 9057:9063 ioctl c0306201 20000200 returned -22
[ 1932.595254] binder: 9051:9064 ioctl c0306201 20000200 returned -22
[ 1932.602307] block nbd0: shutting down sockets
[ 1932.611098] binder: 9055:9065 ioctl c0306201 20000200 returned -22
[ 1932.630489] binder: 9057:9066 unknown command 0
[ 1932.636909] binder_alloc: 9055: binder_alloc_buf size 158913789952 failed, no address space
[ 1932.637904] binder: 9057:9066 ioctl c0306201 20000200 returned -22
[ 1932.665017] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1932.676210] binder: 9057:9063 ioctl c0306201 20000540 returned -14
[ 1932.688742] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.699072] binder: 9057:9066 unknown command 0
[ 1932.709277] binder: 9057:9066 ioctl c0306201 20000200 returned -22
[ 1932.716497] binder: 9057:9063 ioctl 40046207 0 returned -16
[ 1932.724568] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.730539] binder: 9057:9073 ioctl 40046207 0 returned -16
[ 1932.730661] binder: 9057:9074 unknown command 0
[ 1932.744128] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.750590] binder: 9055:9065 unknown command 0
[ 1932.755845] binder: 9055:9065 ioctl c0306201 20000200 returned -22
[ 1932.762753] binder: 9055:9058 ioctl 40046207 0 returned -16
[ 1932.763132] binder: 9057:9074 ioctl c0306201 20000200 returned -22
[ 1932.778598] binder: 9076:9080 unknown command 0
[ 1932.809511] binder: 9076:9080 ioctl c0306201 20000200 returned -22
20:22:12 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x6c, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:12 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x802)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$INCFS_IOC_FILL_BLOCKS(r3, 0x80106720, &(0x7f0000000300)={0x7, &(0x7f0000000680)=[{0x1, 0x1a, &(0x7f0000000080)="2b089eeed939c15449aeb875986488739a155fd82b9369c9220f", 0x1}, {0x2, 0x5e, &(0x7f0000000180)="db69d69cd2737b05b8eef1ff3e3eb798bf4580cdeb7908b7be6fdd436e1b19b23e9abf9049ec145f64b6081a3091894fb1099fa580d85b935702fadff53d91c833d4029082a0cc61c029389f78d1be17b58ae663e47a4e4aa38846dcb376", 0x1, 0x1}, {0x9, 0xc1, &(0x7f0000000200)="18424255a147cff446a137c6e1a7c7e3c88d111dc0b70f50f130c2b6a47440bab3ae5d55f43df5bf623ae486dd7454c3ab7834fd255c3d81b0e3219cebd5f89b112b66c48fee6ac80e52eaed70ee49c06f0b11b8c96b60c1fb78de4c97c45671e75849ef877d7e2448f202797d32028cc6130bf93c09418e3c6c045101692b07c7e3b1ba62446b1ac9c1fcc01d01d24bc5615d4b9dd15055e08869b40a87c3b9dbff92fc15072dcf72234df9837b4e97d05ff44ad8a711c2a5d655e2af557ef515", 0x1}, {0x80000000, 0x94, &(0x7f0000000400)="0170409c9e1d00a71f8f37c73b7d6dfd77dad8f84d987c45f4eb7c9f2fb44059d0da68454ba2c33cf4378352e5e2b6036c3f6096e474014561fd92c72a7cf698c32e54c2718e87606c840702526540f548d7cba4e8d8fb1053c49a9407bdff5d1a7f18a3b3330e586fbc40ec6c6bac446c5cae047fa25b2841dcb07fd25d3811e09edddcc9f246cf6190b1f3518d141f2a52958f"}, {0x6, 0xe3, &(0x7f00000004c0)="e2376653136ae5b87c8fdda2fcdc2005a02e4015542586d849cb023f290526f054174f69ef4c488914841c2482e65aded43b4276e460f509054e695b386cf06cdc96507cca4bf0bb7fee840616b9423409b6a3ddd1def3d0898f40495f1eae68232844e78557e55e327ac0e42fa3930714caf81e32ca0559bdcce5fccbd9e0b074cbc11482fde3dd7cdd6d6cd919165a3630c5ab7afb6315c6c101fc684207fff1e0d08861aa1805acf7bb054649cdcefa434aea1ab86f7ee6f78ff609281cda5c2788a45cd07cfc390dd87b1713a5667b872d8158fbf7031c9fe366e932c12723703b", 0x0, 0x1}, {0x8001, 0x93, &(0x7f00000005c0)="7e95423779d61a1a253deb09a5e001d99dc978825e8944b57483e08cd8a199a1389a475a0c3f3a55d6f9027c4321df2436f0105bd0e5dd2da5ed95155b1d26a154dcbc37d3d5f327363bafc53f9536ba5431f8ba607635c1a528f46eea00de437f44c823be0bb5981110f54b7597f210e122e05dfb915623fa1980f2d43ef205e34575e6317e3f22427a40655769ab8087e7d4", 0x1, 0x1}, {0x3, 0x2b, &(0x7f00000000c0)="13aecc6023f1bd6bf8d69b015caab993bcd671f25bcdcbbb65ca130ee7b1ff5bc7055006b68a6a6d1743f1", 0x1, 0x1}]})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:12 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x100000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:12 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r6 = dup(r5)
ioctl$NBD_SET_SOCK(r4, 0xab00, r6)
ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04)

20:22:12 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(r2, 0xc010f508, &(0x7f0000000040)={0x7, 0x1ff})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
close(r5)
fchdir(r5)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:12 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1932.862574] binder: 9076:9081 unknown command 0
[ 1932.867391] binder: 9076:9081 ioctl c0306201 20000200 returned -22
[ 1932.967483] binder: 9087:9093 unknown command 0
[ 1932.971189] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.978082] binder: 9090:9097 ioctl 40046207 0 returned -16
[ 1932.979001] binder: 9087:9093 ioctl c0306201 20000200 returned -22
[ 1932.990914] binder: 9090:9097 unknown command 0
[ 1932.996861] binder: BINDER_SET_CONTEXT_MGR already set
[ 1932.997307] binder: 9088:9095 unknown command 0
[ 1933.005296] binder: 9092:9094 ioctl 40046207 0 returned -16
[ 1933.008512] binder: 9090:9097 ioctl c0306201 20000200 returned -22
[ 1933.024348] binder: 9088:9095 ioctl c0306201 20000200 returned -22
[ 1933.036144] binder: 9092:9094 unknown command 0
[ 1933.043866] binder: 9092:9094 ioctl c0306201 20000200 returned -22
[ 1933.056778] binder: 9087:9093 ioctl c010f508 20000040 returned -22
20:22:12 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
openat(r2, &(0x7f0000000040)='./file0\x00', 0x2000, 0xc5)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
close(r4)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0xa0, 0x0, &(0x7f0000000400)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/175, 0xaf, 0x2, 0x21}, @fda={0x66646185, 0xa, 0x1, 0x30}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}}, @request_death, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000280)={@fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x5, 0x0, 0x38}, @fda={0x66646185, 0x6, 0x0, 0x3b}}, &(0x7f0000000300)={0x0, 0x18, 0x38}}}], 0x26, 0x0, &(0x7f0000000380)="8c1561837fcf4afe56755bc8c98b568ee4b5faafba6480f31fb66954adf8d1bac87094c798d2"})
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1933.070533] binder: 9088:9095 unknown command 0
[ 1933.088898] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.089174] binder: 9087:9093 unknown command 0
[ 1933.100113] binder: 9088:9095 ioctl c0306201 20000200 returned -22
[ 1933.109533] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.116209] binder: 9090:9097 ioctl 40046207 0 returned -16
[ 1933.118410] binder: 9087:9093 ioctl c0306201 20000200 returned -22
[ 1933.129572] binder_alloc: 9088: binder_alloc_buf size 158913789952 failed, no address space
[ 1933.144068] binder: 9087:9100 ioctl c0306201 20000540 returned -14
[ 1933.148453] binder: 9092:9094 ioctl 40046207 0 returned -16
[ 1933.151029] binder: 9092:9106 unknown command 0
[ 1933.158549] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1933.173985] binder: 9092:9106 ioctl c0306201 20000200 returned -22
[ 1933.183579] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.190528] binder: 9087:9093 ioctl 40046207 0 returned -16
[ 1933.190572] binder: 9087:9100 unknown command 0
[ 1933.205571] block nbd0: shutting down sockets
[ 1933.214430] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.223793] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.229796] binder: 9088:9095 ioctl 40046207 0 returned -16
[ 1933.229867] binder: 9088:9104 unknown command 0
[ 1933.245452] binder: 9087:9114 ioctl 40046207 0 returned -16
[ 1933.252945] binder: 9087:9093 ioctl c010f508 20000040 returned -22
[ 1933.252964] binder: 9087:9116 unknown command 0
20:22:13 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
dup(r4)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

20:22:13 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x200000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1933.282291] binder: 9087:9100 ioctl c0306201 20000200 returned -22
[ 1933.288735] binder: 9088:9104 ioctl c0306201 20000200 returned -22
[ 1933.296479] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.309303] binder: 9087:9116 ioctl c0306201 20000200 returned -22
[ 1933.318971] binder: 9088:9095 ioctl 40046207 0 returned -16
[ 1933.319226] binder: 9088:9117 unknown command 0
20:22:13 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000380)={0xb8, 0x0, &(0x7f0000000600)=[@acquire={0x40046305, 0x2}, @request_death, @release={0x40046306, 0x1}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000040)={@fda={0x66646185, 0x9, 0x1, 0x3a}, @fda={0x66646185, 0x6, 0x2, 0x35}, @flat=@handle={0x73682a85, 0x110f, 0x3}}, &(0x7f00000000c0)={0x0, 0x20, 0x40}}}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000240)={@fda={0x66646185, 0xa, 0x1, 0x32}, @flat=@binder={0x73622a85, 0x1, 0x3}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/28, 0x1c, 0x2, 0x38}}, &(0x7f00000001c0)={0x0, 0x20, 0x38}}, 0x400}], 0x7e, 0x0, &(0x7f00000002c0)="d2464dc4a08736423996bb2ba30a252f3e4944d5e0b6a015f282f413a45714f0912b2234f374bd1e38fbb2479b5d9ce46e5b319906824e0ee57146fdaa4d866b14a6a0018d051f2066d107ade1d4b38a9807f122fa37f1878c5fa769eb10ba0755ad0b1b5cd223adc276eab63e1597bafb85ad7aa6fe1129d0069afe4edd"})
preadv2(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000440)=""/6, 0x6}, {&(0x7f00000006c0)=""/157, 0x9d}], 0x2, 0x8f0, 0xfff, 0x8)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:13 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b6300000c6300000e630c400000000000000000000000000000000000000000e6b7020ddf7d92827a6fb83bfdbb4393a20b1c"], 0x0, 0x0, 0x0})

[ 1933.341216] binder: 9088:9117 ioctl c0306201 20000200 returned -22
[ 1933.393599] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.407750] binder: 9122:9125 ioctl 40046207 0 returned -16
[ 1933.415879] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.432867] binder: 9123:9128 unknown command 0
20:22:13 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1933.438346] binder: 9121:9127 ioctl 40046207 0 returned -16
[ 1933.439722] binder: 9121:9127 unknown command 0
[ 1933.453464] binder: 9122:9125 unknown command 0
[ 1933.464109] binder: 9121:9127 ioctl c0306201 20000200 returned -22
[ 1933.474267] binder: 9122:9125 ioctl c0306201 20000200 returned -22
[ 1933.482128] binder: 9123:9128 ioctl c0306201 20000200 returned -22
[ 1933.505671] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.511198] binder: 9123:9133 unknown command 0
[ 1933.511390] binder: 9123:9133 ioctl c0306201 20000200 returned -22
[ 1933.511802] binder: 9123:9133 ioctl c0306201 20000540 returned -14
[ 1933.520304] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.532735] binder: 9131:9138 unknown command 0
[ 1933.542186] binder: 9129:9134 unknown command 0
[ 1933.543998] binder: 9121:9127 ioctl 40046207 0 returned -16
[ 1933.547013] binder: 9121:9135 unknown command 0
[ 1933.563268] binder: 9121:9135 ioctl c0306201 20000200 returned -22
[ 1933.575686] binder: 9129:9134 ioctl c0306201 20000340 returned -22
[ 1933.587255] binder: 9131:9138 ioctl c0306201 20000200 returned -22
[ 1933.603111] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.607322] binder: 9131:9143 unknown command 0
[ 1933.608647] binder: 9123:9128 ioctl 40046207 0 returned -16
[ 1933.620228] binder: 9123:9133 unknown command 0
[ 1933.628891] binder: 9131:9143 ioctl c0306201 20000200 returned -22
[ 1933.635107] binder: 9122:9125 ioctl 40046207 0 returned -16
[ 1933.641537] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.647054] binder: 9123:9133 ioctl c0306201 20000200 returned -22
[ 1933.657226] binder_alloc: 9131: binder_alloc_buf size 158913789952 failed, no address space
[ 1933.669060] binder: 9129:9146 unknown command 0
[ 1933.672093] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1933.682245] binder: 9123:9144 ioctl 40046207 0 returned -16
[ 1933.691450] binder: 9123:9128 unknown command 0
[ 1933.692671] binder: 9129:9146 ioctl c0306201 20000340 returned -22
[ 1933.696221] binder: 9123:9128 ioctl c0306201 20000200 returned -22
[ 1933.711917] binder: 9123:9133 ioctl c0306201 20000540 returned -14
[ 1933.761475] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.777950] binder: 9131:9138 ioctl 40046207 0 returned -16
[ 1933.778237] binder: 9131:9143 unknown command 0
[ 1933.792713] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.816352] binder: 9131:9143 ioctl c0306201 20000200 returned -22
[ 1933.831113] binder: 9155:9156 unknown command 0
[ 1933.831714] binder: 9131:9151 ioctl 40046207 0 returned -16
[ 1933.841373] binder: 9131:9138 unknown command 0
[ 1933.847016] binder: 9131:9138 ioctl c0306201 20000200 returned -22
[ 1933.894365] binder: 9155:9159 unknown command 0
[ 1933.899417] binder: 9155:9159 ioctl c0306201 20000200 returned -22
[ 1933.906395] binder: 9155:9156 ioctl c0306201 20000200 returned -22
20:22:13 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x6c, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:13 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x300000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:13 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
dup(r4)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

20:22:13 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x3800003, 0x40010, r3, 0x0)
mmap$binder(&(0x7f000071c000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x8)
preadv(r3, &(0x7f0000000a00)=[{&(0x7f0000000040)=""/192, 0xc0}, {&(0x7f0000000240)=""/221, 0xdd}, {&(0x7f0000000600)=""/186, 0xba}, {&(0x7f0000000a80)=""/264, 0x108}, {&(0x7f0000000880)=""/180, 0xb4}, {&(0x7f0000000180)=""/24, 0x18}, {&(0x7f0000000940)=""/156, 0x9c}], 0x7, 0xd9e, 0x2e)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:13 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="096300000c6300000e630c400000080000000000000000000763044000000000"], 0x0, 0x0, 0x0})

20:22:13 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1933.987842] binder: BINDER_SET_CONTEXT_MGR already set
[ 1933.997600] binder: 9164:9171 unknown command 0
[ 1934.002704] binder: 9165:9169 unknown command 25353
[ 1934.007986] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.008430] binder: 9166:9168 ioctl 40046207 0 returned -16
[ 1934.018757] binder: 9163:9173 unknown command 0
[ 1934.020026] binder: 9164:9171 ioctl c0306201 20000200 returned -22
[ 1934.031864] binder: 9165:9169 ioctl c0306201 20000340 returned -22
[ 1934.032275] binder: 9167:9172 ioctl 40046207 0 returned -16
[ 1934.041400] binder: 9166:9168 unknown command 0
[ 1934.049065] binder: 9166:9168 ioctl c0306201 20000200 returned -22
[ 1934.057179] binder: 9164:9174 unknown command 0
[ 1934.058782] binder: 9165:9175 unknown command 25353
[ 1934.064518] binder: 9163:9173 ioctl c0306201 20000200 returned -22
[ 1934.075096] binder: 9167:9176 unknown command 0
[ 1934.080228] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.080288] binder: 9164:9174 ioctl c0306201 20000200 returned -22
[ 1934.085895] binder: 9165:9175 ioctl c0306201 20000340 returned -22
[ 1934.099701] binder: 9167:9176 ioctl c0306201 20000200 returned -22
[ 1934.105980] binder_alloc: 9164: binder_alloc_buf size 158913789952 failed, no address space
[ 1934.106949] binder: 9166:9168 ioctl 40046207 0 returned -16
[ 1934.125852] binder: 9163:9173 unknown command 0
[ 1934.131195] binder: 9163:9173 ioctl c0306201 20000200 returned -22
[ 1934.142171] binder_alloc_new_buf_locked: 14 callbacks suppressed
[ 1934.142179] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1934.148135] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1934.153407] binder: 9167:9176 unknown command 0
[ 1934.160497] binder: 9163:9173 ioctl c0306201 20000540 returned -14
[ 1934.163981] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.183387] binder: 9167:9176 ioctl c0306201 20000200 returned -22
20:22:13 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
mmap$binder(&(0x7f000010d000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x5a5)
r3 = dup2(r1, r0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
close(r4)
ioctl$KDGKBMETA(r4, 0x4b62, &(0x7f0000000040))
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1934.188836] binder: 9164:9174 unknown command 0
[ 1934.196895] binder: 9163:9177 unknown command 0
[ 1934.202966] binder: 9163:9177 ioctl c0306201 20000200 returned -22
[ 1934.212876] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.218398] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.224004] binder: 9164:9174 ioctl c0306201 20000200 returned -22
20:22:14 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
dup(r4)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

[ 1934.238966] binder: 9163:9173 ioctl 40046207 0 returned -16
[ 1934.246367] binder: 9164:9171 ioctl 40046207 0 returned -16
[ 1934.246372] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.246404] binder: 9164:9182 ioctl 40046207 0 returned -16
[ 1934.265421] binder: 9164:9185 unknown command 0
[ 1934.270472] binder: 9164:9185 ioctl c0306201 20000200 returned -22
[ 1934.279558] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.286640] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.299140] binder: 9189:9191 ioctl 40046207 0 returned -16
[ 1934.303115] binder: 9167:9172 ioctl 40046207 0 returned -16
[ 1934.305573] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1934.315800] binder: 9163:9190 ioctl 40046207 0 returned -16
[ 1934.322960] binder: 9163:9177 unknown command 0
[ 1934.327736] binder: 9163:9177 ioctl c0306201 20000200 returned -22
[ 1934.346878] binder: 9163:9173 ioctl c0306201 20000540 returned -14
20:22:14 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:14 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1934.370995] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.396038] binder: 9193:9197 ioctl 40046207 0 returned -16
20:22:14 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x2)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f00000000c0)=0x6, 0x4)
dup2(r2, r2)
syz_open_dev$binderN(&(0x7f0000000080), 0x0, 0x1000)
close(r4)
mmap(&(0x7f00005fb000/0x2000)=nil, 0x2000, 0x100000a, 0x10010, r4, 0x19f66000)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1934.439962] binder: 9193:9201 unknown command 0
[ 1934.459804] binder: 9193:9201 ioctl c0306201 20000200 returned -22
[ 1934.470721] binder: 9200:9203 unknown command 0
[ 1934.475997] binder: 9200:9203 ioctl c0306201 20000200 returned -22
[ 1934.488245] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.496459] binder: 9193:9197 ioctl 40046207 0 returned -16
[ 1934.506940] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.508967] binder: 9205:9209 unknown command 0
[ 1934.518048] binder: 9200:9203 unknown command 0
[ 1934.533946] binder: 9204:9208 ioctl 40046207 0 returned -16
[ 1934.533991] binder: 9205:9209 ioctl c0306201 20000200 returned -22
[ 1934.542804] binder: 9200:9203 ioctl c0306201 20000200 returned -22
[ 1934.564470] binder: 9204:9211 unknown command 0
[ 1934.576143] binder_alloc: 9200: binder_alloc_buf size 158913789952 failed, no address space
20:22:14 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$NBD_SET_SOCK(r4, 0xab00, 0xffffffffffffffff)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

[ 1934.577402] binder: 9204:9211 ioctl c0306201 20000200 returned -22
[ 1934.588846] binder: 9205:9212 unknown command 0
[ 1934.604058] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1934.612643] binder: 9204:9211 unknown command 0
[ 1934.616170] binder: 9205:9212 ioctl c0306201 20000200 returned -22
[ 1934.626431] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1934.634199] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1934.637314] binder: 9205:9209 ioctl c0306201 20000540 returned -14
[ 1934.651504] binder: 9204:9211 ioctl c0306201 20000200 returned -22
[ 1934.668550] binder: 9200:9213 unknown command 0
[ 1934.673901] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.682947] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.689901] binder: 9200:9213 ioctl c0306201 20000200 returned -22
[ 1934.710668] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.713600] binder: 9205:9209 ioctl 40046207 0 returned -16
[ 1934.716506] binder: 9205:9212 unknown command 0
[ 1934.727921] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.733976] binder: 9205:9212 ioctl c0306201 20000200 returned -22
[ 1934.734200] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.740550] binder: 9200:9203 ioctl 40046207 0 returned -16
[ 1934.757443] binder: 9205:9222 unknown command 0
[ 1934.762980] binder: 9205:9221 ioctl 40046207 0 returned -16
[ 1934.770068] binder: 9205:9222 ioctl c0306201 20000200 returned -22
[ 1934.775809] binder: 9200:9219 ioctl 40046207 0 returned -16
[ 1934.776988] binder: 9200:9223 unknown command 0
[ 1934.791407] binder: 9200:9223 ioctl c0306201 20000200 returned -22
[ 1934.797124] binder: 9218:9229 unknown command 0
[ 1934.804282] binder: 9218:9227 ioctl 40046207 0 returned -16
[ 1934.824009] binder: 9218:9229 ioctl c0306201 20000200 returned -22
[ 1934.863938] binder: BINDER_SET_CONTEXT_MGR already set
[ 1934.869449] binder: 9218:9227 ioctl 40046207 0 returned -16
20:22:14 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:14 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x500000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:14 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
r6 = eventfd(0x9)
close(r6)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000002780)={0xdc, 0x0, &(0x7f0000001680)=[@enter_looper, @acquire_done={0x40106309, 0x3}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000002980)=ANY=[@ANYBLOB="85616466000000000100000000000000000000000000000001000000000000008561646600000000000000000000000001000000000000000600000000000000852a646600000000", @ANYRES32=r2, @ANYBLOB="1fd95e6d4ab3b07a4ea7be1bf73f33379973e9615a942f8c2dca4a11032300161c09a17051b3c48c51fc5e7f22a79c0c0e124c6275bf9632ecf5c3359b82d9c472f94c81bd258e444597e5f255f6c4c05d88ab1547c069149c6220b3479928edcbe20814d1f5367e0da1bc7f250de83a32252a04e59e5a8f0daa41657b039f3f8cbb8d2b820b4ea78b627fbc6f7cf2b398ff6043b1e1568c734c76b429c902f30d5043d537add7736aea29f265bdb09adc205fd6f41035642688e1e6eb2793c8fc0476c586660e5a1e392c08fb6b61e142e0ef9bfd2e2f1c8c579898fbb7d5719af5f0e1414c2c89a3d325193c7e98d505d6f3ed2cd7d5b69bfb2d7c337f09fc73ec69e9153f68b5821f86bdd19e0472873f192899f8ca97afc7c505b36696eb5b3a040500e3e947bd77a8bf086cd229ee492b10d35503231201e9518427b73a02ce5e3b1b49000000000000"], &(0x7f0000000380)={0x0, 0x20, 0x40}}, 0x40}, @increfs={0x40046304, 0x3}, @register_looper, @increfs={0x40046304, 0x1}, @clear_death, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001600)={@ptr={0x70742a85, 0x1, &(0x7f0000002b40)=""/4099, 0x1003, 0x2, 0xb}, @flat=@handle={0x73682a85, 0x100, 0x3}, @flat=@weak_handle={0x77682a85, 0x1001, 0x3}}, &(0x7f0000000580)={0x0, 0x28, 0x40}}}, @acquire], 0x1000, 0x0, &(0x7f0000001780)="d19aebf6a0f5026f2b109992a74943b3d8d26a69a2fa1e1971adcefd1e8a31705fd67cf7b75adb57b94e93ccc19795880e54871e946575ef14d6fb8285564f31c7104c0c16b750a3b6bc4a65ad1d1a6d23ed89f0080af04ae0b1ddc9e66872f413dd6861cc000a7eee51c9fa8e6762b3caca5604c60608ad478b6c89449601d4549cfbb2a29bca80595fe41fa15ede891202ad2c4690266b0fcbb94ef0a04a88248b9ff92d9a5a4244332b4c1b94ebfd0ca30c695de28dfa917872902a1561df494a25ab0a71cddd020f732462d67800c8b35cd3bb8fc798f5784d0f55301232a6095d943a7e8039cfc0035c16f0971e59430f595bf2e2bec31f5804db8c1d23ec92bc48f216651dab9a92ad2e6a49860d957d91edd73f9a70857be0afa6b608dbc7cd70ef9abff284e2769ffd3953a4733fa1753a4de3ae6c96f6cca2323c2b5130a9a38abe731f230d0ab0e641ecaa04698d5b94f8a13825e0a14ef0a2dc78bb6c4e9cd457bbb061d35f68e0fada93f02b5bd7dc8124e93728f0952e953e5bdb29e2eb55b07c5c44f14147cf88cc27d0eb3947fbd036e7a3724571665205f649843abf52d8ab0a22b3b7227881bebe94f9b1879f386cd88e1ed4dad5cff1f4b438b54932d1a6dc8779dce72eb43f102c1e402acd00cb41fe4bc0acfe0ea8d5706f43fa08df99ea902388d87cdfcfd75a415cc48ce1b8633e7dd5eb1786032c68d57b164e41f10354188651edf9dbac88c08ccb67eb7d227b777673880511921ae4436dec3ac30e3f3e32313f43f15915e2460f2aafc0441ac123cb4811c52378e55d7ce00f740fba988bb8b8c4879133ac813a1d4bff81579f4024c64104bd45ef602e519768cd49be7349983455b44b25d6f096f2702d5e2fd07ef2126b3a6a6d221331b7d9de37caf4b12cc31e4daf63487750cba090324074c79d1eba94371df74fff4c73eda4edd8f28e81bf29e4d27443ca43238bbb007d9e8beb75d19bfd5a7d87a9b65b2a571862413882bbbf0b3c7c4f3a7fed68f302207e308994ac28d1e2c5978025a1e36a610bdd98bad81d9c898b2f4aa8b54a727979c768f362f93a895ee624fc966acaf07f03830fd0753ed8f9dc3b827cc7a8b1664fd925f7ae6b973d35c98032ef9cd84a0105da4577b7fefdb4d3b9878c4e8861527597637377808eaae890041d1e3abbdf301f66873fb96fc2cd372f129c6644d6e77324f0f474508368ab1bea4c6f8f0fc81252c2814e059132d852c49f22ef4e3c317c1896c58b56e5f40fd4cecdb746b6df7a0ce35c60156646742d9797e469ee707e5906d235c4eac49e3df05b0989c9befec5798c47a08598cd453cc8956af97a96326f489a86f4845f1b695e98657f66fcf7d436ffac93ee831aec46f880935ee4a1f7922dcb97c4dfa93bd2a94a575a7fe570cdb2fb7f2397e654d1b411d3e13f13ddef6136396d5c6d6ceafa3785fced1381dac2cabfb21b6a449fbf71f7384785be71a99fb9c3fc58afd665a55f064337d839970877c8ccf29c9ae7f2d6764a8972c0dd969e63dd0f64cb683029d0d9bf370362460e270ed90935c0be0c98f4e19e8dfa60c52250b564896020827033b1bb5c5fcea5e422925ed574a0a2e3f796306d88c99f711785f5df66e0a85114c228c0754c9affb6339f16df7d692fc4d788c36cd42420deffe64f5b6cfb221cff93241d34464264de61b79c0d470eae5ef3ca23af6dce57408ed4fcea1f45a06c23053b0ab452b430995b7004a0e9d41e0a06eed88acab978cb190a16ce43c12c19485ecd5cca045471d8f163df8f7776356f1926e823116fd9e353733bb7b4b356a83285c2f56dda0bf7d6700821f9479108847925e90a33cd85d8422cb74484020eac298d21b6ff792d07ef3a0c2e151a9dd0172d18ab3654a87780adaf93e612fdef283f53ad5088de92d0248bca144995ea8643a491d8ca893844cedd0e33ba976936e341e9f867cad839457a1f9f48f992284ed8d3bf6ba8d67a7ae85aaf942d215b8326fe660e5631dc780bc58b43b66a5edc9e1dd46d5bf60f9cd0b60391f785390c54337a652b2543df1f131173e4a785df622cb04df1c764209ad12facf95c5588c092f7637d23381b9b5d3632ae5b20ffc32783fd51a127e31af5b77b6b1b541ffef8500fb082f9874c9cc8fe4e0c4991fb07f5af7a62ba21dd55f0037d109ebfb6694d386e4e4deed1e923fcf02f26092110d738a45d55d70418ce7e90b51767a903f67ac5066ba011593b162fda44ed6ccbf1d122785e4ab9f19ee2cd99503bc5ffff0808b94a61ecc271d5743329959bc01a3b831518cd119f4bee0b60a9385e0fd57889fa307c1663cda5643722f9df9a98cfcd70383f89b2f7d8e00109f01aca6f59529badf0c471cc6f71c3bfbf6036633176875bac51cafc8fa5fc7985ea78260a2e1a03a891b255918b574b5b5c099704c54ba8b413d1cf6ed3b24d6a02f48b86c29169471730019d35c2fcc7a04687d6c95ecb8a305e86f6a7faf61fb6f7c69addce0b56a8f27d7ae73f4074fdfedf9f6b1c7d1ba44b30ec1c83538bf5d968ad4b88a9c9d03b49bb262c7e6c16f7f72234596d928f3d0c2937fbe378bd52a932a9a8fe3fab2322d46c693fe12021cf0f84dcd4ae623e728375fc370ef1c13ccac38557eec130270efbf382744c34d9e35b7cf40215a0181a08f9f51e0376cc1211f31d39c6583054728485924292dd5b50cc27e8c09a65dc518dc444b0df13c6d6bcaa446e9ecc95a9f82f229c511f17d1d2485c84ab84c95f9a03136db1be41c447abe677661492792b401e16c342af4372e8e0b6c46cedfac13b8c45557062ddff9022d3b319c800fc01253dc25f335d3c0c52a2c6c42ebe904522c50654de08a5d6d64fbba13c6105d7943c8b652291ec6adc0dab847500204c94a778630ac5aefc9d2eb5bf1594a263b5b8a6275a74b0a8439affe742177cb53fff0e5b75456d7509efc570bb8558faa7a04150fad4d08b1935639e8defc0883eda71317f927d64204b2a3dc190be8e3215e770b72c7da73443b233a41e9ab239dd9a6d4831a86bc6ec399c08492e03172fdaaf717067cb225194d6c0098aec2e96390da361bb6d3941fcb194b6957a310fa2b1353e350664360d81992ffa33f4219c5928d11c34351ef580f9fd892f9ed488ec4156dc14bc85c2551ff223649e2eec3bccaa74effe438469d0241dbb1b26de253dd2153e19d4cb8cf9ca09ec1bf0ad1cb2ce0a2dd1c36f3636f27e50a6592838cb65635228a14c4b4739da8bc20d6395933c9494fc8e623d0fcc4b7ca99e3f7c29556d63106efe2493c7e10c66a9432de9ebdef8c0739c9c1c041343558587e424d410f8a56776bc17b67b78b19e66db2dc9e027340cb3dd85cd2f34863cb9119c9c0f99086c7b175945e44a840b7e94bc3fd64777708c6d5ad19d07c931d4bca1a19f3afa03f862d4032ca7c169d90d58196ea676457469432a496b0d5065499280366acf77b4802691eda36cf24c6c74ba9623c8945d1b7c8cb26e8029fa7fb5a5c61e4ad5371088f2f3a73215a19afd357416da15b617c7a478b5a7300b478b98d15cb099a960bb5de9616bfa39a4fbfa7d59acb8a16135f2f92c896c10c5ed851767b17c473995d0f592bd571769fc12114aca8eb5dec47379f9a2855012d80625754bc0fa5038d108d8c2fe0ea15a28e69036c388c6248fc8074a2809778a26f8309a8638ca5bad4a36095cda66edcaaae7476009b21e1d8d10b43c03896c1934bc34df9028dea61ac3dcfea0c4d64b98adc8bd2c90abfba899022a33d8096de719e27657ce85d686dc06d78c4a020f16a82ac074b4e72cfed44702b9d4e129a588dbd9e4025803b388467e81e5db0fe457b5fab47511e42020b953630399f261cb677ac8013a173fec4b1a9643b15e108c0b83713f59b7f60ad70dc4120b640197686feb77205290a74ce03dafa947060a9eac4a3e1751d71a710dab6fe33101e28fb9393a902f25ee4d25c638960ab94c86a7fd40361f009466454359c0d926cdd08de3d5d1e7d717278ec01cbc4df524b9cf2acb75558d23fea0244c7470670065014f82902e7ce4f7f844bb459553c9f30abd6fbddafdf08f3194a6cc501dd38893ab50ebf9a94f1d18d297c601ad304a971da0f52923c4611b7bca1a44aea91cc6e1bf588c080f4346581cc4e765a78d7e1374d3981adc628ebcb11e1307bb0fa07c8c6a62a4b072aedde69dc250d9948eb769d0883839c5008f1e81eba9ecc330110ebbf52fa42c37e820436f39d83bf3e822d2d81e081d20d738e450990b9003e64543865eb774b01a1c2b790b77dcdcd82fa16abd9ef7b12acf2fdfb1d682522d71d005f5440dbd7920297a55c977edd5b6c7439ea61848a47cde5c290421bdb7853329c632a907e0418f34ef01e286a4ab79499d7e4832d54cb58ea9a5bd6330e5285eb7f81d38451f47f2c914b9066285748a5a055107bd32415dfc05453b435340b36cbb48a79b90b9dd9be7623e7270c365f24bd46d2bab9deb76f8f145e85571fd01e5c370bdd6f300d5e56ca48d064e219352374cbde242bc17002ec6496f221dcf23383df4a97cc9fa4f1c18539aaaf77359ec76374900d17e85b924b7950feb4b153866c4666a1a9971aaf0c1bd09638e31cf5f10f18d2b891b4f93c26df959b425e0a96ad948fbf8c3cb04b7cd72425aa6b92e84fc46d101e651c1df313254f2041c799705df133666d037c83e56f025ae9870c113128b45bc443fee10cd072fe9c0af8b55daeee9348892fd113d2a349e3f6d19eba690cb5771cefdc5fd0af0e95f85e17e94bb99475208a1473600792805c9a8295148d459cef241f3b59a79a82a1740543cfaa982ac427c79724047d3008c015b69e0ab6b75451443589a7d19d9958ae8f8920f30c71b115dabfe200086e7bd31465b013ae6bc271e34ca058b4a7c08037796850b0aeb3506491f0e5f55cce3c0fa9a9c83e2c8693f9353479071bf0dfd4aad02c91dd7c4acbf33afad30b330deab19c3b5388caf1a491273d278277bd4d8f2d3179963089606143517b39c5b88ec4fb608644790223017f2cd54971522be97ab9675092aafb96b8eb704ac9819f18800fa97e2458333859451e6809004824b6380b02d62c1e8ec0f4c0998e770a673fa79376ed840979be1a84e5a8a4565b108a8344afd9f2fbba8e89b8954115e45911b997f79714c2b4486e57fe9d1a3a6124b47a3a80936534092f1cf941fb165ffca4064c8b0a23973f1dbe1cd919059e18df219f18e8df619c54cafe13f76a138cc93f8003abb62f73e39cc070523106fba4149429ba98fcf569308ae4960749bcb464d3e76b9b6db5606f05d9c9d9682fec155392ca4859e1bfe9d6aaae9c1a6f30f052c36a9c118721eed8a24df80fe305ac592fe3bdd64aa1e360abe90f0f302dde2d22ab4d5386e54a746d751e79ed321b7e23a19a370df448ce015f33c1c64ba2c9e3a9b0580c61dc91302348afaaaea59a04fe7c2b764b1f6711e300c66b314739a5c1b9c11eff674722f6b9e37c57eef3c4b83f2429bd7d356d01667985a69137c30f421bfc561338f342594ac625262becf6172dadcf7a793fc5ce863568b35b37610663d01417c256e0e9a99875d3d7505dad6d7b35ef5cc73225bb0535cf0deee987de0794a2e2d76fb10e98bd4353f373a358afd08e1f5584df86a3ead833df8352237fa6ed45ceb440af6480ec3c7b1b6018adce3084cc77d4801f744d69991c7219f78b18885623df8f26e0e20"})
close(r5)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000000c0)={0x10, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0e634c4000"/16], 0x0, 0x0, &(0x7f0000000080)})
preadv(r4, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/51, 0x33}, {&(0x7f0000000240)=""/248, 0xf8}], 0x2, 0x1ff, 0x200)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:14 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:14 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$NBD_SET_SOCK(r4, 0xab00, 0xffffffffffffffff)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

[ 1934.948906] binder: 9235:9237 unknown command 0
[ 1934.958398] binder: 9235:9237 ioctl c0306201 20000200 returned -22
[ 1934.977959] binder: 9235:9237 unknown command 0
[ 1934.985281] binder: 9235:9237 ioctl c0306201 20000200 returned -22
[ 1935.042859] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.048621] binder: 9243:9248 ioctl 40046207 0 returned -16
[ 1935.056476] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.063913] binder: 9246:9249 ioctl 40046207 0 returned -16
[ 1935.071206] binder: 9247:9250 unknown command 0
[ 1935.072842] binder: 9246:9249 unknown command 0
[ 1935.080779] binder: 9246:9249 ioctl c0306201 20000200 returned -22
[ 1935.084516] binder: 9242:9244 unknown command 0
[ 1935.092350] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.092367] binder: 9246:9249 ioctl 40046207 0 returned -16
[ 1935.106119] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.112178] binder: 9243:9248 unknown command 0
[ 1935.114456] binder: 9189:9191 ioctl 40046207 0 returned -16
[ 1935.118594] binder: 9247:9250 ioctl c0306201 20000200 returned -22
[ 1935.133279] binder: 9247:9253 unknown command 0
20:22:14 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$NBD_SET_SOCK(r4, 0xab00, 0xffffffffffffffff)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

[ 1935.133294] binder: 9243:9248 ioctl c0306201 20000200 returned -22
[ 1935.141142] binder: 9247:9253 ioctl c0306201 20000200 returned -22
[ 1935.157293] binder: 9242:9255 ioctl c0306201 20000540 returned -14
[ 1935.174496] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1935.186059] binder_alloc: 9247: binder_alloc_buf size 158913789952 failed, no address space
[ 1935.197353] binder: 9242:9244 ioctl c0306201 20000200 returned -22
[ 1935.209134] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.215309] binder: 9257:9258 ioctl 40046207 0 returned -16
[ 1935.224871] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1935.225810] binder: BINDER_SET_CONTEXT_MGR already set
20:22:15 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mmap$binder(&(0x7f00001e7000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x7)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
open_by_handle_at(r5, &(0x7f00000003c0)=@ocfs2={0xc, 0x1, {0x81, 0x6, 0x7fff}}, 0x88000)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000380)={0x70, 0x0, &(0x7f0000000400)=[@acquire_done={0x40106309, 0x2}, @enter_looper, @enter_looper, @acquire={0x40046305, 0x1}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, &(0x7f0000000040)=""/130, 0x82, 0x2, 0x9}, @fda={0x66646185, 0x4, 0x2, 0x15}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/198, 0xc6, 0x1, 0x1c}}, &(0x7f0000000300)={0x0, 0x28, 0x48}}, 0x40}], 0x78, 0x0, &(0x7f0000000480)="fea211ca1ef932fbad39cf717fe812890ef01e70cc90db05e65e15dece7349171578990a873dc0ca12d223ac7e36bac1de7535ea3d0d4a2aaed900c890b5f063329cfcc331c7d0ced420fb6952d0f4a43113dc93d8aaabc78d575ef39c880546fb420e5a2c4e566cba3c3cc9b09e758b2267a35ba528cc1e"})

[ 1935.244737] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.251025] binder: 9257:9258 unknown command 0
[ 1935.264370] binder: 9243:9248 ioctl 40046207 0 returned -16
[ 1935.264409] binder: 9243:9256 unknown command 0
[ 1935.277531] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1935.284368] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.290104] binder: 9242:9262 ioctl 40046207 0 returned -16
[ 1935.290414] binder: 9257:9258 ioctl c0306201 20000200 returned -22
[ 1935.299783] binder: 9242:9244 ioctl 40046207 0 returned -16
[ 1935.307219] binder: 9247:9253 unknown command 0
[ 1935.309010] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.319069] binder: 9247:9253 ioctl c0306201 20000200 returned -22
[ 1935.330581] binder: 9242:9268 unknown command 0
[ 1935.332074] binder: 9247:9250 ioctl 40046207 0 returned -16
[ 1935.339406] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.342101] binder: 9243:9256 ioctl c0306201 20000200 returned -22
[ 1935.350810] binder: 9257:9266 ioctl 40046207 0 returned -16
[ 1935.358346] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.366816] binder: 9242:9268 ioctl c0306201 20000200 returned -22
[ 1935.385103] binder: 9247:9269 ioctl 40046207 0 returned -16
20:22:15 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$NBD_SET_SOCK(r4, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

20:22:15 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x11, r3, 0x0)
mmap(&(0x7f00002db000/0x4000)=nil, 0x4000, 0x1, 0x40010, r3, 0x6293a000)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:15 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x600000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:15 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0xa000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1935.570503] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.584816] binder: BINDER_SET_CONTEXT_MGR already set
20:22:15 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = bpf$ITER_CREATE(0x21, &(0x7f0000000040)={r3}, 0x8)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1935.620524] binder: 9280:9284 ioctl 40046207 0 returned -16
[ 1935.627075] binder: 9280:9288 unknown command 0
[ 1935.634556] binder: 9281:9285 ioctl 40046207 0 returned -16
[ 1935.643525] binder: 9280:9288 ioctl c0306201 20000200 returned -22
[ 1935.655049] binder: 9281:9290 unknown command 0
[ 1935.662032] binder: 9286:9289 unknown command 0
[ 1935.667934] binder: 9286:9289 ioctl c0306201 20000200 returned -22
[ 1935.679697] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.679710] binder: 9281:9290 ioctl c0306201 20000200 returned -22
[ 1935.695781] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1935.722620] binder: 9281:9290 unknown command 0
[ 1935.723980] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.727608] binder: 9281:9290 ioctl c0306201 20000200 returned -22
[ 1935.743290] binder: 9286:9294 unknown command 0
[ 1935.757110] binder: 9280:9284 ioctl 40046207 0 returned -16
[ 1935.775355] binder: 9281:9285 ioctl 40046207 0 returned -16
[ 1935.782732] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1935.811512] binder_alloc: 9286: binder_alloc_buf size 158913789952 failed, no address space
[ 1935.822384] binder: 9286:9294 ioctl c0306201 20000200 returned -22
[ 1935.868773] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1935.929333] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.935683] binder: 9286:9294 unknown command 0
[ 1935.940912] binder: 9286:9294 ioctl c0306201 20000200 returned -22
[ 1935.947910] binder: 9286:9289 ioctl 40046207 0 returned -16
[ 1935.959757] binder: BINDER_SET_CONTEXT_MGR already set
[ 1935.982467] binder: 9286:9305 unknown command 0
[ 1935.987447] binder: 9286:9305 ioctl c0306201 20000200 returned -22
[ 1936.001519] binder: 9286:9300 ioctl 40046207 0 returned -16
[ 1936.169839] binder: 9276:9311 unknown command 0
[ 1936.201444] binder: 9276:9311 ioctl c0306201 20000200 returned -22
[ 1936.456843] binder: BINDER_SET_CONTEXT_MGR already set
[ 1936.568689] binder: 9276:9314 ioctl c0306201 20000380 returned -14
[ 1936.951444] binder: 9276:9313 ioctl 40046207 0 returned -16
[ 1936.957923] binder: 9276:9312 ioctl c0306201 20000200 returned -22
20:22:16 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:16 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b63007c12104b6146b2fc0c6300000e630c400000000000000000000000000763044000100000a05fb1fe42d7b76dc8b67c87b07d60e8f9135b1fbab6f079bc191d786cd2f3810e25bdb14e6951940294af40433dbb44c4c41b18b04a5036ea5710c799518075e86e8d100f5f1e5ef88e94eb2a3cdc49974f8908b3c4a4dd91c4e544db7c412f437ffd570046009f2a54f2ac8c2ac606dd4ecf619315064ff20434e7ab8053c975e663ea197239db280fcd"], 0x0, 0x0, 0x0})

20:22:16 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$NBD_SET_SOCK(r4, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

20:22:16 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x700000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:16 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1937.204913] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.211456] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.217521] binder: 9315:9320 unknown command 2080400139
[ 1937.217692] binder: 9318:9322 unknown command 0
[ 1937.228946] binder: 9317:9319 ioctl 40046207 0 returned -16
[ 1937.229905] binder: 9316:9321 ioctl 40046207 0 returned -16
[ 1937.243042] binder: 9318:9322 ioctl c0306201 20000200 returned -22
[ 1937.251023] binder: 9315:9320 ioctl c0306201 20000340 returned -22
[ 1937.258858] binder: 9317:9319 unknown command 0
[ 1937.267042] binder: 9316:9323 unknown command 0
[ 1937.269997] binder: 9317:9319 ioctl c0306201 20000200 returned -22
[ 1937.280924] binder: 9318:9322 unknown command 0
[ 1937.281840] binder: 9316:9323 ioctl c0306201 20000200 returned -22
[ 1937.293048] binder: 9318:9322 ioctl c0306201 20000200 returned -22
[ 1937.300572] binder: 9315:9325 unknown command 2080400139
[ 1937.308247] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1937.315216] binder: 9315:9325 ioctl c0306201 20000340 returned -22
[ 1937.323597] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.333020] binder_alloc: 9318: binder_alloc_buf size 158913789952 failed, no address space
[ 1937.338009] binder: 9317:9327 unknown command 0
[ 1937.348608] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.349423] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1937.357949] binder: 9317:9319 ioctl 40046207 0 returned -16
[ 1937.367675] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1937.369355] binder: 9316:9321 ioctl 40046207 0 returned -16
[ 1937.391463] binder: 9317:9327 ioctl c0306201 20000200 returned -22
[ 1937.408512] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.421284] binder: 9318:9326 unknown command 0
[ 1937.427968] binder: 9318:9326 ioctl c0306201 20000200 returned -22
[ 1937.437275] binder: 9318:9322 ioctl 40046207 0 returned -16
20:22:17 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa900, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x6000, &(0x7f0000001c40)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="17090000000000000000010000600500070000000014001f0000000000000000000000000000000000ff0100000000000006000200010000001400200000000000000000000000ffffac141400"/86], 0x5c}, 0x1, 0x6}, 0x0)
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r3, 0x7, &(0x7f0000000080)={0x1})
signalfd4(r3, &(0x7f0000000200)={[0x200]}, 0x8, 0x80000)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0x48, r2, 0x20, 0x70bd2b, 0x25dfdbff, {}, [@L2TP_ATTR_DEBUG={0x8}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x1}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x1}, @L2TP_ATTR_COOKIE={0xc, 0xf, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x20000010)
r4 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r5 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r6 = dup2(r5, r4)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r7, 0x0)
r8 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
mmap$binder(&(0x7f0000517000/0x2000)=nil, 0x2000, 0x1, 0x11, r8, 0xfffffffeffffffff)
preadv(r7, &(0x7f0000000280), 0x0, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:17 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:17 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r5 = dup(0xffffffffffffffff)
ioctl$NBD_SET_SOCK(r4, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1937.454944] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.466662] binder: 9318:9331 unknown command 0
[ 1937.473266] binder: 9318:9330 ioctl 40046207 0 returned -16
[ 1937.483749] binder: 9318:9331 ioctl c0306201 20000200 returned -22
20:22:17 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1937.546266] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.560488] binder: 9336:9337 ioctl 40046207 0 returned -16
[ 1937.580005] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1937.597214] binder: 9336:9337 unknown command 0
[ 1937.609554] binder: 9336:9337 ioctl c0306201 20000200 returned -22
[ 1937.616791] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.637567] binder: 9338:9342 ioctl 40046207 0 returned -16
[ 1937.649232] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.655684] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.5'.
[ 1937.675783] binder: 9336:9345 unknown command 0
[ 1937.676407] binder: 9341:9346 unknown command 0
[ 1937.685520] binder: 9338:9342 unknown command 0
[ 1937.685538] binder: 9338:9342 ioctl c0306201 20000200 returned -22
[ 1937.687749] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.705770] binder: 9336:9337 ioctl 40046207 0 returned -16
[ 1937.718650] binder: 9336:9345 ioctl c0306201 20000200 returned -22
[ 1937.729579] binder: 9341:9346 ioctl c0306201 20000200 returned -22
20:22:17 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r1 = dup2(r0, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000cf123e8f0ce7d1ed2fb5dd7f68ded4d7c188460c4f00000000000003000000000007a1279e5b2c313738b3382d3a09d071e65565485e594140a479b0cb20e73370514e66a7e949d28ac5cbd5eca7c5adf096004b6b785c23e9d8896965f897be331cfeea0358bb8c483d47074316d4dc7db2a7845d544bab5d2eef2bcf52c283f5817135"], 0x0, 0x0, 0x0})
r3 = socket$bt_hidp(0x1f, 0x3, 0x6)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
splice(r3, &(0x7f0000000080)=0x101, r4, &(0x7f00000000c0)=0xc8, 0x6, 0x2)

[ 1937.749940] binder: 9341:9352 unknown command 0
[ 1937.769392] binder: 9341:9352 ioctl c0306201 20000200 returned -22
[ 1937.787587] binder: 9338:9342 ioctl 40046207 0 returned -16
20:22:17 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4800000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1937.798386] binder_alloc: 9341: binder_alloc_buf size 158913789952 failed, no address space
[ 1937.820379] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1937.842635] binder: 9355:9356 unknown command 0
20:22:17 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1937.869152] binder: 9355:9356 ioctl c0306201 20000340 returned -22
[ 1937.885156] binder: 9341:9352 unknown command 0
[ 1937.890120] binder: 9341:9352 ioctl c0306201 20000200 returned -22
[ 1937.898377] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.908437] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.912990] binder: 9355:9356 unknown command 0
[ 1937.918995] binder: BINDER_SET_CONTEXT_MGR already set
[ 1937.925131] binder: 9341:9346 ioctl 40046207 0 returned -16
[ 1937.933588] binder: 9357:9359 ioctl 40046207 0 returned -16
[ 1937.942171] binder: 9341:9360 ioctl 40046207 0 returned -16
[ 1937.943198] binder: 9341:9361 unknown command 0
[ 1937.955116] binder: 9357:9359 unknown command 0
[ 1937.958413] binder: 9355:9356 ioctl c0306201 20000340 returned -22
[ 1937.979294] binder: 9357:9359 ioctl c0306201 20000200 returned -22
[ 1937.982020] binder: 9341:9361 ioctl c0306201 20000200 returned -22
[ 1937.993960] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.007513] binder: 9364:9367 ioctl 40046207 0 returned -16
[ 1938.016627] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.045663] binder: 9357:9368 unknown command 0
[ 1938.051024] binder: 9357:9359 ioctl 40046207 0 returned -16
[ 1938.060963] binder: 9357:9368 ioctl c0306201 20000200 returned -22
[ 1938.061214] binder: 9364:9367 unknown command 0
[ 1938.092402] binder: 9364:9367 ioctl c0306201 20000200 returned -22
[ 1938.115114] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.121037] binder: 9364:9367 ioctl 40046207 0 returned -16
[ 1938.188643] binder: 9378:9379 unknown command 0
[ 1938.209140] binder: 9378:9379 ioctl c0306201 20000200 returned -22
[ 1938.236834] binder: 9378:9379 unknown command 0
[ 1938.251726] binder: 9378:9379 ioctl c0306201 20000200 returned -22
20:22:18 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:18 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:18 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:18 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c00000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:18 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1938.269886] binder: 9378:9379 ioctl c0306201 20000380 returned -14
[ 1938.343742] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.350129] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.356359] binder: 9388:9389 ioctl 40046207 0 returned -16
[ 1938.364036] binder: 9387:9390 ioctl 40046207 0 returned -16
[ 1938.372604] binder: 9388:9389 unknown command 0
[ 1938.377097] binder: 9386:9392 unknown command 0
[ 1938.380242] binder: 9387:9390 unknown command 0
[ 1938.390555] binder: 9387:9390 ioctl c0306201 20000200 returned -22
[ 1938.395746] binder: 9386:9392 ioctl c0306201 20000200 returned -22
[ 1938.398937] binder: 9388:9389 ioctl c0306201 20000200 returned -22
[ 1938.422129] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.428816] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.439329] binder: 9388:9395 unknown command 0
20:22:18 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x60, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0})

[ 1938.446682] binder: 9388:9389 ioctl 40046207 0 returned -16
[ 1938.472755] binder: 9386:9392 unknown command 0
[ 1938.478200] binder: 9387:9390 ioctl 40046207 0 returned -16
[ 1938.486381] binder: 9388:9395 ioctl c0306201 20000200 returned -22
[ 1938.497728] binder: 9386:9392 ioctl c0306201 20000200 returned -22
[ 1938.518951] binder_alloc: 9386: binder_alloc_buf size 158913789952 failed, no address space
20:22:18 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

20:22:18 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6800000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1938.543830] binder: 9398:9402 unknown command 1
[ 1938.588703] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1938.600565] binder: 9398:9402 ioctl c0306201 20000340 returned -22
[ 1938.620511] binder: 9386:9394 unknown command 0
[ 1938.625992] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.629149] binder: 9386:9394 ioctl c0306201 20000200 returned -22
[ 1938.639235] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.640051] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.658670] binder: 9403:9405 ioctl 40046207 0 returned -16
[ 1938.659612] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.670163] binder: 9404:9409 ioctl 40046207 0 returned -16
[ 1938.672033] binder: 9386:9392 ioctl 40046207 0 returned -16
[ 1938.683063] binder: 9403:9413 unknown command 0
[ 1938.683904] binder: 9398:9412 unknown command 1
[ 1938.695496] binder: 9386:9408 unknown command 0
[ 1938.699453] binder: 9404:9414 unknown command 0
[ 1938.701783] binder: 9386:9394 ioctl 40046207 0 returned -16
[ 1938.711070] binder: 9403:9413 ioctl c0306201 20000200 returned -22
[ 1938.714326] binder: 9386:9408 ioctl c0306201 20000200 returned -22
[ 1938.728979] binder: 9404:9414 ioctl c0306201 20000200 returned -22
20:22:18 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="090000000c6300000e630c400000000000000000000000000763044000000000"], 0x0, 0x0, 0x0})

[ 1938.735492] binder: 9398:9412 ioctl c0306201 20000340 returned -22
[ 1938.747519] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.762742] binder: 9403:9405 ioctl 40046207 0 returned -16
20:22:18 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:18 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1938.818130] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.824009] binder: 9404:9409 ioctl 40046207 0 returned -16
[ 1938.824063] binder: 9404:9414 unknown command 0
[ 1938.879890] binder: 9416:9421 unknown command 9
[ 1938.891429] binder: 9404:9414 ioctl c0306201 20000200 returned -22
[ 1938.904541] binder: 9416:9421 ioctl c0306201 20000340 returned -22
20:22:18 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6c00000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1938.944353] binder: 9422:9425 unknown command 0
[ 1938.950610] binder: 9416:9429 unknown command 9
[ 1938.965823] binder: 9422:9425 ioctl c0306201 20000200 returned -22
[ 1938.965998] binder: BINDER_SET_CONTEXT_MGR already set
[ 1938.989241] binder: 9416:9429 ioctl c0306201 20000340 returned -22
[ 1938.995092] binder: 9423:9428 ioctl 40046207 0 returned -16
[ 1939.021218] binder: 9422:9425 unknown command 0
[ 1939.033219] binder: 9423:9428 unknown command 0
[ 1939.041500] binder: 9422:9425 ioctl c0306201 20000200 returned -22
[ 1939.045659] binder: 9423:9428 ioctl c0306201 20000200 returned -22
[ 1939.053871] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.070693] binder: 9430:9432 ioctl 40046207 0 returned -16
[ 1939.078555] binder_alloc: 9422: binder_alloc_buf size 158913789952 failed, no address space
[ 1939.108808] binder: 9430:9437 unknown command 0
[ 1939.111491] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1939.130953] binder: 9430:9437 ioctl c0306201 20000200 returned -22
[ 1939.138724] block nbd0: shutting down sockets
[ 1939.156217] binder: 9422:9431 unknown command 0
[ 1939.156738] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.162778] binder: 9422:9431 ioctl c0306201 20000200 returned -22
[ 1939.178358] binder_alloc_new_buf_locked: 8 callbacks suppressed
[ 1939.178367] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1939.206206] binder: 9422:9425 ioctl 40046207 0 returned -16
[ 1939.206269] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.226905] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.235600] binder: 9422:9431 ioctl 40046207 0 returned -16
[ 1939.236043] binder: 9430:9437 unknown command 0
[ 1939.251386] binder: 9430:9432 ioctl 40046207 0 returned -16
[ 1939.262456] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1939.268168] binder: 9430:9437 ioctl c0306201 20000200 returned -22
[ 1939.544615] binder: 9449:9450 unknown command 0
[ 1939.549634] binder: 9449:9450 ioctl c0306201 20000200 returned -22
[ 1939.569114] binder: 9449:9450 unknown command 0
[ 1939.578230] binder: 9449:9450 ioctl c0306201 20000200 returned -22
20:22:19 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xb0, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:19 executing program 5:
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x2)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300000c6300000e630c4000"/28], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000380)={0xb4, 0x0, &(0x7f0000000480)=[@register_looper, @acquire_done, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000200)={@flat=@weak_handle={0x77682a85, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f00000000c0)=""/43, 0x2b, 0x0, 0x30}, @ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/116, 0x74, 0x0, 0x14}}, &(0x7f0000000100)={0x0, 0x18, 0x40}}}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000400)={@fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/101, 0x65, 0x0, 0x1d}}, &(0x7f0000000300)={0x0, 0x18, 0x30}}, 0x400}, @register_looper], 0xe6, 0x0, &(0x7f0000000540)="4e1a74dfc1ccbe259ac201f04d3d62b0aef6f9b972e3dbb9619180cf9d561b08ac887e10923860e6574299f4ac36f87aa6abf23c519f238282e414592bfc9e8a508ddc1ec9edbf9d48e1db27d273b1e926b3cf32a03cad23329368dcb37de3315d38ada7b5520c0aae94b8a3bd9f33e10d09430fd98db59e0ae313ba0bf711a4d3ae14c4cd8f95b6590a3fe08a5ce566e6dcfb88592566e4992c66c8f7808adb2316f84decfc1a8dec9ff4a5bed79a0191da181c2e7264230c0924cbe32da13528bceef3b0ab73ed514b2d7deb9b7ed460a5975a50df748776e38d5269bcb3293e2089985533"})

20:22:19 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

20:22:19 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7400000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1939.589545] binder: 9449:9450 ioctl c0306201 20000380 returned -14
20:22:19 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1939.687159] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.694428] binder: 9454:9457 unknown command 0
[ 1939.703079] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.709355] binder: 9451:9456 unknown command 0
[ 1939.714451] binder: 9453:9458 ioctl 40046207 0 returned -16
[ 1939.720356] binder: 9451:9456 ioctl c0306201 20000340 returned -22
[ 1939.720457] binder: 9454:9457 ioctl c0306201 20000200 returned -22
[ 1939.731728] binder: 9452:9460 ioctl 40046207 0 returned -16
[ 1939.747757] binder: 9453:9458 unknown command 0
[ 1939.762447] binder: 9452:9460 unknown command 0
[ 1939.764345] binder: 9454:9461 unknown command 0
[ 1939.771877] binder: 9452:9460 ioctl c0306201 20000200 returned -22
[ 1939.784736] binder: 9451:9456 unknown command 0
[ 1939.785106] binder: 9454:9461 ioctl c0306201 20000200 returned -22
[ 1939.791640] binder: 9451:9456 ioctl c0306201 20000340 returned -22
[ 1939.798412] binder: 9453:9458 ioctl c0306201 20000200 returned -22
[ 1939.812193] block nbd0: shutting down sockets
[ 1939.813747] binder_alloc: 9454: binder_alloc_buf size 158913789952 failed, no address space
20:22:19 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1939.833078] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1939.839802] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1939.859916] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.870368] binder: 9453:9464 unknown command 0
[ 1939.879100] binder: 9453:9464 ioctl c0306201 20000200 returned -22
20:22:19 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl(0xffffffffffffffff, 0x105, &(0x7f0000000040)="8b33bf573598e2c328b309163b7a5f6bba6f0712df1e2fe045548eb00195579d9fb411174443b5575d737788b30a35c5f7fc29b8eb0000c484dd53920baa5a1eacd37a32e63560d0a85abcc0aadb6e5b394f7a7d088199234db793be148606b7")
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1939.886436] binder: 9453:9458 ioctl 40046207 0 returned -16
[ 1939.897773] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.915093] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1939.917824] binder: 9454:9461 unknown command 0
[ 1939.928247] binder: 9454:9457 ioctl 40046207 0 returned -16
[ 1939.938709] binder: 9454:9461 ioctl c0306201 20000200 returned -22
[ 1939.952245] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.958450] binder: BINDER_SET_CONTEXT_MGR already set
[ 1939.975567] binder: 9454:9457 ioctl 40046207 0 returned -16
[ 1939.975794] binder: 9454:9468 unknown command 0
20:22:19 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7a00000000000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1939.983120] binder: 9467:9470 ioctl 40046207 0 returned -16
[ 1939.996953] binder: 9454:9468 ioctl c0306201 20000200 returned -22
[ 1940.009996] binder: 9467:9475 unknown command 0
[ 1940.031791] binder: 9467:9475 ioctl c0306201 20000200 returned -22
20:22:19 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
dup2(r0, 0xffffffffffffffff)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
r2 = perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8000, 0x101)
unshare(0x70000)
r3 = gettid()
ptrace(0x4206, r3)
perf_event_open(&(0x7f0000001480)={0x3, 0x80, 0x1f, 0x5, 0x40, 0x7, 0x0, 0x4, 0x8, 0xc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x8, 0x2, @perf_config_ext={0xfffffffffffff801, 0x95}, 0x14000, 0xffffffff, 0x80000001, 0x3, 0x9, 0x49, 0xe4e, 0x0, 0x5, 0x0, 0x3932}, r3, 0xe, r2, 0x2)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x3)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
preadv(r5, &(0x7f0000001440)=[{&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/90, 0x5a}, {&(0x7f0000000000)=""/43, 0x2b}, {&(0x7f0000001300)=""/66, 0x42}, {&(0x7f0000001380)=""/180, 0xb4}], 0x5, 0x5, 0x9)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCGPROP(r6, 0x40047438, &(0x7f0000000180)=""/246)
preadv(r6, &(0x7f0000001c40)=[{&(0x7f0000001800)=""/244, 0xf4}], 0x1, 0x0, 0x0)
lseek(r5, 0x8, 0x4)
unshare(0x8000100)

20:22:19 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1940.095754] block nbd0: shutting down sockets
20:22:19 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1940.132137] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.149862] binder: 9477:9481 ioctl 40046207 0 returned -16
[ 1940.172907] binder: 9477:9481 unknown command 0
[ 1940.189183] binder: 9482:9486 unknown command 0
[ 1940.192432] binder: 9477:9481 ioctl c0306201 20000200 returned -22
[ 1940.199915] binder: 9482:9486 ioctl c0306201 20000200 returned -22
[ 1940.234434] binder: 9482:9486 unknown command 0
[ 1940.241881] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.242995] binder: 9482:9486 ioctl c0306201 20000200 returned -22
[ 1940.254879] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1940.263389] binder: 9477:9489 unknown command 0
[ 1940.268369] binder: 9477:9489 ioctl c0306201 20000200 returned -22
[ 1940.278687] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.278927] binder: 9487:9490 ioctl 40046207 0 returned -16
[ 1940.285874] binder_alloc: 9482: binder_alloc_buf size 158913789952 failed, no address space
[ 1940.298885] binder: 9477:9481 ioctl 40046207 0 returned -16
[ 1940.305551] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1940.305848] binder: 9487:9496 unknown command 0
[ 1940.320637] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.326427] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1940.332524] binder: 9482:9486 ioctl 40046207 0 returned -16
[ 1940.340316] binder: 9482:9495 unknown command 0
[ 1940.346442] binder: 9482:9495 ioctl c0306201 20000200 returned -22
[ 1940.354572] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.362817] binder: 9482:9486 unknown command 0
[ 1940.367796] binder: 9482:9497 ioctl 40046207 0 returned -16
[ 1940.375649] binder: 9482:9486 ioctl c0306201 20000200 returned -22
20:22:20 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffff7f00000000}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1940.376996] binder: 9487:9496 ioctl c0306201 20000200 returned -22
[ 1940.391773] block nbd0: shutting down sockets
[ 1940.424946] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.430635] binder: 9499:9500 ioctl 40046207 0 returned -16
[ 1940.439685] binder: 9499:9500 unknown command 0
[ 1940.446118] binder: 9499:9500 ioctl c0306201 20000200 returned -22
[ 1940.457438] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1940.466246] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.475562] binder: 9499:9502 unknown command 0
[ 1940.480586] binder: 9499:9500 ioctl 40046207 0 returned -16
[ 1940.489990] binder: 9499:9502 ioctl c0306201 20000200 returned -22
[ 1940.498060] binder_alloc: 27169: binder_alloc_buf, no vma
20:22:20 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xb0, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:20 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:20 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

20:22:20 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x25, 0x0, &(0x7f0000000700)="f3"})

[ 1940.642531] binder: 9485:9511 unknown command 0
[ 1940.647648] binder: 9485:9511 ioctl c0306201 20000200 returned -22
[ 1940.665116] binder: 9485:9511 unknown command 0
[ 1940.670035] binder: 9485:9511 ioctl c0306201 20000200 returned -22
[ 1940.738727] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.744435] binder: 9515:9516 ioctl 40046207 0 returned -16
[ 1940.753321] binder: 9515:9516 unknown command 0
[ 1940.758162] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.764592] binder: 9514:9518 ioctl 40046207 0 returned -16
[ 1940.770758] binder: 9512:9517 unknown command 0
[ 1940.770987] binder: 9515:9516 ioctl c0306201 20000200 returned -22
[ 1940.780704] binder: 9512:9517 ioctl c0306201 20000200 returned -22
[ 1940.806179] binder: 9514:9518 unknown command 0
[ 1940.812408] block nbd0: shutting down sockets
[ 1940.826054] binder: 9514:9518 ioctl c0306201 20000200 returned -22
20:22:20 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1940.838248] binder: 9512:9521 unknown command 0
[ 1940.851117] binder: 9512:9521 ioctl c0306201 20000200 returned -22
[ 1940.868028] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1940.881214] binder_alloc: 9512: binder_alloc_buf size 158913789952 failed, no address space
[ 1940.894364] binder: 9514:9525 unknown command 0
[ 1940.899225] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1940.900635] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.914741] binder: 9514:9525 ioctl c0306201 20000200 returned -22
[ 1940.925411] binder: 9512:9521 unknown command 0
[ 1940.930853] binder: 9512:9521 ioctl c0306201 20000200 returned -22
[ 1940.938171] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.946353] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.952683] binder: 9512:9531 ioctl 40046207 0 returned -16
[ 1940.952996] binder: BINDER_SET_CONTEXT_MGR already set
[ 1940.963142] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1940.970116] binder: 9514:9518 ioctl 40046207 0 returned -16
20:22:20 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(r2, &(0x7f0000000040)='/proc/self/exe\x00', 0x3d3ec1, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="fc6300000c6300000e630c4000000001000000000000000007630440000000002b50d58394ef9a4ea9a12e12e1bf76721b71d981e7eb46b92c5419b04588a8cf607ad8ce"], 0x0, 0x0, 0x0})

[ 1941.001140] binder: 9527:9530 ioctl 40046207 0 returned -16
[ 1941.009712] binder: 9527:9536 unknown command 0
[ 1941.014536] binder: 9512:9517 ioctl 40046207 0 returned -16
[ 1941.020885] binder: 9512:9532 unknown command 0
[ 1941.026324] binder: 9512:9532 ioctl c0306201 20000200 returned -22
20:22:20 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x3d, 0x0, &(0x7f0000000700)="f3"})

[ 1941.059296] binder: 9527:9536 ioctl c0306201 20000200 returned -22
20:22:20 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1941.103161] block nbd0: shutting down sockets
[ 1941.133431] binder: 9537:9542 unknown command 25596
[ 1941.152093] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.167939] binder: 9539:9543 ioctl 40046207 0 returned -16
[ 1941.184399] binder: 9544:9546 unknown command 0
[ 1941.199228] binder: 9539:9543 unknown command 0
[ 1941.210960] binder: 9544:9546 ioctl c0306201 20000200 returned -22
[ 1941.228133] binder: 9539:9543 ioctl c0306201 20000200 returned -22
[ 1941.246412] binder: 9537:9542 ioctl c0306201 20000340 returned -22
[ 1941.255739] binder: 9544:9546 unknown command 0
[ 1941.272491] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.276727] binder: 9537:9553 unknown command 25596
[ 1941.284572] binder: 9544:9546 ioctl c0306201 20000200 returned -22
20:22:21 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1941.294809] binder: 9537:9553 ioctl c0306201 20000340 returned -22
[ 1941.300513] binder: 9539:9543 ioctl 40046207 0 returned -16
[ 1941.307324] binder: 9539:9549 unknown command 0
[ 1941.312574] binder_alloc: 9544: binder_alloc_buf size 158913789952 failed, no address space
[ 1941.312696] binder: 9539:9549 ioctl c0306201 20000200 returned -22
[ 1941.357407] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1941.391747] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.401454] binder: 9544:9546 ioctl 40046207 0 returned -16
[ 1941.401588] binder: 9544:9548 unknown command 0
[ 1941.413079] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.413153] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.434252] binder: 9558:9561 ioctl 40046207 0 returned -16
[ 1941.447994] binder: 9544:9548 ioctl c0306201 20000200 returned -22
20:22:21 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x300, 0x0, &(0x7f0000000700)="f3"})

[ 1941.456986] binder: 9544:9563 unknown command 0
[ 1941.463304] binder: 9544:9563 ioctl c0306201 20000200 returned -22
[ 1941.470238] binder: 9544:9562 ioctl 40046207 0 returned -16
[ 1941.480838] binder: 9558:9561 unknown command 0
[ 1941.490623] binder: 9558:9561 ioctl c0306201 20000200 returned -22
20:22:21 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1941.561759] block nbd0: shutting down sockets
[ 1941.585712] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.598218] binder: 9569:9572 ioctl 40046207 0 returned -16
[ 1941.610283] binder: 9571:9573 unknown command 0
[ 1941.629935] binder: 9569:9572 unknown command 0
20:22:21 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f00000002c0), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r0, 0x942e, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x7, &(0x7f0000000080)={0x1})
accept4$inet(r4, &(0x7f0000000040)={0x2, 0x0, @multicast1}, &(0x7f0000000080)=0x10, 0x80800)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x50, 0x0, &(0x7f0000000200)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000180)={@flat=@weak_handle={0x77682a85, 0x184de7c0c6378dd6}, @flat=@binder={0x73622a85, 0x10a, 0x3}, @fda={0x66646185, 0x2, 0x2, 0x9}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}}, @free_buffer], 0xeb, 0x0, &(0x7f0000000400)="1e5e2bc03ba8390d6d8ffeb4e7f42b12de8915a02a7510f8a23370a3e0c359cb4bafefb642c84630d172658d27668c5a3ba666921ec8aff9cd0100c70e82d32d2b669eca594cf5fbadf5e4219843f1fa1de8262bc9a952317a17a6ddf9b21a538d096660bd1a981c0b66fa817c5bac4f0db42d429e48ba5f1070d148e9cc2c716d7d6eb75c4278a7b150171a1a5c9834e2db08d819bef4daa8c7e39e27759b6d01c3598b5725633a9df887aa3f326c7944f6bed0ca92a2868f501455237450feebafc30c38962a4385a5b806b5732d0d073b6772c7ba3c37b60e921380ef448ecb4e8deaf26910a9db7f9a"})
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x32fc57744635d63b)
sendmsg$nl_route(r5, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)=@RTM_NEWNSID={0x24, 0x58, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NETNSA_FD={0x8, 0x3, r3}, @NETNSA_FD={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x2000c881}, 0x4)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000180)={0x1})
close(r6)
openat$cgroup_ro(r6, &(0x7f0000000140)='cpuset.effective_cpus\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1941.639156] binder: 9571:9573 ioctl c0306201 20000200 returned -22
[ 1941.655247] binder: 9569:9572 ioctl c0306201 20000200 returned -22
[ 1941.677448] binder: 9571:9573 unknown command 0
[ 1941.693959] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.702044] binder: 9571:9573 ioctl c0306201 20000200 returned -22
[ 1941.703484] binder: 9576:9581 ioctl 942e 0 returned -22
[ 1941.721858] binder: 9569:9572 ioctl 40046207 0 returned -16
[ 1941.721898] binder: 9569:9579 unknown command 0
[ 1941.732976] binder_alloc: 9571: binder_alloc_buf size 158913789952 failed, no address space
[ 1941.745519] binder: 9519:9575 unknown command 0
[ 1941.749662] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1941.764373] binder: 9569:9579 ioctl c0306201 20000200 returned -22
[ 1941.769102] binder: 9519:9575 ioctl c0306201 20000200 returned -22
[ 1941.795332] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.806343] binder: 9571:9573 ioctl 40046207 0 returned -16
[ 1941.814260] binder: 9571:9577 unknown command 0
[ 1941.826473] binder: 9576:9586 ioctl 942e 0 returned -22
[ 1941.829329] binder: 9571:9577 ioctl c0306201 20000200 returned -22
[ 1941.840808] binder: BINDER_SET_CONTEXT_MGR already set
[ 1941.863009] binder: 9571:9588 unknown command 37
[ 1941.868029] binder: 9571:9587 ioctl 40046207 0 returned -16
[ 1941.882568] binder: 9519:9575 unknown command 0
[ 1941.888712] binder: 9571:9588 ioctl c0306201 20000200 returned -22
[ 1942.362334] binder: 9519:9575 ioctl c0306201 20000200 returned -22
20:22:22 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xb0, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:22 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r4 = dup(r3)
ioctl$NBD_SET_SOCK(r2, 0xab00, r4)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

20:22:22 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x72e00cd9, 0x0, &(0x7f0000000700)="f3"})

20:22:22 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x2)
r4 = getpid()
perf_event_open(&(0x7f00000002c0)={0x2, 0x80, 0x2, 0x0, 0xdf, 0x4, 0x0, 0xf14f, 0x11180, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x6000000, 0x0, @perf_config_ext={0x7, 0xffffffffffffffc1}, 0x121, 0x8, 0x1, 0x2, 0x4, 0x2, 0x1000, 0x0, 0x200}, r4, 0x4, r3, 0xb)
preadv(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/133, 0x85}, {&(0x7f0000000080)=""/4, 0x4}, {&(0x7f0000000240)=""/83, 0x53}], 0x3, 0x9, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:22 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:22 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
r5 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup(r2)
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r6, 0x7, &(0x7f0000000080)={0x1})
sendmsg(r6, &(0x7f0000000440)={&(0x7f0000000040)=@hci={0x1f, 0x0, 0x1}, 0x80, &(0x7f0000001a00)=[{&(0x7f0000000180)="0da02c99bb0799400b5eb9a8a8ba34e17e440a5f06266f3d23ceb3632ae5832a2eff3318e4976c245c09aec48544027db2e397b7a8771388ae8f7230dec155a99c5ef8f84d158b16e2d6f2941a11606e699ff1df81fab5a2e2bf2e09fb38dcaac985a87a7bf8705f98", 0x69}, {&(0x7f0000000240)="5b4f13433c7ddd57a243f8e2c861173ae3c92d82c359d022538b46d93f3c06d82cf4213be0ef70f2c7b212fdc1c4ab6557ce0ab5d42cbc5f77e67f7fbbf10f30185a259f8e492e199bf837961434c1bd27c7b3d01161415fe9455055560e14ba76f27e45788a385b7717015ebdde977670add5e0911a738a46d3214638609ab0367f3a52c22400e605074901d91e96ed49111bd0cc46bbf74df7d4acaacdf99c69df6116fb2b69c2b0ee8c84457aa7d4de9fc5", 0xb3}, {&(0x7f00000000c0)="aec05725c3beb91ef5ff18f16cb17532b6648015e782330762c6c1b3cb3c0d", 0x1f}, {&(0x7f0000000300)="ff4be764dd2db602c579212eb497a1ff614435475adcc44a439f78db62cccbbd556e718fa2dc9a4aa957b20139b38ba2", 0x30}, {&(0x7f0000000600)="f5a888ecc590eb53418c55d06f49b0ade217c63cea66a4f8169b4d7be252d6fa66343dcc3230179883f8e509ff13ef5bb4f082d87dda0e05cf2baf16469b126f38d382a615e9da8ad95f90ebcd77866135f75fce51d8fcf72f25b6e069cd353eb5dcab5bd7fe111d101b44bb9d06d04af346d06c10a6fb278603f6176c7d65dc131b7f0e57c566dd504dbb3570723b6dc2d021bb238dcd", 0x97}, {&(0x7f0000000380)="48a22ae31a981b6deabaa30a1662e737a951a176f6cd3cd4ab5acf01aa4834cec940c5ae9eea63a9d2597cf2", 0x2c}, {&(0x7f0000000880)="8b7c2c5e70eff0f19a38aae37869813cf882d4b0d0064b6ce5835d61cad8e22fcfe1315c06fa8441a514856c047881f7206d2bd1e3c5ac945d553fc42f2c82e1016dcb6f393dacf3fe564c710992690624240d78e65c395c728af71aabbc4e95749345c9f8ddeddd3d26d1e74390850122e9c58afac8913e741e8cd3b6b7b9cf55d429913f0c71088eeb360265fc1dc6563ce78e1070682a960f99b21b057fba88f5d834f5130e7df2e28387cc1f4dfdff8b36824f19cd0cb7f236c4deb1b1fcb3c0558e52fde598052aaf26b2ea056c9a7bd5d069a9d181f792dfe2eb409d57a96da78c6f346fef2a82a53195895cda717004c8b978558b1a6c21ca7cd78ad94f41538699d0e523c3448290fb2dc1245a8b623166b9f1c9103025f3f493394e82b37a22a7a4b2f63adf1fc7412cefdd5b38a3e24b927fc9bb4de8630cca906516ce2e83f7a68465b3535458b69cdef813b7d14c8520bfdffb601c0e25d5cf76c53e540dc4cdc1168a288cbc93cdea022d1692a70e2d2447ba01711587bc6ce8ceeda61af96b57331b0e68352b68b8f283e176f919d70119907ab1c6eeb83eaa1c26ab303fbd5280f0d2f9ff56131b1a0704d72a0af07a43babf15b49f64a245e3098a4971abcdbd8f8f6f10d2e380ddabc907f1a0c135b91aab4098013dc364fd85494d56cadec9e0c5e3b7dfe270c20d8ad775c1ade94c9a8559a342b299771f2d0d0b98046b9b5b877cc8c6a45e8dd066add1ec76e301a2d29b48f6d97d0fe08ffcd56dd37bc1ebcb54b3c03bdb659625dd5d3c40c020e1f4822adda3132687acda19d918cf5475151dea0d54fe5e2e5694dd21e2092e370dcf46c718d269743f15423b75125918a5449578a711c7f89aee25130f3aa799e88a579576fdb9e45e7398a1926eca5b406d758e09b38c55f9bf89e0a600b4885bd29862ae49b9604e51af36c5caff70ddecba5957bf62ce299f928d781ac50ae8eca5bba5a990ad4dcdd007f7cdb76a8ca759442466c52fa894851203e941db1b6325c78bb2d6b1d45b46fd12c9c3a550aea6951e031aa1e41459bdbff475d87978febc5e9cf8b8e5becc89d02bdc2f1e0d26c390b0990256af5d246611228d924b5a7978a0114e25f400ced20ee82c52f94e32fc46188bb660657e3f547254caad3ff35e9285d33eb14d91ac2feaa3862517b3397e85978b7593912ea3e9c097e09ac1982e4ea082dd2dad0705cd72ba9dcb73883d2df5d7717cfb2c3f228a3e993928b1f5947a72bc96cac5067486b8afcb83845458f28841be2b215c2a1744a37a3f1e6ec95b847cb630640bb307dcb3883441a65c70329bd6d0f6a5c6608deb119028cd85a1233663604f8ea4ee96a48073a6a8d6a740f4dbfe2c3f88b9dba22e15b10c35b2d6c28df16a36055044518f8e807e35b728ce741eff2c593e56179c5fd3c920414d155317103fe547d279cf11d879a4fc9010c9bd0313e59b45d2ac8b66d693a38da02108f223a0b2fda31d3df9554cdb551795c2038c28946cebfa8bf660439ed404b6305d08353837818c226321a010aab473fa7bf8ca70fd2a68ca4db19db2a5970e97fdcaff713c5fa73e2025feb44e53caa39108a89f0e0294a4f1971ebdf1acdf4f77ee2aeddff15a7404178cba58d0f9d78be6e76908e28d6f96abdb04cca21ad7fa75d13f352fb1ce3e7d9c20ef619e99399243c0d7237ba107ab1a9c8674d64ce24fbe6ba42263b9a2f0c61f904949739af6278c78ee3af6705f8c351ad8966e6df69bc827513037c83d622e7260a334f11ebf6023ddb33dd839de8408d80539e9fe9c372a1171f41e369849e1dfa3cb31d549cd34783574bb6927f1ca6018c08bbb7e72429e17d1f12b063b3712b224f234ffbb16236aa8f0d00721379c15a88bc73179431381198f110128b22dc17524d2e1afb0353eebbf5cd986ce773d43255728e97e23eef97ae7b4f46202bc74a8205792bc96d81fdf317424a94f219cb27a34fb995c3590eb0923d41d572b1ea4ea42f59b1fe5b8078aeaca6ba561a50775896e8f2095c6ed1b4367795f34497be4356920cff049fc8c1d1efd1d0fa59e0704fe5ea29604df34a0f10e0270038b04dafc05dd4b15ae376b39dc26130f7a0f7de03c4471be4ac8521476d903b7cb970edf6ca1914ea69298e6ab2890073fa5269c14ac11f5e334aa111fdfa8fbdfaf5e2a223ca19ac1a3d7bc80453ff35ad6c3e072b5ebdb1c911167e6a65e440013745a1471b4c8dd26dedcfec5031c5bf784440ca5b1eb2725872ff0abba14d4e5068891df7255e3b0534f3e0644d2b50a1ab4287f47176563596996973440570bf36dbb2bae54d00e8a4194830bae9849d35435dad4d2742b0dca3b3f112528db0fa1e693e82cf12ea7f7d9d3878927d9227a77284149d9a79a957edfa0dd9ed1e68798f8ebe3788bcee8fe87f731137b5572c8c70d116ffb416c72c7c1a0ae46a71201f247879cfdf1929eed52e7f2b6f1b9ee5f52502c3af1c309d5fe9ef6617886c2c9b3076a26cc1eb691b1fe2d9dd7430f1e6fd0cc42b2884849c1ca9a8366fdbf8f4d18a0fed13185f62b8a4b9d1b034c86f5438a88c36705cab9daea81633cceacab5c3ba9c72c407c15cb3a9bdc9cab44a97d064055503ca1f9f53b1a58a721c0e2892406aa9008f6e5a313711c309902d3908b7bfa342ee2d176a7fed74f2c5ef402818c5523caaf58bffcd67d360bd3fca080d649c25447a8fde29805e978a083c4a27c4d446650e79ced5a5452b467ad783ef3575a249a49ac5c0888d3afb51400a5b32e680dbb23c635c6bb65aa86f165ca2c7f30eabafca0516a0d1109a0e7ed43e41feabb9464731be242406f37833291bfd20ee9c90cf6d135ab8dd9d41759da17055d696b7b051480cf07a75890a123ad8d467eebdb2ce26306f71300686c5cea61b0a557ef60d19e82c4a056942c4c40f0df33f5f9b78f259920e0979ba37bf5c2a08e19da33e967619f803f6bf6248dbd3d054434e063497b483d3c934f0f9f270079cca9399b62b66c5433b5c6bece17c96fb0f1c553729b3f6d3a9d953463377a7a6ed52b4c6bdf4a04183a109492f43bca28f358d3713092a7c09cdac75eb24887586403f567dd118e2a8baaea2aac3df02165bb82f3e2e63227bc902891429560696cfeb676bdb153f7cd7964fe1cc50042fc7ad22833779059dbc174546e13b4f56995e924bf42ecdd725b1850ae5b29ccb98d4e2a8428d45864746139b6abe2715333d0f4af22b51a1df10175ad833c0a491ad7fb0768ff923b082cf1958cce761ceea737d5cebf2011d7689e56d47767f89da778b184b7e7dd30293ed38ecd86ddec6d81df887f33e8c8de6cb9cb768cb7d19461ed24693447d61cf1ac74cfb742617d3a8c8a67ad0c5f91c1276f4a3b9743bd016076fca14c56c490ff9dbf9b3b3d626e75e7c5637e271ef8ca3d453348bfadafa7adf7b07475b95bbf34b7dff42ef4af0ddbd7503da21a1cafefea814e9f1e4d0ffed271b4afb094bab433d6c5782c9e247ce906b7480b22c6717832df14fd8ec6ea0f47fa4e06b922e6745802f9504f5e3f4a8cf95b98be17c35a5df34c2def0e38e26fa215d8659514ab1169a7e8a37d399081d0a267b993db452b1daf3c59c85fd8c91bc2a42fdebb3f5fd07ee19260b2eef1f80634ac228046cb166e59b449de6fa60e54bb87881268dcda1380e9b920bb3a196ff0fb4cbc58d97dae21190eb85c978cc2e0e3c92337f192cc516369957df9d66a84aa382a5faae324c483319f8acf1a6949f372cdc7399b68e23fc600cc90ce9996b4703392b952ca63fc8f567f6107f91de0985956206731270f4f28ed63a799037799c579ebbf577770f84a186a9f4d41411c28bc94bbe902d5ba63328837727ec85e2a65259c18eac8de91b7869cecab439d41df4d5e2c7fdcd8ca0249588ee1faf5ec0f67b1d56a80e206ffe667c0ba4a069e1bbe61e9b30a009d626e198c3f84a3863611ccec9aca89af604d11f934aa4ff444b22ad326f90a1b56a54280c1c1f4defe3cdaa2a71409f10bcab36c5ba3bfd776b060009319f735bce10226a56ae2b2df226a283e04128d791fae7ba8a7a72f2dab0d4ea3d03bc4d379898d388e67052d810c69c859cb6927b902025c1a3606a17c998b5c9a52f1c09ca78208a0c7e934c0d643e193c47ee8aac1f8d76a433eba6fa5c04c43840e89672ae566d7ac0ee60ef1fb931534b85d3439c38aafec687cbb4d3c9204fa60f825ca310f69b1666453d778eb634bb6057edefc037e651ec5a062fe875fb0a3f535aebae47680e374270d0bdc278ad07a77bf11e9a12faccb0496a585775cb9573d8981dc6939f1206a5e7f37c209d30e161dca21f938d65dfb89f98abf4773b518951d1cfa1bc72624c72862ece31a6351f44939e3a8683700352bf20554537d04254b2a72661a346afc8defa151daa45ef6da8c3a7e8ec349c952ccbb3da20e49c116343c82ec5a4b5b49a76b2f148def3c2dbd1649a765feffedfb280bba5a1fbf36ae7f9a7dd1b8eaf240a578c197cef0630a90b32fc60fd3572c9ab47fb80219b2f424269b17371ec7da5afce1a6152a0ac82ffae40078da425ffcaab1b1339fbd6ec2da4c1360df11c0c4a4852f128e1425813779a0ffbbb9b8b2641847d31775b173b2f8d7186bc6fa16b53005fc2fcb9a7dd0d603db59341b2b5077332110c2898366a8988a5c0e157ec27424f78acac3f992f685db546155f1263b5c46899c927f249efbf91474c16951fef951044160ba3bfa15855047043ab7e664bbdfd6432ecfb7d0e8d6a0abd50c543ae4c5e095311082d99553af98f03eb348beeb365e2fc1b59f9035641d556a9df02043f6c18330c79f851e8142b28786bad06ffdefb1f547e33fa1a601041916850d8c1ada6e56112d31b87d0b37db34a299f595cded4392513038125b3e272d9f677dc2599b5354472486c197161ecf5b2fa36399303528650ce2a39b2b65d16ab436fcd7a4c97bc8aceb3bac12b56521d69596b5ed6b6c3976439d4d7c304cc208cbefdff4b16c677dd9b7097f253e972fe196a3478bb6e5f4d7ec494fe4adac6ce59a7275ebe363e6c7ee1210debb99ef2999347460f6495d543fc4a1a72bba3a438c1af79dea3e5ef79cd3710c4634a70ce9b7e19db02222902c6e8f0b315d23cdc97873db9abc678e5c18088e6392c366a249cf2231ec38158a72a1c44dca66880c3097061eb1298abf2364c920b5863e5ff0dc4a57eb67ad806e26cdebd7af19a9e0971a2c48196a93ac5658971bab59b78c40898b7b29bfa81f5d118093997482d04c7c07db1b8304cd99e13677617eb1fedc88aea0a36e2d2dc72aacbf975d617ae3d79b2764f9ddcba7e6c0f12aebe47b72219a33b39f2be124d34d3412399f27681c317b0dce6f3702fce94edcbbc0130690c9a48644b3120561cb54c23aaac59d2b8c2fc03736e9f40196e04c2a535d4dc1ff4343f887b2b6960dcd28034e1a6bed00f605160cf228b9eefed1b0f400cdef7502aa24f2b289a111426473a76687b7a18c7b57ac58bf073e536de6574cde1c74251875a3dadb7cb35a1c8e299bdbc6a80c40996a7c98dd209453021b8c54350217c69d4b297462c272bac79f192cd75fdc3caeb2bb250c31a7b7855dd8b04feb151eba1668b8ab937ce08befe89dc26320cfd957995d11593e7ecfd3b291011b97107fa0593736d157ba573f352fa32834bf24b0e0b44ee47c2e954c136f2bbbdbc80bfbe2e5bd6bcd7e44c553d283", 0x1000}, {&(0x7f00000006c0)="31aa63bc5976e729a7078d6bfa6e62b31f29ae5f2f9b50cb9f145b665bd8ee2a48dcc930d5bcfbf825d3dbfbc690981263d3624ec56b4a164801f826c88aac2f7fa49a671cb8e463bfb83b85d7277739a2638923747cf7cac08fe9b23957f3dc612e72d7c8394124fa16eef23e9d966368a1fc3c6cb4aa390858cc38c1805aed0787b4b89616a283b6c39efcd20f0561805e0b23c4975bd7e01d122a3e74600f6270bd35ba976a7ea37f80b7ddf9826d681d41c75769547481fdd1b44b0c52a37ad21ff71c3d57e382d4be0bceae9b365a4bf95dabdbc0c68bff6ab8b0b34422d0a2052258ec579519471c80", 0xec}, {&(0x7f0000001880)="e13f93d7ad9f259395d876e42d9c73d4465bb7513b7dd9162635d005dd5dff788c955008753cec105bac78530972d589e5b7ecc28f96a7fccf7d9df1e415fb7b5c5875a4f4dc945458599fb6b296edf491ef2e7b480fb79535fbc4741ac1fc3d4b5b60c86db550ca1e03e72058b7533545a8da66850cc359b28bd496797cddde37907333d3a31dfc7bcfbfb4197e6e", 0x8f}, {&(0x7f0000001940)="5195fdd24d00d48d65a58e3805c45375b93e4ac6643fa5d2d12e8cfcc8141c6d7386c512c3690bcbe1ea029f401e850114fa5f47fdfbde260a0638586975d91ac1dc4805aad73acccddced297124c74755ad9caa7659e50c1eb084b3dbef35a1d6e4d67e3f2fc2e21754a0bbc779e26df91668e5caa61e343374f3e064cc3d94fbb8e4df46dd19f3b0263319b1928f5dc470fdcefabaa1151d6e", 0x9a}], 0xa, &(0x7f0000001ac0)=[{0xf0, 0x6, 0x0, "2e5e0954240ae608861124f961ee61530fb3cd950c49baa00d382af2d959c3e9a56c0fe26d71b6ff8cd21438b4dd35dafa4f96f8698ee86ff6be1c22e49c7a722590531ac71906546f573995215d8ef8c7e63bf1526a08261459a408909e15224eaabb7ba91781c0a1fda05a691c6449d6858c6e19e43443f70f215a03abc7ff5d0d5706b37401b780f796fb42098d2a9bb594245a921d80b374ecc2998821f5f414fd45d5eecdde7a16fd49fdb0e3df9399069e6e845e2c4ffb0e44b24cfa10a8ab1a8294b93c7094adf9a86ed91610e0f44192151bd7db532b2fd1ff50494a"}, {0x48, 0x3a, 0xffffff2e, "bb5e17c465723f6b550d617cbb8c3a25dd3c76d4283c76dcb4289ddd8c59f58e42f6e09917ba08692cb6ab8b347ce5b8837b9b2b"}], 0x138}, 0x4011)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})
r7 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0xd8, 0x0, &(0x7f0000000480)=[@request_death, @register_looper, @increfs_done={0x40106308, 0x1}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000240)={@fda={0x66646185, 0x6, 0xfdfdffff00000000, 0x7}, @ptr={0x70742a85, 0x1, &(0x7f00000001c0)=""/124, 0x7c, 0x1, 0x1b}, @flat=@binder={0x73622a85, 0xbe9cbbd1e344fe76, 0x3}}, &(0x7f0000000040)={0x0, 0x20, 0x48}}, 0x1000}, @acquire_done, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000003c0)={@fd, @fd, @ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/194, 0xc2, 0x2, 0x14}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @free_buffer={0x40086303, r7}], 0xe1, 0x0, &(0x7f0000000580)="1bf3ba046e33b72a2cd85d2e1b8ae94db8e3a2c5d3edfbc6a905c0e71674cf0a8d8c7731a0a43d8b272dc3f57fef52d1e5d517330db3bb8b4e1718a2595f691a5120c48e05328029ff35837a9be3f3af824e2f049196a4bc284be0c062bc6e0498ee60fddfc4a79a1c57e7453cb6a35237c0a42112f4a40affdf72b3169563f789346ed617711b9c787f55121613b804f7841d2c395b3ff586f720371300f5d8a396e2984997dc37a5dde0d099b5f07330f36b50c292629ee1dfcb835f8e6ccb3daa88ae6e0dbb69b0ffb85bb11b6a3bf9bb7e415042ec74498d4cf1202e220e1b"})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001e00)={0x98, 0x0, &(0x7f0000001d40)=[@acquire={0x40046305, 0x3}, @increfs={0x40046304, 0x1ff}, @dead_binder_done, @free_buffer={0x40086303, r5}, @free_buffer={0x40086303, r7}, @increfs_done={0x40106308, 0x1}, @release={0x40046306, 0x1}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000001cc0)={@ptr={0x70742a85, 0x1, &(0x7f0000001c00)=""/172, 0xac, 0x0, 0x3a}, @flat=@binder={0x73622a85, 0xa}, @flat=@binder={0x73622a85, 0x100a, 0x3}}, &(0x7f0000000580)={0x0, 0x28, 0x40}}}, @register_looper], 0xb, 0x0, &(0x7f00000007c0)="bc035135880b069fcb3e76"})

[ 1942.920748] binder: BINDER_SET_CONTEXT_MGR already set
[ 1942.943196] binder: 9599:9604 ioctl 40046207 0 returned -16
[ 1942.958419] binder: 9599:9604 unknown command 0
[ 1942.964130] binder: 9603:9605 unknown command 0
[ 1942.969068] binder: 9603:9605 ioctl c0306201 20000200 returned -22
[ 1942.976750] binder: 9599:9604 ioctl c0306201 20000200 returned -22
[ 1942.986949] binder: BINDER_SET_CONTEXT_MGR already set
[ 1942.993476] binder: 9602:9606 unknown command 0
[ 1942.997758] binder: 9598:9607 ioctl 40046207 0 returned -16
[ 1943.000706] binder: 9602:9606 ioctl c0306201 20000200 returned -22
[ 1943.004789] binder: 9603:9605 unknown command 0
[ 1943.018565] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.027500] binder: 9598:9607 unknown command 0
[ 1943.033325] binder: 9599:9604 ioctl 40046207 0 returned -16
[ 1943.035044] binder: 9599:9611 unknown command 0
20:22:22 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r3, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x48, 0x0, &(0x7f0000000040)=[@increfs_done={0x40106308, 0x3}, @exit_looper, @acquire_done, @clear_death, @release={0x40046306, 0x2}, @enter_looper], 0x29, 0x0, &(0x7f00000000c0)="44393fdd0b4ce80fb67f5baacd919fec63b4f55fd23cacf1c637d5e2f6d7212e153b8e46b8286b6146"})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1943.046138] binder: 9603:9605 ioctl c0306201 20000200 returned -22
[ 1943.054288] binder: 9598:9607 ioctl c0306201 20000200 returned -22
[ 1943.061105] binder: 9602:9614 unknown command 0
[ 1943.071831] binder: 9599:9611 ioctl c0306201 20000200 returned -22
[ 1943.080263] binder: 9603:9615 ioctl c0306201 20000540 returned -14
[ 1943.081526] binder: 9602:9614 ioctl c0306201 20000200 returned -22
[ 1943.098681] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.104370] binder: 9603:9605 ioctl 40046207 0 returned -16
[ 1943.111001] binder: 9603:9615 unknown command 0
[ 1943.113035] binder_alloc: 9602: binder_alloc_buf size 158913789952 failed, no address space
[ 1943.118931] binder: 9603:9615 ioctl c0306201 20000200 returned -22
[ 1943.139903] binder: BINDER_SET_CONTEXT_MGR already set
20:22:22 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x72e00cdf, 0x0, &(0x7f0000000700)="f3"})

[ 1943.149351] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1943.153592] binder: 9603:9622 ioctl c0306201 20000540 returned -14
[ 1943.166452] block nbd0: shutting down sockets
[ 1943.179627] binder: 9603:9605 unknown command 0
[ 1943.192696] binder: 9603:9618 ioctl 40046207 0 returned -16
[ 1943.194983] binder: 9602:9614 unknown command 0
[ 1943.203935] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.212585] binder: 9603:9605 ioctl c0306201 20000200 returned -22
[ 1943.228221] binder: 9602:9614 ioctl c0306201 20000200 returned -22
[ 1943.239321] binder: 9602:9606 ioctl 40046207 0 returned -16
20:22:23 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r4 = dup(r3)
ioctl$NBD_SET_SOCK(r2, 0xab00, r4)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

[ 1943.245743] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.268437] binder: 9602:9624 unknown command 0
[ 1943.273868] binder: 9602:9624 ioctl c0306201 20000200 returned -22
[ 1943.280492] binder: 9602:9626 ioctl 40046207 0 returned -16
20:22:23 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0x60, 0x0, &(0x7f0000000180)=[@increfs_done={0x40106308, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000040)={@flat=@binder={0x73622a85, 0x100a, 0x3}, @fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x1001}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}, 0x40}], 0x44, 0x0, &(0x7f0000000200)="1741b2428e2d6bfbdb0a8b4253828171e0243952a42ce7f31cd5909e08f9f7c62fe9aec1b42e63b84f3ca64083e547e255d8553485c7ffc0bb3f67a3c46d90f3881239ea"})
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1943.306830] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.339520] binder: 9627:9633 ioctl 40046207 0 returned -16
20:22:23 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0xffffff7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1943.368646] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.369512] binder: 9627:9633 unknown command 0
[ 1943.408837] binder: 9631:9635 ioctl 40046207 0 returned -16
20:22:23 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x420240, 0x1)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f00000003c0)={'team0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendmmsg$sock(r7, &(0x7f0000001540), 0x0, 0x4000)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000001fc0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001f80)={&(0x7f0000002700)=ANY=[@ANYBLOB="54050000", @ANYRES16=0x0, @ANYBLOB="100029bd7000fbdbdf250c0000009400018014b7030000727370616e3000000000000000000008000300010000001400020069705f767469300000000000000000001400020065727370616e30000000000000000000140002007665010000006d6163767461700000001400020076657468315f766c616e000000000000080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="140002006c6f6cc5ac6a4bf5ca664854aeb141e16e0000000000000000000000000000380003803200050029b6657ee4d08a6ad499ff71d4f627e8b38c5b67761986a72d1e2b38e7502d172391fe11c4891ee1046fc41c7468000088010380600003800c0001800800010001000000500001800a0002002821282625000e006df9877a421200000400030008000100ff010000110002002f6465742f62696ee0459a4aa925ec4dee59d86f345d9f722300000000080001004000000008000100050000000800010003000000d4000500a7cedd2e8f62ea64b618603de306d21eb56a31ce40394505c79d658a1bc7a185ee0db5840ceb735c071277dbb0b8eaef22cfe61d4e07ff7994bc3d3f791c3de94703c9f39b202941dca6d8c5094d6945b78374c980e27931a6a92424b5917a675665640cafa1f09ae077f74c66e0f21a4a44cabe3e5ce29395c58919241e46f2f205fedf6c29f6630177c823bdd52e635ebe0930e9ec85335946f2298e748070b46c9410d9828bb6194956a67adcb42761efbb9cc2863a1294a31bbdc4d54cb1902a6133e00edfc96ca10a615e548173b26907e3929c4255ec7f08000200010400004400038040000180110002002f6465762f6201006465722300000000080001001f000000040003000800020025e64000110002002f6465762f626928ac", @ANYRES32=0x0, @ANYBLOB="14000200767863616e310000000000000000000014000200766c616e3000000000000000000000001400020076657468305f746f5f6272696467650008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100ff37926760f989ac0d620821a37d6ff82ae95a03c43cc75fff9c0d591a4e45aac44c43637d66988476adbaaa020d459a85c74415223718cf1008e1d82671cea3102bb40b6aaed6722c6dcbe66379a32c7000de5f6c4eb8b92439083dbe7206be95c1b78721157c167facc7b1824f08df512bac28d2291defab0bf26e1accbc26c593ad74c2c6fdf6041ae07a8c7e0a9b0d807eb866bd1422dd858fa66620c0efacb5fc062e46278834126224ad03d0f1934b17ce6d854de3b9ab9c4f5db83d8e1d98e10c99e6773c1a04f4db084b97a46b47be40aa521a9d1119ec5bea745a3982e154126158ae8093d101ab5afc", @ANYRES32=r6, @ANYBLOB="8401038008000200081200004c01038038000180040003000400030008000100040000000800010005910000080001000700000004000300080001000000008004000300040003002400018008000100d4c400000800010008000000080001000001000008000100fcffffff20000180110002002f6465762f62696e64657223000000000700020025290000200001800400030004000300040003000800010003000000080001000300000008000180040003007000018008000100030000000800010001000080110002002f6465762f62696e6465722300000000110002002f6465762f62696e6465722300000000110002002f6465762f62696e646572230000000004000300110002002f6465762f62696e6465722300000000060002003a00000024000180110002002f6465762f62696e64657223000000000800010003000000040003001000018009000200232a5e5b00000000290005001460e75df62d541a653dd54d375c6444958ae55efc26cd0ccacc98f612ef0432256ec179ba000000f8000380400004007e544ae78b093850226332d915e36c163367a0904d05254f27836625322f67bcf4f9f93d12e9ce12ecd44d10139f5564ae53a5acb63312de273f319bb20004009b8dd681b5aba46696693fdf80eeec45bbb4eb253dbe5a70be1f39c0900a8b9b6e954d43ef63e969704f599eb9fdbf12cf0ba65d7366d449bb302e39114813a23091f4a558f1e5815f8333cd2acb0b741db626e1f07dd2d057676724ca360bc06ed1dde12524f12f8302ccfc68d4ff6a95d3a0d908c7f0fb519953cd0286d83ac0a7aa7449f7d896fad549f940ad296df2d5a9310300885c85223f8cac0775de76af45092542a8a5bad50bb14efb0000"], 0x554}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r8 = accept$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={""/10, ""/2, @multicast2}}, &(0x7f0000000080)=0x1c)
preadv(r8, &(0x7f0000000780)=[{&(0x7f0000000180)=""/119, 0x77}, {&(0x7f0000000240)=""/134, 0x86}, {&(0x7f0000000440)=""/113, 0x71}, {&(0x7f0000000600)=""/161, 0xa1}, {&(0x7f00000006c0)=""/180, 0xb4}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/236, 0x111}, {&(0x7f00000000c0)=""/57, 0x39}], 0x8, 0x3, 0xac)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1943.410607] binder: 9627:9633 ioctl c0306201 20000200 returned -22
[ 1943.426692] binder: 9631:9641 unknown command 0
[ 1943.444765] binder: 9631:9641 ioctl c0306201 20000200 returned -22
[ 1943.476052] binder: 9627:9636 unknown command 0
[ 1943.486352] binder: 9627:9636 ioctl c0306201 20000200 returned -22
[ 1943.495094] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.509439] binder: 9639:9645 unknown command 0
[ 1943.512006] block nbd0: shutting down sockets
[ 1943.529056] binder: 9627:9633 ioctl 40046207 0 returned -16
[ 1943.539641] binder: 9639:9645 ioctl c0306201 20000200 returned -22
[ 1943.566804] binder: 9646:9649 unknown command 0
[ 1943.579269] binder: 9639:9645 unknown command 0
[ 1943.583394] binder: 9646:9649 ioctl c0306201 20000200 returned -22
[ 1943.600280] binder: 9639:9645 ioctl c0306201 20000200 returned -22
[ 1943.611149] binder: 9646:9649 unknown command 0
[ 1943.625495] binder_alloc: 9639: binder_alloc_buf size 158913789952 failed, no address space
[ 1943.625939] binder: 9646:9649 ioctl c0306201 20000200 returned -22
[ 1943.646773] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1943.650409] binder: 9646:9649 ioctl c0306201 20000540 returned -14
[ 1943.676872] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.687482] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.695342] binder: 9639:9650 unknown command 0
[ 1943.701117] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.708959] binder: 9639:9650 ioctl c0306201 20000200 returned -22
[ 1943.709075] binder: 9639:9656 unknown command 0
[ 1943.717022] binder: 9639:9645 ioctl 40046207 0 returned -16
[ 1943.734879] binder: 9646:9657 unknown command 0
[ 1943.738071] binder: 9639:9655 ioctl 40046207 0 returned -16
[ 1943.740607] binder: 9646:9649 ioctl 40046207 0 returned -16
[ 1943.754791] binder: 9639:9656 ioctl c0306201 20000200 returned -22
[ 1943.762064] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.763720] binder: 9646:9657 ioctl c0306201 20000200 returned -22
[ 1943.773750] binder: 9646:9660 ioctl 40046207 0 returned -16
[ 1943.780432] binder: 9646:9660 unknown command 0
[ 1943.792025] binder: 9646:9660 ioctl c0306201 20000200 returned -22
20:22:23 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r4 = dup(r3)
ioctl$NBD_SET_SOCK(r2, 0xab00, r4)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

20:22:23 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(r2, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0xd)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:23 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x2, &(0x7f0000000700)="f3"})

20:22:23 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:23 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda={0x66646185, 0x0, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:23 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(r1, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
chmod(&(0x7f0000000040)='./file0\x00', 0x54)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})
mmap(&(0x7f0000185000/0x4000)=nil, 0x4000, 0x2000002, 0x12, r2, 0x4d990000)

[ 1943.883928] binder: 9664:9668 unknown command 0
[ 1943.888658] binder: 9664:9668 ioctl c0306201 20000200 returned -22
[ 1943.900188] binder: 9664:9668 unknown command 0
[ 1943.906921] binder: 9664:9668 ioctl c0306201 20000200 returned -22
[ 1943.957671] binder: 9673:9676 unknown command 0
[ 1943.962967] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.968678] binder: 9674:9677 unknown command 0
[ 1943.968873] binder: 9672:9679 ioctl 40046207 0 returned -16
[ 1943.974730] binder: 9673:9676 ioctl c0306201 20000200 returned -22
[ 1943.987575] binder: BINDER_SET_CONTEXT_MGR already set
[ 1943.993827] binder: 9674:9677 ioctl c0306201 20000200 returned -22
[ 1943.994295] binder: 9672:9679 unknown command 0
[ 1944.002998] binder: 9678:9680 ioctl 40046207 0 returned -16
[ 1944.015446] binder: 9674:9677 ioctl c0306201 20000540 returned -14
[ 1944.018632] binder: 9672:9679 ioctl c0306201 20000200 returned -22
[ 1944.026759] binder: 9673:9676 unknown command 0
[ 1944.037263] binder: 9678:9680 unknown command 0
[ 1944.044391] binder: binder_mmap: 9674 20185000-20189000 bad vm_flags failed -1
20:22:23 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r3, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r4, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x100, 0x0, &(0x7f0000000400)=[@decrefs, @dead_binder_done, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000040)={@flat=@handle={0x73682a85, 0x10b, 0x1}, @ptr={0x70742a85, 0x0, 0xfffffffffffffffe, 0x0, 0x2, 0x3d}, @flat=@handle={0x73682a85, 0x1}}, &(0x7f00000000c0)={0x0, 0x18, 0x40}}, 0x400}, @register_looper, @increfs={0x40046304, 0x3}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000180)={@fda={0x66646185, 0xa, 0x2, 0x27}, @fd={0x66642a85, 0x0, r2}, @flat=@weak_handle={0x77682a85, 0x100}}, &(0x7f0000000200)={0x0, 0x20, 0x38}}, 0x40}, @register_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000240)={@flat=@handle={0x73682a85, 0x1, 0x2}, @fd={0x66642a85, 0x0, r4}, @flat=@weak_binder={0x77622a85, 0x100a, 0x1}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}}], 0x76, 0x0, &(0x7f0000000500)="83ef452b2d9df27a91072f4ffc0cdf71cad2e9e0f93351f1ff1271522ea87385ad2ae4cfdd8496fe91dde27d41ef0f9cb5da10ec46f295b84266e3a32be896dc64ccfbed3c848c131fcab8e48fc4211f2e8bae0facebd5a4656b524f061569d3b936972e42547f4a8adaad112cf9d683abd7292cde77"})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f00004da000/0x1000)=nil, 0x1000, 0x1800003, 0x12, r1, 0xb5f44000)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1944.052708] binder: 9673:9676 ioctl c0306201 20000200 returned -22
[ 1944.053749] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.059290] binder: 9678:9680 ioctl c0306201 20000200 returned -22
[ 1944.076989] binder_alloc: 9673: binder_alloc_buf size 158913789952 failed, no address space
[ 1944.077612] binder: 9672:9683 unknown command 0
[ 1944.098930] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.109564] binder: 9672:9679 ioctl 40046207 0 returned -16
[ 1944.118377] binder: 9672:9683 ioctl c0306201 20000200 returned -22
[ 1944.125678] binder: 9674:9677 ioctl 40046207 0 returned -16
[ 1944.131630] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.137595] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1944.146496] binder: 9674:9689 ioctl 40046207 0 returned -16
[ 1944.147861] binder: 9674:9688 unknown command 0
[ 1944.158750] binder: 9674:9688 ioctl c0306201 20000200 returned -22
[ 1944.162027] block nbd0: shutting down sockets
[ 1944.168420] binder: 9674:9689 ioctl c0306201 20000540 returned -14
[ 1944.192123] binder: 9673:9682 unknown command 0
[ 1944.197684] binder: 9673:9682 ioctl c0306201 20000200 returned -22
20:22:23 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1944.206954] binder: BINDER_SET_CONTEXT_MGR already set
20:22:24 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x3, &(0x7f0000000700)="f3"})

[ 1944.230738] binder: 9673:9676 ioctl 40046207 0 returned -16
[ 1944.239224] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.245565] binder: binder_mmap: 9690 204da000-204db000 bad vm_flags failed -1
[ 1944.250740] binder: 9673:9694 ioctl 40046207 0 returned -16
[ 1944.281788] binder: BINDER_SET_CONTEXT_MGR already set
20:22:24 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1944.307034] binder: 9697:9701 ioctl 40046207 0 returned -16
[ 1944.318983] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.334515] binder: 9700:9703 ioctl 40046207 0 returned -16
[ 1944.346284] binder: 9697:9701 unknown command 0
20:22:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000080), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r3, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r3, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r6 = openat(r5, &(0x7f0000000000)='./bus\x00', 0x34d202, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r6, 0x0)
preadv(r6, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1944.353869] binder: 9697:9701 ioctl c0306201 20000200 returned -22
[ 1944.363224] binder: 9700:9703 unknown command 0
[ 1944.373873] binder: 9700:9703 ioctl c0306201 20000200 returned -22
[ 1944.378637] binder: 9706:9709 unknown command 0
[ 1944.398640] binder: 9708:9710 unknown command 0
[ 1944.404762] binder_alloc_new_buf_locked: 10 callbacks suppressed
[ 1944.404770] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1944.405509] binder: 9706:9709 ioctl c0306201 20000200 returned -22
[ 1944.418088] binder: 9708:9710 ioctl c0306201 20000200 returned -22
[ 1944.436033] binder: 9706:9711 unknown command 0
[ 1944.442519] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.442613] block nbd0: shutting down sockets
[ 1944.466332] binder: 9706:9711 ioctl c0306201 20000200 returned -22
[ 1944.467424] binder: 9708:9710 unknown command 0
[ 1944.479339] binder: 9700:9713 unknown command 0
[ 1944.484913] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1944.490658] binder: 9700:9703 ioctl 40046207 0 returned -16
[ 1944.491520] binder_alloc: 9706: binder_alloc_buf size 158913789952 failed, no address space
[ 1944.504670] binder: 9700:9713 ioctl c0306201 20000200 returned -22
20:22:24 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r5 = dup(r4)
ioctl$NBD_SET_SOCK(r3, 0xab00, r5)
r6 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r6, 0xab04)

[ 1944.518184] binder: 9708:9714 ioctl c0306201 20000540 returned -14
[ 1944.533361] binder: 9708:9710 ioctl c0306201 20000200 returned -22
[ 1944.557699] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:24 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x4, &(0x7f0000000700)="f3"})

[ 1944.576809] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.583658] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.584830] binder: 9708:9710 ioctl 40046207 0 returned -16
[ 1944.589175] binder: 9708:9714 unknown command 0
[ 1944.601446] binder: 9708:9714 ioctl c0306201 20000200 returned -22
[ 1944.609827] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.610882] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.615718] binder: 9720:9721 ioctl 40046207 0 returned -16
[ 1944.635065] binder: 9708:9723 ioctl 40046207 0 returned -16
[ 1944.642312] binder: 9708:9714 unknown command 0
[ 1944.644409] binder: 9706:9711 unknown command 0
[ 1944.648458] binder: 9708:9714 ioctl c0306201 20000200 returned -22
[ 1944.652213] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.669564] binder: 9706:9709 ioctl 40046207 0 returned -16
20:22:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x58, 0x0, &(0x7f0000000040)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @increfs_done={0x40106308, 0x3}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1944.683378] binder: 9720:9721 unknown command 0
[ 1944.688088] binder: 9720:9721 ioctl c0306201 20000200 returned -22
[ 1944.701919] binder: 9706:9711 ioctl c0306201 20000200 returned -22
[ 1944.720669] binder: 9706:9718 ioctl 40046207 0 returned -16
[ 1944.726727] binder: 9706:9724 unknown command 0
[ 1944.726749] binder: 9706:9724 ioctl c0306201 20000200 returned -22
[ 1944.739520] binder: 9730:9734 unknown command 0
[ 1944.746683] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.753806] binder: 9729:9733 ioctl 40046207 0 returned -16
[ 1944.757300] binder: 9730:9734 ioctl c0306201 20000200 returned -22
[ 1944.768988] binder: 9729:9733 unknown command 0
20:22:24 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1944.781637] block nbd0: shutting down sockets
[ 1944.801880] binder: 9729:9733 ioctl c0306201 20000200 returned -22
[ 1944.807811] binder: 9730:9734 unknown command 0
[ 1944.818813] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1944.827950] binder: BINDER_SET_CONTEXT_MGR already set
20:22:24 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r4 = dup(r3)
ioctl$NBD_SET_SOCK(r2, 0xab00, r4)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

[ 1944.835990] binder: 9729:9736 unknown command 0
[ 1944.840866] binder: 9729:9733 ioctl 40046207 0 returned -16
[ 1944.841421] binder: 9730:9734 ioctl c0306201 20000200 returned -22
[ 1944.849602] binder: 9729:9736 ioctl c0306201 20000200 returned -22
[ 1944.863992] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1944.867559] binder: 9730:9740 ioctl c0306201 20000540 returned -14
[ 1944.873684] binder: 9739:9741 unknown command 0
[ 1944.893134] binder: 9739:9741 ioctl c0306201 20000200 returned -22
[ 1944.903193] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.919583] binder: 9743:9744 ioctl 40046207 0 returned -16
[ 1944.926911] binder: 9730:9740 unknown command 0
[ 1944.933833] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.936483] binder: 9739:9741 unknown command 0
[ 1944.950463] binder: 9730:9747 ioctl c0306201 20000540 returned -14
[ 1944.951013] binder: 9730:9740 ioctl c0306201 20000200 returned -22
[ 1944.961368] binder: 9739:9741 ioctl c0306201 20000200 returned -22
[ 1944.965530] binder: 9730:9734 ioctl 40046207 0 returned -16
[ 1944.970677] binder: BINDER_SET_CONTEXT_MGR already set
[ 1944.990458] block nbd0: shutting down sockets
[ 1944.992833] binder_alloc: 9739: binder_alloc_buf size 158913789952 failed, no address space
[ 1945.001181] binder: binder_mmap: 9690 204da000-204db000 bad vm_flags failed -1
[ 1945.019045] binder: 9730:9746 unknown command 0
[ 1945.030452] binder: 9730:9746 ioctl c0306201 20000200 returned -22
[ 1945.032085] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1945.040851] binder: 9730:9745 ioctl 40046207 0 returned -16
[ 1945.104569] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.110896] binder: 9739:9750 unknown command 0
[ 1945.124978] binder: 9739:9741 ioctl 40046207 0 returned -16
[ 1945.135944] binder: 9739:9750 ioctl c0306201 20000200 returned -22
20:22:24 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:24 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x5, &(0x7f0000000700)="f3"})

20:22:24 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r4 = dup(r3)
ioctl$NBD_SET_SOCK(r2, 0xab00, r4)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)

20:22:24 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000040)={0x0, 0x0, <r1=>0xffffffffffffffff})
r2 = mmap$binder(&(0x7f00005a3000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x2f7e)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000400)={0xe4, 0x0, &(0x7f0000000300)=[@decrefs={0x40046307, 0x3}, @increfs={0x40046304, 0x1}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r1}, @fda={0x66646185, 0x3, 0x1, 0x1}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}}, @register_looper, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@flat=@handle={0x73682a85, 0xb}, @flat=@weak_handle={0x77682a85, 0x100, 0x3}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/26, 0x1a, 0x0, 0x24}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x400}, @free_buffer={0x40086303, r2}, @dead_binder_done, @clear_death={0x400c630f, 0x1}, @clear_death={0x400c630f, 0x2}], 0xda, 0x0, &(0x7f0000000600)="91031cec4939f8d4338670737685fad845c86aaa09888350f080b8a29c0a4de10f20ae5371b40f9145825c80e01e3d19172491ba3ef2b1752ab3a208567294bdc6931759e833b2af91bd4d2b49f3cdedea701dc63939276b5418432aeab9211b72e39e6e413b20ac09a9e7af508cea00f8a949111172f06b5f21e56e88006d16744b4e41328206bc4fe4e72e202441301e8e77e9ede5d41ed3ebaef98add4e718e203baf5b00efb4a2fdd8046695aad018d9731bd1efb8f7bc236f752fd50fb41632e012d4c0611d8750ca25245cdb2e95b41093250a0bbda44b"})
r3 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r3, r0)
r4 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

20:22:24 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800002, 0x12, r3, 0x1000)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:25 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1945.164771] binder: 9754:9758 unknown command 0
[ 1945.169848] binder: 9754:9758 ioctl c0306201 20000200 returned -22
[ 1945.183340] binder: 9754:9758 unknown command 0
[ 1945.188186] binder: 9754:9758 ioctl c0306201 20000200 returned -22
[ 1945.197601] binder: 9754:9758 ioctl c0306201 20000380 returned -14
[ 1945.268494] binder: 9764:9767 unknown command 0
[ 1945.277946] binder: 9764:9767 ioctl c0306201 20000200 returned -22
[ 1945.287142] binder: 9765:9769 unknown command 0
[ 1945.292863] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.296823] binder: 9765:9769 ioctl c0306201 20000200 returned -22
[ 1945.307830] binder: BINDER_SET_CONTEXT_MGR already set
20:22:25 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x840, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r3 = dup2(r1, r0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x800)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1945.309667] binder: 9766:9771 ioctl 40046207 0 returned -16
[ 1945.317277] binder: 9763:9772 ioctl 40046207 0 returned -16
[ 1945.322994] binder: 9764:9767 unknown command 0
[ 1945.333803] binder: 9764:9767 ioctl c0306201 20000200 returned -22
[ 1945.335339] binder: 9765:9769 unknown command 0
[ 1945.358429] binder: 9763:9772 unknown command 0
[ 1945.366819] binder: 9765:9769 ioctl c0306201 20000200 returned -22
[ 1945.373942] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.376778] binder: 9763:9772 ioctl c0306201 20000200 returned -22
[ 1945.393047] binder: 9764:9767 ioctl 40046207 0 returned -16
[ 1945.398401] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1945.399053] binder_alloc: 9765: binder_alloc_buf size 158913789952 failed, no address space
[ 1945.409961] binder: BINDER_SET_CONTEXT_MGR already set
20:22:25 executing program 0:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1945.419579] block nbd0: shutting down sockets
[ 1945.434891] binder: 9764:9779 ioctl 40046207 0 returned -16
[ 1945.444468] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1945.452914] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.461955] binder: 9764:9774 unknown command 0
[ 1945.467432] binder: 9764:9774 ioctl c0306201 20000200 returned -22
[ 1945.476505] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.488953] binder: 9765:9769 ioctl 40046207 0 returned -16
[ 1945.488994] binder: 9765:9776 unknown command 0
[ 1945.501752] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.506403] binder: 9763:9782 unknown command 0
[ 1945.507694] binder: 9765:9787 unknown command 0
20:22:25 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r4, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
r5 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})
r6 = mmap$binder(&(0x7f0000101000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0xf8f4)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x34, 0x0, &(0x7f0000000040)=[@exit_looper, @free_buffer={0x40086303, r5}, @free_buffer={0x40086303, r6}, @dead_binder_done, @free_buffer={0x40086303, r5}], 0x91, 0x0, &(0x7f0000000240)="828cbb9ab61af033dbf8c40575c1e35e7c78baa9ab12b81cf4782fe3c5cd4fecdccb76b4fc7e90ec4f173d764c348da13890d70a9d12f3c402a2ba103b47c06b9cdec31f61d6377ca8930e088760e9d0174cf059076ae414b9ae984ebde45ba441bcaf985c3e43542463be528d783ac661917a3407f8da066a43c444008bffa0c04ff3208027bf42e3f2f3860be864836d"})

20:22:25 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x181800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0xec, 0x0, &(0x7f0000000580)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000080)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/213, 0xd5, 0x1, 0x30}, @flat=@binder={0x73622a85, 0x0, 0x3}, @fda={0x66646185, 0x9, 0x1, 0x28}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}}, @register_looper, @increfs_done={0x40106308, 0x3}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f00000002c0)={@flat=@weak_binder={0x77622a85, 0x2184, 0x1}, @fda={0x66646185, 0x1, 0x3, 0x2e}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000380)={0x0, 0x18, 0x38}}, 0x1000}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r0}, @flat=@binder={0x73622a85, 0x80}, @ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/131, 0x83, 0x2, 0x25}}, &(0x7f0000000540)={0x0, 0x18, 0x30}}}], 0x53, 0x0, &(0x7f0000000680)="27157c15636a0fc5a788e52a1750c3ede1e799a0da48b26c36f6425f758c21cf3a38c814cdf537277de7831817ec377f36824a17e52e6ecc3ad0b9a0be3ae6a1cf90065a58ac246172bbc72326ad38f415dfdd"})
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
dup2(r2, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)

[ 1945.513613] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1945.521592] binder: 9765:9776 ioctl c0306201 20000200 returned -22
[ 1945.523626] binder: 9763:9782 ioctl c0306201 20000200 returned -22
[ 1945.535179] binder: 9765:9786 ioctl 40046207 0 returned -16
[ 1945.540223] binder: 9763:9772 ioctl 40046207 0 returned -16
[ 1945.553133] binder: 9765:9787 ioctl c0306201 20000200 returned -22
[ 1945.613965] block nbd0: shutting down sockets
20:22:25 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:25 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x6, &(0x7f0000000700)="f3"})

[ 1945.645218] binder: 9792:9795 unknown command 0
[ 1945.673894] binder: 9792:9795 ioctl c0306201 20000200 returned -22
[ 1945.702397] binder: 9798:9801 unknown command 0
[ 1945.714351] binder: 9792:9795 unknown command 0
[ 1945.719295] binder: 9798:9801 ioctl c0306201 20000200 returned -22
[ 1945.725994] binder: 9792:9795 ioctl c0306201 20000200 returned -22
[ 1945.740621] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.744158] binder: 9798:9801 unknown command 0
[ 1945.751242] binder: 9800:9804 ioctl 40046207 0 returned -16
[ 1945.760264] binder: 9798:9801 ioctl c0306201 20000200 returned -22
[ 1945.762651] binder: 9800:9804 unknown command 0
[ 1945.770719] binder_alloc: 9798: binder_alloc_buf size 158913789952 failed, no address space
[ 1945.772464] binder: 9792:9802 ioctl c0306201 20000540 returned -14
[ 1945.784936] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1945.802110] binder: 9800:9804 ioctl c0306201 20000200 returned -22
[ 1945.807012] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.824812] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1945.830595] binder: 9798:9807 unknown command 0
[ 1945.836388] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.845302] binder: 9798:9801 ioctl 40046207 0 returned -16
[ 1945.847203] binder: BINDER_SET_CONTEXT_MGR already set
[ 1945.856663] binder: 9798:9807 ioctl c0306201 20000200 returned -22
[ 1945.859064] binder: 9800:9804 ioctl 40046207 0 returned -16
[ 1945.870890] binder: 9800:9809 unknown command 0
[ 1945.878370] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1945.879527] binder: 9798:9811 ioctl 40046207 0 returned -16
[ 1945.887458] binder: 9798:9810 unknown command 0
[ 1945.899073] binder: 9798:9810 ioctl c0306201 20000200 returned -22
[ 1945.906466] binder: 9800:9809 ioctl c0306201 20000200 returned -22
20:22:25 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)=[@acquire_done={0x40106309, 0x3}], 0xbd, 0x0, &(0x7f0000000180)="77dbd77fc8be2c4e0daa8a52cd52b944d0ab92472af0118433bbbb59cc42f5e253599874629bb2b68d3af0226197dbf1421b81d0d7a33a7deaede814c1c3384dfb9e89d5c6fe840ee73c432b5dfc1fc581e0ded1207931ece111f5c3b01bc735752e8dec3e922b980a6521713e27dea288f1597b8f507433a8b77d857a20ddd0855e36d4929f73d0e08b1c4675a3ddfb700b36b232d1941846dbc027db01deb6bcae941fbfdc8fc22ccaf521024e62af6b1a915926083d36cf71840ba3"})

20:22:25 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:25 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x7, &(0x7f0000000700)="f3"})

20:22:25 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:25 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1946.003140] binder: 9821:9822 unknown command 0
[ 1946.007907] binder: 9821:9822 ioctl c0306201 20000200 returned -22
[ 1946.019555] binder: 9821:9822 unknown command 0
[ 1946.037182] binder: 9821:9822 ioctl c0306201 20000200 returned -22
[ 1946.045940] binder: 9821:9822 ioctl c0306201 20000380 returned -14
[ 1946.108473] binder: 9828:9832 unknown command 0
[ 1946.113544] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.128301] binder: 9828:9832 ioctl c0306201 20000200 returned -22
[ 1946.137755] binder: 9827:9833 ioctl 40046207 0 returned -16
[ 1946.139745] binder: 9834:9836 unknown command 0
[ 1946.156404] block nbd0: shutting down sockets
[ 1946.157708] binder: 9827:9833 unknown command 0
[ 1946.168003] binder: 9828:9832 unknown command 0
[ 1946.174233] binder: 9828:9832 ioctl c0306201 20000200 returned -22
[ 1946.176019] binder: 9834:9836 ioctl c0306201 20000200 returned -22
[ 1946.183589] binder_alloc: 9828: binder_alloc_buf size 158913789952 failed, no address space
[ 1946.202378] binder: 9827:9833 ioctl c0306201 20000200 returned -22
20:22:25 executing program 0:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1946.203063] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1946.236321] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.243895] binder: 9828:9832 ioctl 40046207 0 returned -16
[ 1946.250346] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1946.253562] binder: 9828:9843 unknown command 0
[ 1946.260017] binder: 9827:9840 unknown command 0
[ 1946.264885] binder: 9828:9832 unknown command 0
[ 1946.265826] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.273857] binder_alloc: 9828: binder_alloc_buf size 158913789952 failed, no address space
[ 1946.282305] binder: 9827:9840 ioctl c0306201 20000200 returned -22
[ 1946.285338] binder: 9828:9843 ioctl c0306201 20000200 returned -22
[ 1946.301040] binder: 9828:9832 ioctl c0306201 20000200 returned -22
[ 1946.308179] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1946.314426] binder: 9827:9833 ioctl 40046207 0 returned -16
[ 1946.321206] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1946.332489] block nbd0: shutting down sockets
20:22:26 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1946.365001] binder: 9834:9839 unknown command 0
[ 1946.371835] binder: 9834:9839 ioctl c0306201 20000200 returned -22
[ 1946.383664] binder: 9834:9836 ioctl c0306201 20000380 returned -14
20:22:26 executing program 0:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1946.415307] binder: 9851:9852 unknown command 0
[ 1946.438016] binder: 9851:9852 ioctl c0306201 20000200 returned -22
[ 1946.458587] binder: 9851:9852 unknown command 0
[ 1946.464169] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.467143] binder: 9851:9852 ioctl c0306201 20000200 returned -22
[ 1946.470248] binder: 9792:9802 unknown command 0
[ 1946.481560] binder: 9792:9795 ioctl 40046207 0 returned -16
[ 1946.484207] binder_alloc: 9851: binder_alloc_buf size 158913789952 failed, no address space
[ 1946.488542] binder: 9792:9802 ioctl c0306201 20000200 returned -22
[ 1946.498194] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1946.514003] block nbd0: shutting down sockets
[ 1946.518798] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.528460] binder: 9792:9858 ioctl c0306201 20000540 returned -14
[ 1946.532486] binder: 9792:9857 ioctl 40046207 0 returned -16
[ 1946.540799] binder: 9792:9795 unknown command 0
[ 1946.546889] binder: 9792:9795 ioctl c0306201 20000200 returned -22
[ 1946.560219] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.576176] binder: 9851:9861 unknown command 0
[ 1946.582502] binder: 9851:9852 ioctl 40046207 0 returned -16
20:22:26 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x8, 0x0, &(0x7f0000000040)=[@acquire={0x40046305, 0x2}], 0x1d, 0x0, &(0x7f0000000080)="9293ade46c7f1292a0cd16b24b177465b7538646f26806e5ab70a14e15"})
dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0xfffffffffffffce0, 0x0, 0x0})

20:22:26 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x48, &(0x7f0000000700)="f3"})

20:22:26 executing program 0:
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1946.588824] binder: 9851:9861 ioctl c0306201 20000200 returned -22
[ 1946.598823] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.607485] binder: 9851:9863 unknown command 0
[ 1946.614043] binder: 9851:9862 ioctl 40046207 0 returned -16
[ 1946.623998] binder: 9851:9863 ioctl c0306201 20000200 returned -22
20:22:26 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1946.703480] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.723242] block nbd0: shutting down sockets
[ 1946.723779] binder: 9871:9876 unknown command 0
[ 1946.739946] binder: 9868:9870 ioctl 40046207 0 returned -16
[ 1946.758628] binder: 9868:9870 unknown command 0
[ 1946.759751] binder: 9875:9877 unknown command 0
[ 1946.768029] binder: 9871:9876 ioctl c0306201 20000200 returned -22
[ 1946.774542] binder: 9875:9877 ioctl c0306201 20000200 returned -22
[ 1946.789557] binder: 9868:9870 ioctl c0306201 20000200 returned -22
[ 1946.791829] binder: 9871:9880 unknown command 0
[ 1946.808589] binder: 9871:9880 ioctl c0306201 20000200 returned -22
[ 1946.816805] binder: 9875:9877 unknown command 0
[ 1946.816925] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.823520] binder: 9875:9877 ioctl c0306201 20000200 returned -22
[ 1946.840837] binder: 9868:9878 unknown command 0
[ 1946.846051] binder: 9868:9878 ioctl c0306201 20000200 returned -22
[ 1946.847826] binder: 9871:9876 ioctl c0306201 20000540 returned -14
[ 1946.864694] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.870122] binder: 9868:9870 ioctl 40046207 0 returned -16
[ 1946.875049] binder: 9871:9880 unknown command 0
[ 1946.880983] binder: 9871:9880 ioctl c0306201 20000200 returned -22
[ 1946.889078] binder: 9871:9876 ioctl 40046207 0 returned -16
[ 1946.896982] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.904172] binder: 9871:9886 unknown command 0
[ 1946.905368] binder: 9871:9887 ioctl c0306201 20000540 returned -14
[ 1946.917982] binder: 9875:9884 unknown command 0
[ 1946.923100] binder: 9875:9884 ioctl c0306201 20000200 returned -22
[ 1946.929728] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.936847] binder: 9871:9885 ioctl 40046207 0 returned -16
[ 1946.943406] binder: 9871:9886 ioctl c0306201 20000200 returned -22
[ 1946.950421] binder: 9875:9877 ioctl 40046207 0 returned -16
[ 1946.957881] binder: BINDER_SET_CONTEXT_MGR already set
[ 1946.967874] binder: 9875:9884 ioctl 40046207 0 returned -16
[ 1946.968099] binder: 9875:9888 unknown command 0
20:22:26 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:26 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:26 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x4c, &(0x7f0000000700)="f3"})

20:22:26 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80d00, 0x6, &(0x7f00000002c0)=[{&(0x7f0000010000)="200000000002000019000020600100000f2d0000000000000000000004000000000002000020000020000000ddf4655fddf4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000008000000d24200001203", 0x66, 0x400}, {&(0x7f00000000c0)="0000000000000000000000026856d49a00cc4371bd6a7c893f280045010040", 0x1f, 0x4e0}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000008500000005", 0x9, 0x800}, {&(0x7f0000000580)="ed41000000040000ddf4655fddf4655fddf4655f000000000000040020", 0x1d, 0x1500}, {&(0x7f0000011000)="8081000000180000cdf4655fddf4655fddf4655f00000000e5c7000008", 0x1d, 0x1600}], 0x81, &(0x7f00000001c0)=ANY=[])
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000002c0)={0x70, 0x0, &(0x7f0000000240)=[@decrefs={0x40046307, 0x2}, @clear_death={0x400c630f, 0x2}, @acquire, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000080)={@flat=@weak_binder={0x77622a85, 0x1}, @fda={0x66646185, 0x0, 0x2, 0x32}, @fda={0x66646185, 0x2, 0x1, 0x23}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}}, @release={0x40046306, 0x2}, @exit_looper], 0x11, 0x0, &(0x7f00000001c0)="1571722e91ca814833859cc6dc895b4007"})
ioctl$EVIOCGABS2F(r4, 0x8018456f, &(0x7f0000000880)=""/4096)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1947.008449] binder: 9875:9888 ioctl c0306201 20000200 returned -22
20:22:26 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:26 executing program 5:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10)
r1 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r3 = dup2(r2, r1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x42012, r4, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0x4)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
close(r5)
preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/122, 0x7a}, {&(0x7f0000000240)=""/117, 0x75}], 0x3, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000180)={0x1})
close(r6)
mmap$binder(&(0x7f0000372000/0x1000)=nil, 0x1000, 0x1, 0x11, r6, 0x2)
faccessat(r6, &(0x7f0000000080)='./file0\x00', 0x80)

[ 1947.062707] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.080695] binder: 9895:9898 ioctl 40046207 0 returned -16
[ 1947.088820] binder: 9896:9899 unknown command 0
20:22:26 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1947.118688] binder: 9895:9898 unknown command 0
[ 1947.121367] binder: 9896:9899 ioctl c0306201 20000200 returned -22
[ 1947.151110] binder: 9895:9898 ioctl c0306201 20000200 returned -22
[ 1947.164600] binder: 9896:9899 unknown command 0
[ 1947.174978] binder: 9902:9904 unknown command 0
[ 1947.175876] binder: 9895:9906 unknown command 0
[ 1947.180492] binder: 9896:9899 ioctl c0306201 20000200 returned -22
[ 1947.186108] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.200523] binder: 9902:9904 ioctl c0306201 20000200 returned -22
[ 1947.212439] binder: 9896:9899 ioctl c0306201 20000540 returned -14
[ 1947.213644] binder: 9895:9898 ioctl 40046207 0 returned -16
[ 1947.234281] binder: 9895:9906 ioctl c0306201 20000200 returned -22
[ 1947.236357] binder: 9902:9904 unknown command 0
[ 1947.250520] binder: BINDER_SET_CONTEXT_MGR already set
20:22:27 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r3, 0xc0046686, &(0x7f0000000080)={0x0, 0x25, "20767423a9a3f63a54defcb9fdda986395ef98d6e1caaf6020d0a6e066c0a237505001a198"})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1947.279665] binder: 9896:9899 ioctl 40046207 0 returned -16
[ 1947.279703] binder: 9896:9916 unknown command 0
[ 1947.292179] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.311509] binder: 9902:9904 ioctl c0306201 20000200 returned -22
20:22:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:27 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x68, &(0x7f0000000700)="f3"})

[ 1947.314957] audit: type=1804 audit(1623529347.070:326): pid=9919 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir059575007/syzkaller.gyXhLR/4143/bus" dev="sda1" ino=14545 res=1
[ 1947.343535] binder: 9896:9916 ioctl c0306201 20000200 returned -22
[ 1947.347217] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.350205] binder: 9896:9917 ioctl 40046207 0 returned -16
[ 1947.364247] binder: 9896:9899 unknown command 0
[ 1947.369318] binder: 9896:9918 ioctl c0306201 20000540 returned -14
[ 1947.389798] binder: 9896:9899 ioctl c0306201 20000200 returned -22
[ 1947.415902] binder: 9902:9920 unknown command 0
[ 1947.415907] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.420992] binder: 9902:9920 ioctl c0306201 20000200 returned -22
20:22:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:27 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x648000, 0x0)
mmap$binder(&(0x7f0000271000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
r3 = dup2(r1, r0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300000c6300002e63f4914fd7000000000000000000000763044000000000"], 0x0, 0x0, 0x0})

[ 1947.435045] binder: 9902:9904 ioctl 40046207 0 returned -16
[ 1947.457801] binder: 9902:9924 unknown command 0
[ 1947.457930] binder: 9902:9930 ioctl 40046207 0 returned -16
[ 1947.470166] binder: 9902:9924 ioctl c0306201 20000200 returned -22
[ 1947.479521] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.514988] binder: 9933:9936 ioctl 40046207 0 returned -16
[ 1947.535306] binder: 9933:9944 unknown command 0
[ 1947.541873] block nbd0: shutting down sockets
20:22:27 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000240), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f000064a000/0x4000)=nil, 0x4000, 0x3800009, 0x13, 0xffffffffffffffff, 0xbc5b8000)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000000c0)={0x1c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0d6300000f630c4028be02dc9d5581a70000000000000000000000630440230bff1ecc442e4c797dde40bded9d510100000000"], 0x30, 0x0, &(0x7f0000000080)="21f4eb8191cf756a4a949b26057be518d42160c7fc03bdf189a38c94d241a5a0ff7ec4389bd7d06612f3c22e2000f705"})
dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x2000, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x1010, r3, 0xc8b51000)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x26, &(0x7f0000000180)={0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="fbb2b306c194bb329eeee6e0d828dfd7d8920ec6ddff51d622fe26d28f195bfb0b7c7ac5063732b3696e1e4820ff40c548e0eb296e5a05ca7d110a7a2196ea9985ea99fccae9660962266672d598274d510f942d9ef0a55c5aa77893f58fc3b7fae7d674951ed98e11e118e73b61166083247416bfd2e7a2d161088161a61a8e10d28076c4ca361bbb96118290240e1948ab3192a01be1823530bf359e000000000000000000000000000036a7e66f2bc83dfe367332e302e0f33b2f781c2014f356ff04c0320d0715c800e5a7411a4333587f1d2505d561ad906382b5a78c5473c1068e3194f4cf725bccf1d3e6e801d470b4c15f778bfbf29a4066c5fbc790f2b0030019d5339842af8e33373c19313907a27089b7b044"], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1947.563967] binder: 9933:9944 ioctl c0306201 20000200 returned -22
[ 1947.615989] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.623006] binder: 9933:9936 ioctl 40046207 0 returned -16
[ 1947.625189] binder: 9933:9944 unknown command 0
[ 1947.649489] binder: 9947:9952 unknown command 0
[ 1947.650162] binder: 9933:9944 ioctl c0306201 20000200 returned -22
[ 1947.656310] binder: 9948:9951 unknown command -1846254802
[ 1947.666726] binder: 9947:9952 ioctl c0306201 20000200 returned -22
[ 1947.675010] binder: 9948:9951 ioctl c0306201 20000340 returned -22
[ 1947.703582] binder: 9947:9952 ioctl c0306201 20000540 returned -14
[ 1947.731980] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.738236] binder: 9947:9952 ioctl 40046207 0 returned -16
[ 1947.751926] binder: 9947:9958 unknown command 0
[ 1947.754128] binder: 9948:9957 unknown command -1846254802
[ 1947.757918] binder: 9947:9958 ioctl c0306201 20000200 returned -22
[ 1947.768067] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.775867] binder: 9948:9957 ioctl c0306201 20000340 returned -22
[ 1947.784120] binder: 9947:9960 ioctl 40046207 0 returned -16
[ 1947.784279] binder: 9947:9958 ioctl c0306201 20000540 returned -14
[ 1947.828019] binder: 9963:9965 unknown command 0
[ 1947.839970] binder: 9963:9965 ioctl c0306201 20000200 returned -22
[ 1947.858668] binder: 9963:9965 unknown command 0
[ 1947.864535] binder: 9963:9965 ioctl c0306201 20000200 returned -22
20:22:27 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xb0, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, 0x0}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:27 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:27 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x6c, &(0x7f0000000700)="f3"})

[ 1947.873265] binder: 9963:9965 ioctl c0306201 20000380 returned -14
20:22:27 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r2, r0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000340)}}], 0x0, 0x0, 0x0})

20:22:27 executing program 5:
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
bind$rxrpc(r0, &(0x7f0000000040)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e22, 0x0, @empty, 0x40}}, 0x24)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
close(r2)
r3 = mmap$binder(&(0x7f000078a000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x2)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x5c, 0x0, &(0x7f0000000180)=[@free_buffer={0x40086303, r3}, @register_looper, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x9, 0x1, 0x15}, @flat=@handle={0x73682a85, 0x1, 0x2}, @flat=@binder={0x73622a85, 0x100}}, &(0x7f0000000140)={0x0, 0x20, 0x38}}, 0x40}], 0x32, 0x0, &(0x7f0000000200)="4a480745f48ee603c8ad49350cbf28ffb17a95db5718811570c0f8307ba4a7be15d6d157c1f15a2a3029dc2591b2671a715e"})
r4 = dup2(r1, 0xffffffffffffffff)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000280)=0x5, 0x4)

[ 1947.949092] binder: BINDER_SET_CONTEXT_MGR already set
[ 1947.959254] binder: 9974:9980 unknown command 0
[ 1947.959745] binder: 9973:9976 ioctl 40046207 0 returned -16
[ 1947.964698] binder: 9972:9979 unknown command 0
[ 1947.977739] binder: 9974:9980 ioctl c0306201 20000200 returned -22
[ 1947.977985] binder: 9973:9976 unknown command 0
[ 1947.991993] block nbd0: shutting down sockets
[ 1947.996718] binder: 9973:9976 ioctl c0306201 20000200 returned -22
[ 1948.007967] binder: 9972:9979 ioctl c0306201 20000200 returned -22
[ 1948.027571] binder: 9974:9980 unknown command 0
[ 1948.029815] binder: 9972:9987 unknown command 0
[ 1948.043873] binder: BINDER_SET_CONTEXT_MGR already set
20:22:27 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1948.047224] binder: 9972:9987 ioctl c0306201 20000200 returned -22
[ 1948.056112] binder: 9974:9980 ioctl c0306201 20000200 returned -22
[ 1948.075713] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.086628] binder: 9973:9976 ioctl 40046207 0 returned -16
[ 1948.086777] binder: 9973:9988 unknown command 0
20:22:27 executing program 5:
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0xe0101)
sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2f6af4c4a2f54085}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x30, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x14, 0x18, {0x7, @bearer=@udp='udp:syz2\x00'}}}, ["", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
r1 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r3 = dup2(r2, r1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
fsetxattr$trusted_overlay_opaque(r5, &(0x7f0000000200), &(0x7f0000000240), 0x2, 0x2)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1948.100498] binder: 9974:9991 unknown command 0
[ 1948.110785] binder: 9974:9980 ioctl 40046207 0 returned -16
[ 1948.113720] binder: 9973:9988 ioctl c0306201 20000200 returned -22
[ 1948.117672] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.136343] binder: 9974:9991 ioctl c0306201 20000200 returned -22
20:22:27 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x74, &(0x7f0000000700)="f3"})

[ 1948.146733] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.152189] binder: 9974:9994 ioctl 40046207 0 returned -16
[ 1948.158459] binder: 9974:9992 unknown command 0
[ 1948.163605] binder: 9974:9992 ioctl c0306201 20000200 returned -22
[ 1948.164965] binder: 9972:9979 ioctl 40046207 0 returned -16
[ 1948.178349] binder: 9972:9987 unknown command 0
[ 1948.198842] binder: 9972:9987 ioctl c0306201 20000200 returned -22
[ 1948.201670] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.229227] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.237820] binder: 10006:10008 ioctl 40046207 0 returned -16
[ 1948.242398] binder: 9972:10004 unknown command 0
[ 1948.249988] block nbd0: shutting down sockets
[ 1948.252569] binder: 9972:10004 ioctl c0306201 20000200 returned -22
[ 1948.252657] binder: 9972:10003 ioctl 40046207 0 returned -16
[ 1948.267966] binder: 10006:10008 unknown command 0
20:22:28 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000180)={0x1})
close(r4)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x1e, 0x0, &(0x7f00000001c0)=[@enter_looper, @enter_looper, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r3}, @flat=@binder={0x73622a85, 0x0, 0x2}, @fd={0x66642a85, 0x0, r4}}, &(0x7f0000000180)}}, @clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0})

20:22:28 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:28 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1948.337978] binder: 10006:10008 ioctl c0306201 20000200 returned -22
[ 1948.384935] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.401883] binder: 10006:10013 unknown command 0
[ 1948.407211] binder: 10006:10013 ioctl c0306201 20000200 returned -22
[ 1948.415226] binder: 10006:10008 ioctl 40046207 0 returned -16
[ 1948.442388] block nbd0: shutting down sockets
[ 1948.631974] binder: 10029:10030 unknown command 0
[ 1948.634961] binder: 10031:10032 unknown command 0
[ 1948.642359] binder: 10029:10030 ioctl c0306201 20000200 returned -22
[ 1948.654403] binder: 10029:10030 unknown command 0
[ 1948.659721] binder: 10029:10030 ioctl c0306201 20000200 returned -22
[ 1948.668808] binder_alloc_new_buf_locked: 3 callbacks suppressed
[ 1948.668817] binder_alloc: 10029: binder_alloc_buf size 158913789952 failed, no address space
[ 1948.685508] binder_alloc_new_buf_locked: 3 callbacks suppressed
[ 1948.685543] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1948.707000] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.714245] binder: 10029:10030 ioctl 40046207 0 returned -16
[ 1948.720978] binder: 10029:10034 unknown command 0
[ 1948.727671] binder: 10029:10034 ioctl c0306201 20000200 returned -22
[ 1948.739158] binder: 10031:10033 unknown command 0
[ 1948.744921] binder: 10031:10032 ioctl c0306201 20000200 returned -22
[ 1948.752583] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.758605] binder: 10029:10034 unknown command 0
[ 1948.765099] binder: 10029:10034 ioctl c0306201 20000200 returned -22
[ 1948.772396] binder: 10029:10030 ioctl 40046207 0 returned -16
[ 1948.796894] binder: 10031:10033 ioctl c0306201 20000200 returned -22
20:22:28 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xb0, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, 0x0}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:28 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x7a, &(0x7f0000000700)="f3"})

20:22:28 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:28 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffffff, &(0x7f0000000540)='./file0/file0\x00', 0x402302, 0x100)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r0, 0x7, &(0x7f0000000080)={0x1, 0x2, 0x100005, 0x3})
ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205649, &(0x7f0000000d00)={0x9f0000, 0x1f44, 0x2, r2, 0x0, &(0x7f0000000cc0)={0x990a6c, 0x5, '\x00', @p_u8=&(0x7f0000000c80)=0x7}})
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_SIOCADDRT(r6, 0x890b, &(0x7f0000000c00)={0x0, @qipcrtr={0x2a, 0x1, 0xfffffffe}, @hci={0x1f, 0x2}, @llc={0x1a, 0x6, 0x1, 0x57, 0x8, 0x8, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x4, 0x0, 0x0, 0x0, 0x5, &(0x7f00000003c0)='team_slave_1\x00', 0x7, 0x100, 0x1})
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x54, 0x0, &(0x7f0000000b80)=[@register_looper, @enter_looper, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000ac0)=ANY=[@ANYBLOB="852a627701000000030000000000000000000000000000008561646600000000040000000000000000000000000000000c00000000000000852a646600000000", @ANYRES32=r5, @ANYBLOB="000000000001000000000000"], &(0x7f0000000b40)={0x0, 0x18, 0x38}}}, @decrefs], 0x0, 0x0, 0x0})
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000500)={&(0x7f0000000380)='./file0\x00', 0x0, 0x18}, 0x10)
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000000080)='./bus\x00', 0x40, 0x4, &(0x7f0000000e40)=[{&(0x7f0000000180)="735ce587ff6cd3c011b00bbc9fd1a080bb66f3c48277ec78995d83ca9809b7276289479c0cb578a97dd6661df26cfbfa8d69804bc9e151366351b83630fed8c85b1efd51c4502cd41a3fa5ae554c4fadb0d5b1965061f420942e1de5507ccd420985c5fda0a6a11d57b7ba0b1b463ce623e3f95d95c4c9df82362b3edc28585cad16ff366660161efff2", 0x8a, 0x1}, {&(0x7f0000000240)="f2db689c0086f4c35de3021fc41f41664d63f276ef346d5890a681090186117b1a3da04d0803912345a8e4dbf001be7aa1b9548ef42d49f89eb3b924961c03a846c3bebb8f5f6b2103aae968bac83977142acab5da115281a681c058cf9c245f1ef5c1ecea19848bbe2b6ff1dbf2209fe8861f0a4b0f39d5d395499bd5", 0x7d, 0x5}, {&(0x7f00000002c0)="7fcdf3c46311959519327307e735d10c0c281f6889af580c1c2f507c134c84d272587591ec9ee4934bb8b865a7a23e9bb11dbf66ec3aba205d0f6f35aeb8981f88a86eebf763fa24ad71d21195006514b273835684a863c5981d9231cb1afb0c6381e2c7f377e72838d93aa821b8c2f79090bc2efa595638", 0x78, 0x3ff}, {&(0x7f00000000c0)="8d84b588afaed62bdcedbeb545f69539dd5fff683abfd4931def20cad9d6018a3dc6de93c1a835", 0x27, 0x3}], 0x20000, &(0x7f0000000ec0)=ANY=[@ANYBLOB="08232c5f3464747b47ff07d8a901ff52f6eb06687fb1031cecf3f8d3e949567729f8d69e3fe0576c0b45b4e9e803322a4fcd0714718f3cae1cced10e73d1579508b483673475f8666a487267613314ee1718501b2741f201fce99ffdbcde3b1b53b4eea5a2d4a139a7733afc367bcb19cd838f9bbfdc75811072ad861aebd473b5934b374016991a4c2762ac8c5982439aba57f45042132bd253b73b40df0222efb7d09826f02aaae90f3ca584d1c8f1e666a81393b5949e60f7fe39dd22e4b231a720bed9aa77d9a5c3ddf4c7c9010b07cf97d096fbd4ae7073c44768233eacd7b9a5b3", @ANYRESHEX, @ANYBLOB="2c6d61736b3d4d41595f415050454e442c6d6561737572652c6673757569643d5a626639323864312d613339372d646533622d306662612d63396264323764372c61707072616973652c00b54800487cce9b34fb67c3189278af52029864e113d7135771be5d01b7ae7509baae732d42280c88a1a8c8de500d71d54cf7a769c51f172be8c915cbae726bdc411ef9a6c5b50a5f863c5a5b50ea4bb969bf5ff1eb54addb527d4e07566a8db5fb2d837f7903f9ac7a4c772414575b910659b64f640ffe4c37a377cbc1429f"])
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000d40)={{{@in=@dev, @in6=@dev}}, {{@in=@multicast2}, 0x0, @in=@private}}, &(0x7f0000000400)=0x6f519ab7)
syz_open_dev$binderN(&(0x7f0000000480), 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r2, 0xc0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=0xfff, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000880)={0x5, 0xf, 0x800, 0x20}, &(0x7f00000008c0)=0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)}}, 0x10)

20:22:28 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1948.909383] binder: BINDER_SET_CONTEXT_MGR already set
[ 1948.915709] binder: 10043:10045 unknown command 0
[ 1948.926782] binder: 10041:10044 ioctl 40046207 0 returned -16
[ 1948.935005] binder: 10043:10045 ioctl c0306201 20000200 returned -22
[ 1948.945585] binder: 10041:10044 unknown command 0
[ 1948.969323] binder: 10041:10044 ioctl c0306201 20000200 returned -22
[ 1948.972222] binder: 10043:10045 unknown command 0
[ 1948.978104] block nbd0: shutting down sockets
[ 1948.995535] binder: 10043:10045 ioctl c0306201 20000200 returned -22
[ 1949.012076] binder: BINDER_SET_CONTEXT_MGR already set
20:22:28 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:28 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mmap(&(0x7f0000187000/0x4000)=nil, 0x4000, 0x2000000, 0x4000010, r3, 0x1349b000)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x18, 0x0, &(0x7f0000000040)=[@register_looper, @enter_looper, @enter_looper, @dead_binder_done], 0x0, 0x0, 0x0})

[ 1949.030474] binder_alloc: 10043: binder_alloc_buf size 158913789952 failed, no address space
[ 1949.034698] binder: 10041:10052 unknown command 0
[ 1949.045727] binder: 10041:10044 ioctl 40046207 0 returned -16
[ 1949.070313] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1949.088048] binder: 10041:10052 ioctl c0306201 20000200 returned -22
[ 1949.123614] binder: BINDER_SET_CONTEXT_MGR already set
[ 1949.130398] binder: 10043:10045 ioctl 40046207 0 returned -16
[ 1949.138895] binder: 10043:10056 unknown command 0
20:22:28 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x300, &(0x7f0000000700)="f3"})

20:22:28 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x7ff00000, 0xf102, 0x7f, 0x80, 0x4d, 0x7ff], 0x7, 0x80800, 0x0, <r2=>0xffffffffffffffff})
open(&(0x7f0000000680)='./file0\x00', 0x480002, 0x18)
r3 = mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x20)
r4 = syz_open_dev$admmidi(&(0x7f00000000c0), 0x7, 0x2000)
r5 = open(&(0x7f0000000180)='./file0\x00', 0x20000, 0x28)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0xc0, 0x0, &(0x7f0000000580)=[@free_buffer={0x40086303, r3}, @enter_looper, @increfs={0x40046304, 0x3}, @increfs_done={0x40106308, 0xffffffff}, @register_looper, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x13, 0x0, 0x0, 0x50, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r4}, @fda={0x66646185, 0x6, 0x1, 0x3d}, @fd={0x66642a85, 0x0, r5}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000500)={@flat=@weak_binder={0x77622a85, 0xb, 0x2}, @ptr={0x70742a85, 0x1, &(0x7f0000000280)=""/85, 0x55, 0x0, 0x40}, @ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/241, 0xf1, 0x0, 0x25}}, &(0x7f0000000300)={0x0, 0x18, 0x40}}, 0x40}], 0x29, 0x0, &(0x7f0000000380)="7b7819196d5343ab4dc0fad1c993ebf1488cdc7dbbc31d45fc1894c600daf0fb1ba993eebd7f470b71"})
r6 = dup2(r1, r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1949.161925] binder: 10043:10056 ioctl c0306201 20000200 returned -22
[ 1949.169360] binder: BINDER_SET_CONTEXT_MGR already set
[ 1949.175702] block nbd0: shutting down sockets
20:22:29 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1949.214943] binder: 10043:10064 ioctl 40046207 0 returned -16
[ 1949.234087] binder: BINDER_SET_CONTEXT_MGR already set
[ 1949.253291] binder: 10067:10068 ioctl 40046207 0 returned -16
20:22:29 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1949.274511] binder: 10067:10068 unknown command 0
[ 1949.292103] binder: 10067:10068 ioctl c0306201 20000200 returned -22
20:22:29 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = socket$bt_cmtp(0x1f, 0x3, 0x5)
preadv(r4, &(0x7f0000000280), 0x0, 0xd9f, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000180)=""/234, 0xea}, {&(0x7f0000000400)=""/235, 0xeb}], 0x2, 0x401, 0xf9)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1949.324813] binder: BINDER_SET_CONTEXT_MGR already set
[ 1949.333478] binder: 10067:10075 unknown command 0
[ 1949.338443] binder: 10067:10068 ioctl 40046207 0 returned -16
[ 1949.346119] binder: 10067:10075 ioctl c0306201 20000200 returned -22
[ 1949.408404] binder: 10081:10082 unknown command 0
[ 1949.414166] binder: 10081:10082 ioctl c0306201 20000200 returned -22
[ 1949.447307] binder: 10081:10082 unknown command 0
[ 1949.467341] binder: 10081:10082 ioctl c0306201 20000200 returned -22
[ 1949.471926] block nbd0: shutting down sockets
[ 1949.498939] binder_alloc: 10081: binder_alloc_buf size 158913789952 failed, no address space
[ 1949.517378] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1949.556167] binder: BINDER_SET_CONTEXT_MGR already set
[ 1949.581938] binder: 10081:10082 ioctl 40046207 0 returned -16
[ 1949.582015] binder: 10081:10091 unknown command 0
[ 1949.593460] binder: BINDER_SET_CONTEXT_MGR already set
[ 1949.599219] binder: 10081:10093 unknown command 0
[ 1949.606290] binder: 10081:10092 ioctl 40046207 0 returned -16
[ 1949.616225] binder: 10081:10093 ioctl c0306201 20000200 returned -22
[ 1949.628634] binder: 10081:10091 ioctl c0306201 20000200 returned -22
[ 1949.629139] binder: 10096:10097 unknown command 0
[ 1949.647729] binder: 10096:10097 ioctl c0306201 20000200 returned -22
20:22:29 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0xb0, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, 0x0}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:29 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x500, &(0x7f0000000700)="f3"})

20:22:29 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
io_setup(0x4, &(0x7f00000004c0)=<r4=>0x0)
r5 = signalfd(0xffffffffffffffff, &(0x7f0000000100), 0x8)
io_submit(r4, 0x1, &(0x7f0000000600)=[&(0x7f0000000040)={0xfffffffffffffdef, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
r6 = socket$inet(0x2, 0x5, 0x51)
r7 = socket$bt_rfcomm(0x1f, 0x1, 0x3)
r8 = openat$vfio(0xffffffffffffff9c, &(0x7f00000004c0), 0x40180, 0x0)
io_submit(r4, 0x5, &(0x7f0000000640)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x6, 0x84, r6, &(0x7f0000000040)="5df2531e365833f7ea258d58e5d587cd9c133de71caed85eb6ff065b3d27309cd765392f42995892ca877f9c9923c172e95edb33c27f477e62ad8f6eff6b9fded490676fc5b5befab73116962da7ef9ced3857cddc8ba835d3c69873866355f782d5b0e3f50c732cf16df916cfe03b4810537a66b64620bef0057c446e6ce2b7226b0ddfc085e508a59c6bd16f4f7db38f8f6c9e9288ebe6341c8ccee61721f955c6", 0xa2, 0x6, 0x0, 0x3, r3}, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x7, 0xfeff, r7, &(0x7f00000001c0)="9c598958da4c4edf5b27c24c4ef39b4e9c3b571601a87c6551dcb6ce1639b892a1d6e613066f559a731fa8c190a6b55e613092c11f1e168282b1bbcf67b2c979f40d38083cd6bfaba8daf31ab6119a1cc2f6881fa51eaf3d2c42149c2d4755bee081f7d590312e8f6ced4062f3c2de1da8fbc8775e4667b707529bfc86b404b4289fd5795d795170fa20e1ea46a4725f88204d972e78b1782adb65293dfcb067609dfc385f67a487327faea9d8aeb24cfe2e7181eaacd79dbe7cd8cc7d4e7fad9ee91ef911436d42aa8daca4ee92f6a1af32943ad1bc1c251f1a656e", 0xdc, 0x10000}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x3, 0x0, r1, &(0x7f0000000300), 0x0, 0x7}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x6, 0x3, r0, &(0x7f0000000400)="e9d3fda66223d7db96968795c3689e92e2dee993de596d3f6da3796fb53ebebc10bc285b267847221cb5c900c8ed392bdc992680be6d3fafec2d05ab22d9e6b98d0c4b7dedcaad062c", 0x49, 0x1ff, 0x0, 0x3}, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x8, 0x8, r8, &(0x7f0000000500)="7729546b8a8c81c5b213617a2829cfb120e84683cca2fb5f8586c670120a0af462e4c5d72071da4afbd76b21e7eb06942c3e18d71a522bd2bed9f1b062959776aeee62aaf56f498c2175c7eecf15777e53451874f64c993208451dc6c88f5111885e853849b1b397e7c865eab968486299235fa04f1bdbeeab6cab4722ed5790fae0436353159f18c37bfe506a896fb1edd534b4f9f1433e99786b511675d7ee8a851f8ee8bb08e30e1de8c6db0b2f328f99abfddb800536a1fa7f7af5dd5d52799f0a689b19621232e0eca71aa952af401d969fb68313176526c93baa082eeebd3c7ce86355e140d171ee1a71c145ec9d", 0xf1, 0xffffffff00000000, 0x0, 0x2}])
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b6300c3cb000c2300000e630c4000000000000000002ef1a9ef076304400000"], 0x0, 0x0, 0x0})

20:22:29 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:29 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1949.720916] binder: 10096:10097 unknown command 0
[ 1949.733334] binder: 10096:10097 ioctl c0306201 20000200 returned -22
[ 1949.805569] binder: BINDER_SET_CONTEXT_MGR already set
[ 1949.830161] binder: 10102:10105 unknown command -1023384821
[ 1949.832289] binder: 10101:10103 ioctl 40046207 0 returned -16
[ 1949.842825] binder: 10102:10105 ioctl c0306201 20000340 returned -22
[ 1949.855814] block nbd0: shutting down sockets
[ 1949.860650] binder: 10101:10103 unknown command 0
[ 1949.866002] binder: 10100:10109 unknown command 0
[ 1949.875614] binder: 10101:10103 ioctl c0306201 20000200 returned -22
[ 1949.877601] binder: 10100:10109 ioctl c0306201 20000200 returned -22
[ 1949.896848] binder_alloc_new_buf_locked: 16 callbacks suppressed
20:22:29 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1949.896856] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1949.912829] binder: 10100:10109 unknown command 0
[ 1949.917953] binder: 10100:10109 ioctl c0306201 20000200 returned -22
[ 1949.936918] binder: BINDER_SET_CONTEXT_MGR already set
[ 1949.947212] binder: 10101:10113 unknown command 0
20:22:29 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
write$P9_RREADLINK(r1, &(0x7f00000001c0)={0xe, 0x17, 0x1, {0x5, './bus'}}, 0xe)
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000240)='./bus\x00', 0x8, 0x2, &(0x7f0000000380)=[{&(0x7f0000000280)="fe4e8e21350b88d6cf5a8a4d3ded7fbfa3ac053ab318bff79cedba962ae8ba318588c8", 0x23}, {&(0x7f00000002c0)="6c79e3c8aff281e5919203bbaabfcac3c9da1b2a9f7390ca779807970212a20d47d369a5911cf5b7f2583ca4c74f0de590f62cb261230a2663510716e380ed66417504258101d6c4840bc1603fc725d846272531532ff9dbaeb39c38902f53c92344a4", 0x63, 0x9}], 0x36106fa0cdcb01a0, &(0x7f0000001400)={[{@fat=@check_strict}, {@fat=@tz_utc}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@shortname_mixed}, {@rodir}], [{@fowner_gt={'fowner>', 0xee00}}, {@smackfstransmute={'smackfstransmute', 0x3d, '[\'$[*!t(*'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/binder#\x00'}}, {@smackfsroot}, {@euid_eq={'euid', 0x3d, 0xee01}}]})
fcntl$lock(r1, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x48, 0x0, &(0x7f0000000040)=[@acquire={0x40046305, 0x3}, @clear_death, @acquire={0x40046305, 0x3}, @decrefs={0x40046307, 0x1}, @increfs={0x40046304, 0x1}, @exit_looper, @acquire_done={0x40106309, 0x3}], 0x1000, 0x0, &(0x7f0000000400)="26a5b76f8d2cc7d520adc79a1902e723baee818995829527dae5c497fa90c14a1bdae2c4ea8a485623d18ea98e082d432a151dd4a1beb1c85a965d74454ea007a4da769246e68ad53317364ad0cd5b62d2856cfa60d2dcb4da51befeee49c36a6d08eca2468d34dbe11ee723735010337c17d77953baf90ae81cc068c619055b127410b14b242aec4c3d7a84d353de5d01def53a127c916f3b2f13d92687318550fd938dea8b757a62a6df40aa44d29c164a25acbb2d542abae37d5749d71023f64bf11d11f2f67822f4452a6e90ba392af318031bb163c33e823099b12a7a75a191dce319d00bfa8d6dc267f95a35681b5eda250beba739e7a0d27f77128a8a17a06b03464782e0bdd0168a802546d7ce3edfb10ce0fec5a4a7201e7a7b4544b312e95ff47ec8c22b797e8c4722288ca1e227d6e6dfb646ca5e71ff4b01f8b1f754b97c19ec22eaf27dcfa8d28f5dba13fedb3c6fbe0a123aa1c0206fc82a000739e7e74f829ff7681a531ce85bc088b852f971af970a782d09f16f68407b748fb3acdff0973ce168e6e09e0c8519417453b0965eea53f84d3dadba264cd3c6cc61c0dc8bd4d94b8e5531d6bcdd3741ece3f644cda0b3a3a240fcab0900f94599059fc25f63e1bf351db6aa39cf456cf6b7af6be9cdaebb3e9a27f10a18bf6fa927e014ea953f667cfe51aa62b14aabc05d7cec08d4cc1b5fc04d478a2ffe39c6ad32f4fe5b6c621f713337373808c2a665f2ceb239176579d0010a2ab873f41b2755e05bf39bb4a458b5d04535c108ad073c61cdac6a7b446cf7f094b81e55b5d87909277699fb5b2c3bb710a658baa4fa2be9318b80323858b843a6b5648360cb6e686836942bc0023bd92257ebe4ee89c37d6ae5a97add2db24eadaaa5db629a16e3fcf7ee2d49bcb37f779583a689ac874e9ea15f9778c55b25ecac8cbd1cebe6f67ce8bf870f83877d8882aea54b395c21ae6888b39d4d5320208048a44ad8863dd1017b94c1896470fb1933755d717ef27d596dc9dbf6867cc43e2a58e10769fb9014b9faf9b81efb44e975c04d9e62f2917b047a9690d8783193379ba853eb67777e4f2ec13f01f78c5dcc1484ec59ed22538626469cc97c0f475cfe0d978304c0a9b23959befa6f9ae5f29de8332a7091beb7da36d4f166fbc0ab639989ea5532d8a7f8e806d4f04bc92139b490fd85f5ceb0819c2dabb2ca9b306f5b10fd7131b46b3e034ee33968ed8d32c2407d7a4867fc38d2e120b655679c9ff7d7e8b7fb32a7d4f35cb9f970d53646be8970fdc2b23eb88cbbbbff8170477bfb4329a03ac08c5114486d2db54a67a0bcf72755b587fbfa28d0a4f746b282b6df3220aba34d60f1cef1693c7be00800f6434a35d5db79a99eb3f9ccb0778dc22809506e89b93bd6b0bc959201dd809eac919ec8e6e40d0738a673454718af41220e7bedc66ac793d0c867945568d5237e9f98b8072b22f26fbeeb0af786a3661923aeb9500313bc44fc47024b55b453b5bd036dd26f64f1d480b005885a559cc5c8471505d12533d8887e5418456b6bc11676f32afef307b8354e5f204903e8e6e685fce16131d0f2d065e2ebd25dd6d54ddeb0ab4919e40f05590df1dbe1a85a1720d86de41ba09187b166ec177049a63339b56365adeb41ea4c4eb28e2bec1f389398745bae99e5c772cca5d92aeb75262d5a2cbaf3c4aacd8b14e219cdc86c2a5f908c49b3bbfc64aac74f3197703fa2b08a904cc83d1e803f16e721bc6b9b0d26472cc309c36552337162341d176fb057ef10e950b39b0be1823f8e9a9d8992881ab1a66b1d8bbf24fcc7f5befb7a7e3029554e1e65e124e887159e0d1ffc04dc6ab982bfe47cd32ee7242bfb00d798152b12beccefb2ca780b4176ae955a1fb993828b695da9f37cf5eefd1aa23a27bad8900a4bbbc3b000b0e74fe014bfac7ded727a2db546b92ddabdec5d87d440d4a74f6788776dbb4d742a48d06b6e58529f595e8373a30a75f4f3e479c9db8588b29724be527582eead27987a0ad391896b8e0a5e96f115db9717d4c8df7d1dbe886724dd4bc7907a3c67d64986fc73985e0e97f8f7138d06f3016f4c9008e9a4a8f88882859c1d1bff2eebd18f482759abbc3821bb99d87ab0ec1d677bf40c0ae8fa6a7c957e2152b4e1aaaf195a985191af9c3a65fb093896cca72e5695b1e83da2aca094ee2fb76aaf4aac9d2e9b2ad377b63fec564a6064681e9e03634739b146332c5e9775a0df5eb1ed240927079fe54d957dab485c79e8c1155a27f8e79f778f93a1031d39c30d9e3f3db1b6158142589e1c832a455618bd735fb358648418956c9d7431c32461605277aa83f925ab6323cc73b4be99cadf9b862972c6240ebd4f57f4540ffd4e48803e91229a8e83bc5896dbf4d706f393033c204984b469821116cb3f75fbe01abcafc602199fe998f4cf1b2c73660fc5ad1ed3da2344a7287c08fc6c9bf8cfe218a6a729c2128c1429130d4e8308169f3577c381ddbd116a2362a5e6262d3f180987b387a47e44a904615df1edf78e0c96253f87f37d4ca361e533861d1bb09a6f9b81f542748755679df898f6069c47baeb40de25ba203ff35e6d9661488525893910898f66754ff691b0cbe603137cc95cd561161789360130888cca9c07835f9fedaf139846e3ad1e61281900b9cc99babce1e06bd061bd7f406cb25bf425dd70648fc21e07d879e970a318e84f5d612a10c0af0ce47752d697ebbfff0f7875f5a5e20548b0781af94b7049fefa69ebbb664cfa2b98cf771c47dca4bf56d4a7c3e89e37f72e963858d0f81a32e83ea291ef9baa6906710f628b69a19eaedf301c77267a7ca22a9b201272618edd49acf32b2fdb59364a679e96fbfbaba091aa08084cec6cc76f001577807e3e0108f787a471100ba321f4cbf2d82e55cdd7929298d8e60115459b74723a7a1e8bfc2a7884259d3afd09db03ba149825f16ed603139989e2f341fb8d36e8474e65eda07e451b7289d1f2e574b3027fc8adc39523f526f3c6b4c39bfd3ac123974336daf450d5edb544e6789b4d1893c84b656ac755e6b55721104d14caa1d11a79932940b89d4109523337115f118276993d816b521760945a79f5fd1ef365a8c124d29dee8c827dd843191e168433579d3aa69c717bce3d8337ebfb468d33bd7cca335a1b4d234f8c9b34ac89931d7c933bb64d14e9c055cc293e831649026b7d4965598e3d4a883af2828f74216fafd65d873d15c6be5e158fe142926d02ee3ea4cdcb528d0056eed986cb55ed7c5e59beb7be89be11f9a398f110f8653e3d1a7bf5666cbc1c8d29914d98e10e324a01a3a3d2a146372a4e271de8513e1cafc427e59984f0579a4c16a3a0745c1586666f745405ea9ab632d5534365a0fa0dd543e8d5abe8a33f6a16a9cf8457dcd431b3d15bea924a740bab837134431f300f0650aaa57ba1d597156ebbaa2ce9564002cd3aca4704b75948c5e8dc451496f3629a56cc682fe9ca5baa7d8ae8906d2b20c3bf4c0124c86185627b463085ec2336f4637e51e69e9e41b62b68f9e827e35a3a97eade6c2b280584a44fa17c6dd9f465c60ec4f5a5cd1fffd56fd64811e3f33f0a3c9486fb0054ebcdffbd206a19c118ed8a10f1562e8dab291f372c59c2e567b66989842fed273156c4701f649dfb4fa7593427176ab3fa7c799a03ec1c4b976c8ce639beb8c5b15f0a429c1094ad96ce027ca06e74b6c5b3e44de9bc406f2feee6715d1e0a4c2b1b20f29a178e5ef618c615f53dd827a1451b94f6c8e468d581ad91eab985058b1c09ff7668d05c2b568188cd487ee6af3e85cc68119ee60963442f5d941692a3a4a4f17a4e44e18013563cd0d5a93ebd78eb5c0ec15988868f7dbf2fe4ad6658e43fae7fd3a4061514953ab769afd921af94daf8d0528efe4a4933a908aeec5581cd391461bb0c9bf2352ce7be5f5f17e3b5d21815ab5b5fb7de6e584f1fc21c1ec8d57e0a36b6902d97be125f3e1a7202513315bda4c05e8a69584e748d1989f2b652f4a923f64083038cd910ca21d3bbeae2ecb29f534864901a89f441a83711c67c05813682a425aad76f73b13a54268179f2736d1bebac94c0dbb5fd56f85821e73b27600e3a817ce7c74cf8901881089d51f3d5461c80d6d70f99d5c93899ab59d11043dacf423dc91f144bd29e6d2a3c49780b732ecc9db8b21c6f9cce007ca17b2d38847f8e549bcaa9abb9331701ba78e0beb83586fdf0f303abfc822319e569e404415e327820ff9afa5635dd3c1b82b187756100a7dfafc214334a55f3b30a08d6a339a4c5eb09411d1ca800adb69054648847653a39e341072448f329c9680c7845b12b200d5823abc940a7075942aa2afa75dd2ebb8773e5a095b932d62038f39923dddb4ff7edb64445f1eb9f7ad8035e8d2a6270b701164fc6235d6650c5a6041a572886bf5713417da6e70e8ee975758de0b931d270c79d0854e3a1e30b35860976bd86160943a87f17904d40fe0dc8c4a30a0016b4732ae6ddf12701eeef25ed75b4feef7a4cd046b234af46ee5bda465b297788d8d9fc32a8afc74cdd26a24230493d2726d23550b34d665ebc9c687266ffb1bad4f5d7d4540a9bd1073fb4d0fb9cf32dcc2b4c429db70fae4e4cdac30bc462da84a085723edcb284530db2cbe38874282ea9c471d0215cc4a8eedf067ed3227f1fd4c0c14cf22805d435e59b9da20a0f8c7fc59d3350388bc194ffd52eeb50f1058904ae7f55862de6b1400e0a17e525364d065029932ba672c7f2e36c118557a6d90bc6122aff0135e49e51c3564a2f16612e337bf5767bfb2005bbf8c581d5df19305f467b6618c49f05a2249fcb90118a3a9f5987f85e88cb931073cf0bfaa423cc9a366984f664f44d4cc730e411e1d647e6d0bfdddaa041388a7e8f3ef2312384e10c2e3a317d700000f13398ea3a132e23b322a23ab9f9124ed7f125f3247dca8e719a898dbfcad7e9ee4dc7fdb3640d58dcf15b8fa74d5b34a7d3ab8c039563e6eef78920f2281b1d01d5e47625563ef29d7b262b8fc73b7f699b3a9097ca78c5ee719d8afd2c6e6d5b199dcc2ad807d8c2066a09c38c6b6b998e950eba8901e9b719b91c9003f3324d4feaeaec5cbfe1ea9bd738b45c1340b6eac6a83a6a985b44dd9e337c150096a8581ac675c3810c73c9bb5465bd2c038bfd3a8b363ba9225d455e82f440d231db051da481a85ad766a0be1143bf15e3d1e0273f75b220f4d130a7315221ee71ecc3c6f8b1e969bd86d6e35cfac38277ae38e8e528319c6a433610a381a55c8fb3044f950673a12ac81bbc23a6f2fde1b9220509b2d71b82065506ae6f4003880b5d082f36cdfde21ebfdb889a888e7af4ef637c71de4aeb4904f2497ecd3ad0e8a5c325d9d3dc151a9d3e777ccd6f7746785ebc502289e7a264c7045131096cc8a6c36162cd1a2b1254d05927659fd46d0dd471c102ad5be25ed77148775d67088cbc623906cc9fa0c7c708696ac6fef6b0296e8a71cffebd9d1f2b456628f6c82a12f452fedb687da0a146225c1c7e69cbd7399a3584cdfe9cce8f8a4b59caa6960cc60bfcd9dd7296d11f17f416011c2bf7232e8557d92cedcda5c284ce20fbb7055d8d7c024a87fdd61af845055b82721b6cd2bcaf7be886d71941981546cef867ff4756641860b9b20bc48760545435da2eaf36d2e8a62f3381c3ac95228185b31794ed767409ffb48e79035177571758ac520368334ca3b63f7de8d456abd8014552b8c41bab27df938bb657b960"})
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r3 = dup2(r2, r0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1949.953164] binder: 10101:10103 ioctl 40046207 0 returned -16
[ 1949.962257] binder_alloc: 10100: binder_alloc_buf size 158913789952 failed, no address space
[ 1949.982866] binder: 10101:10113 ioctl c0306201 20000200 returned -22
[ 1949.992554] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1950.012688] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1950.049253] binder: BINDER_SET_CONTEXT_MGR already set
20:22:29 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x600, &(0x7f0000000700)="f3"})

[ 1950.060188] binder: 10100:10109 ioctl 40046207 0 returned -16
[ 1950.071248] binder: 10100:10122 unknown command 0
[ 1950.076796] block nbd0: shutting down sockets
[ 1950.083869] binder: 10100:10122 ioctl c0306201 20000200 returned -22
[ 1950.103300] binder: BINDER_SET_CONTEXT_MGR already set
20:22:29 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1950.109496] binder: 10100:10124 ioctl 40046207 0 returned -16
[ 1950.118994] binder: 10100:10125 unknown command 0
[ 1950.131081] binder: 10100:10125 ioctl c0306201 20000200 returned -22
[ 1950.139999] binder: BINDER_SET_CONTEXT_MGR already set
20:22:29 executing program 5:
getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, &(0x7f0000000180)=0x1f, &(0x7f00000001c0)=0x4)
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f0000000400)={0xd8, r0, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x10000}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x28a}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3ff}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x20004090}, 0x800)
r1 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r2 = syz_open_dev$binderN(&(0x7f0000000040), 0x0, 0x802)
r3 = dup2(r2, r1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
r5 = open(&(0x7f0000000080)='./file0\x00', 0x100, 0x22)
mmap$binder(&(0x7f00003ec000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0xffffffffffff8001)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})
r6 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r6, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
getsockopt$SO_COOKIE(r6, 0x1, 0x39, &(0x7f0000000200), &(0x7f0000000240)=0x8)

[ 1950.150775] binder: 10126:10132 ioctl 40046207 0 returned -16
20:22:30 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1950.206813] binder: 10126:10132 unknown command 0
[ 1950.212691] binder: 10126:10132 ioctl c0306201 20000200 returned -22
[ 1950.231970] block nbd0: shutting down sockets
20:22:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1950.260227] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1950.281607] binder: 10126:10135 unknown command 0
[ 1950.286518] binder: 10126:10135 ioctl c0306201 20000200 returned -22
[ 1950.296249] binder: BINDER_SET_CONTEXT_MGR already set
[ 1950.313104] binder: 10141:10147 unknown command 0
[ 1950.331530] binder: 10126:10132 ioctl 40046207 0 returned -16
[ 1950.339218] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1950.343642] binder: 10141:10147 ioctl c0306201 20000200 returned -22
[ 1950.380463] binder: 10141:10147 unknown command 0
[ 1950.392941] binder: 10141:10147 ioctl c0306201 20000200 returned -22
[ 1950.420151] binder_alloc: 10141: binder_alloc_buf size 158913789952 failed, no address space
[ 1950.431978] block nbd0: shutting down sockets
[ 1950.457792] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1950.483918] binder: 10141:10151 unknown command 0
[ 1950.489252] binder: BINDER_SET_CONTEXT_MGR already set
[ 1950.499578] binder: 10141:10151 ioctl c0306201 20000200 returned -22
[ 1950.525370] binder: 10141:10147 ioctl 40046207 0 returned -16
[ 1950.525733] binder: BINDER_SET_CONTEXT_MGR already set
[ 1950.545167] binder: 10141:10156 unknown command 0
[ 1950.550247] binder: 10141:10156 ioctl c0306201 20000200 returned -22
[ 1950.566046] binder: 10141:10155 ioctl 40046207 0 returned -16
20:22:30 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x6c, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:30 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = accept$unix(r2, &(0x7f0000000040), &(0x7f00000000c0)=0x6e)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x44cdc1, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f00000003c0)={'team0\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x3, 0x300)
sendmmsg$sock(r8, &(0x7f0000001540)=[{{&(0x7f0000000200)=@hci={0x1f, 0x0, 0x2}, 0x80, 0x0}}, {{&(0x7f0000000440)=@ll={0x11, 0x0, r7, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f0000000100)=[{&(0x7f00000004c0)="735c703df20b1bc3c529cd11594fbadc1e81eca94a9476f9cb03f89b82c1332a423880022179e2f3ea1bdf6651a7c39c43abf736441d303f798d88ede7cd96dc871179ad7fd92dfddfa6a35a729103b5ada1c94e5b405531b6b508c772e78f262e97452eed79566fc01f11efe62c87af98de943164b00169fed019d6736df6e71dd85a338c568fc7af3117ebac3e36ada8cc439318757460a7fce2e133ea3495e1f8aa88d63836176f64432dad7ece64a12a27d5be74efdaca33728fabed0fe57b622906540b8752d3edd83c5c9ba11a1acb7eedde5c367d77609ba85d7cde7aa15c77197bbdea0d72a61f1f642953c2eb50552e14d77368a5fbc2d67b3923b66dee80c6b407d9ea421e3c5eeb33333bd64d26971cbe0324b395114ec0905a3ccd0df81c85cb9b361d80afb4d2800f139eb0c8a053000f950833c3d43c03ea90a4e1a2d866bac38c47946bbe6eca2ed60740d70e7d187b8b84f0d6e696dc1a6f0281e14173826dfa4213092015036ee5fffc0563a0a2394b2dbb934923ecae4ba96ac6f99c138998d56f8ae0bd059053990495b3eae248f7c42d7817e74f22a22a6186db1f67f99d97070a62d14a12ed0db5a28b9f52a6940921cec1153e563c37e517c123f8a16d69fd6013ff8b407dad2586ed749cd805e42f0a737968ae803b472e1f156b53a8ed102b82cf5307ea519bcf189f2aadbccda58f05cadcf60ba977fe9844322a31df01662d8bd0177129b13a207d58076a36d9bcd6849d46d1530b41a54c8afa4f79b3b7223a77fa6ab256454d91afedaf5265dc9e6db2c5ae706085ae0cb5d555ecdf5ad4afd660a48acd7f03ad0b30c9347021d3f45114a232777dca1999db41b451022f3651b839f1ef2a2bd6ea7b38fe3baf8be2482eb11d80fe26dc839524670c21e5f1e788f2f6a1a10a16cc5203255d5d72ad54e2186513b2158d17df289e6887eba9eb04cf44f3b0e21b7599b053a0ce7d4a6170418553e49004f5c167b41b10b5ee9deeef1bcb167b722462a03d82d4d481f6735e550858134304648736fb1ab7b1af15574c7fda47958acbfaa5cff15e6c04e8e9e3fc24a650d6411c2110d33d8498419735d04cbc0d340df5655291121b9bb592d352b78f2b05abdb570f15187125b8609dd1f82002820872b0155b159f18f29bc62a70c10a7cbc5f55728441c7c075b0fec58e9985801d7b51aeb5d60dd38dcd930a94340b86f573e771ce0c07288ceaef590e9a891dbd8ed6c5a0c3c0908e8647ea0baff6712199b9aeef810cf25bcd62e5205227ec189d572ae15de8dc772cd3987907c5da599a97911ccb3cdc2aea583d212f2d09a26419744e1dc7c45b0750253524648870dbc35cc1e481b946703d8ab684323e41ef22476434a19ce89759e1c5b38ffbbd3710c76391d911490d62ebbc42f58cfb28b4af130207d45240b8d25afaaf8e286301b032c3a97ff1f69f8587c4f8f76b4b3df0d1e97cdbd5787d4c9270b5afa176f2c565919d5c1862b85a402c2b030b8f0a62838f8120a5f3a8cbf00e8b552bf582db972b69a7034337964210ebb8398905e5774f1ebdcb1e28fd5ed3ccafb2fd7db7dc41a62545b67fcd2b118c12f02c4ca34752aa4df9dff630ff5b25836d37428ee8db3abafa40dd8c379c5ee42173fe954c5c34d1a0cc2de7942d07fc41057db1ff9134488002fa539c2613f6a38e0ab965111c507e5d62d6073bc8084a56b61ba4856f7ffd4cf67b500b0ee0c16e1672e8a32caf6a63f13cb19308c862a8fc442d561b2a8edf39fbebdb7fe2fee2946d3a10e6bc29af201400495ad4b499913b9abced0ba3963369b47670483f7c03d02d7d241ac0764983158cb9ba5f1f674ea6c0866acaf04494c80495174fdef9c69ae68710ba6d6b116d8430908a428b2519353f9777f27283128599574fd1c5743a042f5290e63f5c3c93e72dd45a9ad922fce8605500ef74ba6b07daa517500fcaf8dd5bb81909375c561737ed483c62bcb97762ae97b1ee5001de2df61d4c9da487f32c56c16b4e4d42181b4476e583d7141ca9829f92bc801aad257893b433880d64c116130d8e87a7ad08698a00d8c66c39a93b6db6717190588697211c56df6415fd064536012a477d2f797a1c06f4f496887d", 0x5ef}], 0x1}}], 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000400)={&(0x7f00000001c0)={0x2, 0x4e21, @broadcast}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000200)="599adcc61b6d2d0c62703299d9e0fd174e82f17e91ff776ad868509abc3afd4edd83f5a4b5edac68125cb7e171eb12f3b0caa558f533a80e6327968a043cdaf1a5ec430e79b539120631089434897f812be51457a73af9acc2224d", 0x5b}, {&(0x7f0000000280)="1f6dfd6d082b358887c96416f7bab0f94807f9dc6f4d70c05042c223a368ace38458e62f42feb57f700cb052cf6631b2c3388ce1c3337a8d9472835223e9fc3853f07f43ed26dfa03e2377d28ec5760483b81ff5f98ca65b3979f96e15fdcf", 0x5f}], 0x2, &(0x7f0000000380)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @remote, @loopback}}}], 0x20}, 0x4040020)
fcntl$setlease(r4, 0x400, 0x1)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0b6300000c6300000e630240000000000000595d27807780c54276f22c525cbcb1b142a9b0b5b52dab34e26f16cdc0a5ef82dd83ffba364ddd6730f2d27ef170012f64d3037b6eff4efa1648a6509a5ec816d0010400000000000011"], 0x0, 0x0, 0x0})

20:22:30 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x700, &(0x7f0000000700)="f3"})

20:22:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, 0x0, 0x0, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1950.684380] binder: 10165:10166 unknown command 0
[ 1950.689490] binder: 10165:10166 ioctl c0306201 20000200 returned -22
[ 1950.708486] binder: 10165:10166 unknown command 0
[ 1950.720259] binder: 10165:10166 ioctl c0306201 20000200 returned -22
20:22:30 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1950.801093] binder: 10168:10173 unknown command 0
[ 1950.814096] binder: BINDER_SET_CONTEXT_MGR already set
[ 1950.820323] binder: 10168:10173 ioctl c0306201 20000200 returned -22
[ 1950.822148] block nbd0: shutting down sockets
[ 1950.835204] binder: 10169:10175 unknown command 1073898254
[ 1950.836150] binder: 10170:10176 ioctl 40046207 0 returned -16
[ 1950.845960] binder: 10169:10175 ioctl c0306201 20000340 returned -22
[ 1950.857720] binder: 10168:10173 unknown command 0
[ 1950.870307] binder: 10168:10173 ioctl c0306201 20000200 returned -22
[ 1950.877369] binder: 10170:10178 unknown command 0
[ 1950.879625] binder_alloc: 10168: binder_alloc_buf size 158913789952 failed, no address space
[ 1950.893042] binder: 10170:10178 ioctl c0306201 20000200 returned -22
20:22:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1950.901786] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1950.929690] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1950.946958] binder: BINDER_SET_CONTEXT_MGR already set
[ 1950.958474] binder: 10169:10179 unknown command 1073898254
[ 1950.960068] binder: 10168:10177 unknown command 0
[ 1950.966006] binder: BINDER_SET_CONTEXT_MGR already set
[ 1950.971222] binder: 10168:10173 ioctl 40046207 0 returned -16
[ 1950.985727] binder: BINDER_SET_CONTEXT_MGR already set
[ 1950.991053] binder: 10168:10183 ioctl 40046207 0 returned -16
[ 1950.992387] binder: 10168:10177 ioctl c0306201 20000200 returned -22
[ 1951.002238] binder: 10168:10185 unknown command 0
[ 1951.008488] binder: 10168:10185 ioctl c0306201 20000200 returned -22
[ 1951.020023] binder: 10169:10179 ioctl c0306201 20000340 returned -22
[ 1951.031552] binder: 10170:10176 ioctl 40046207 0 returned -16
[ 1951.031647] binder: 10170:10178 unknown command 0
[ 1951.037717] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1951.043823] block nbd0: shutting down sockets
20:22:30 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1951.085364] binder: 10170:10178 ioctl c0306201 20000200 returned -22
20:22:30 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat$incfs(r2, &(0x7f0000000000)='.log\x00', 0xc0000, 0x4)
r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r4, 0x7, &(0x7f0000000080)={0x1})
r5 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000200)={0x6c, 0x0, &(0x7f0000000180)=[@dead_binder_done, @decrefs={0x40046307, 0x2}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000040)={@fd={0x66642a85, 0x0, r4}, @fd={0x66642a85, 0x0, r5}, @flat=@weak_binder={0x77622a85, 0x0, 0x2}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}}, @enter_looper, @clear_death], 0x1000, 0x0, &(0x7f0000000400)="03960cf0f794c73a282d44fabe70e52f9bdcb1254200ee7dca48d10d0fedceb26f755215bc01868f7e95248423e4669eba7f47317aecd5432298bee54319c6a55d960dd3edf4a4edf0837fbd9a9bd58baccd7a5e6750a26f14e42b26378c8158d8902d55301a98c77c80ac9643dfb6488ec284186e085b27752972f8a68a16cb526f1615f0078dc432025bfa52356478032ef462bb1182a287f9e69dc5c6a0f6108b1315386445161285684e4b811a05524ff269c7ea26fbfe4a0dd2f77b951d7181aaf8d49fc89509e0066eee57c6e21c19ab58b26e694d494d1023c2661db8c8c4e7d25ce069cf24970f031591d26d8bfd85edd01428de24b71598bdcc082ef34ad9b4ce3dc95f26bdd3b43cc3b5baf4f4d94ca25bbb3efb7afd51d7640f7f9cd9ba5da3072f706484e5a8cec6813dc49f5231fd60d87cfa25986888e3ba8810e3ec94b60d6eb828d0da1b09e63fcde4fe6e7f4af4c04e29ec41022ffcc57881b14ff786979f08659e574743944837765745cfc2600376d4e56bd000f14d47814cf8e8cc514cc633a222d6a6725f6b358636426043fb5fb402bf1e47aa1e52453260e71a1be59164f9056234a3b9eb412196668b28cd0bac3cabaedd9b38c7ac102551546cccfb47204b2ffa2b5a23af678553b9bbb35f765facd616db6db1cf828a6de826546847dca60c9d6f62b75f867c1ba5877fc25fec95af4fe994e0d213c17d28fc9364d6de8e46a090fb4ce508ba4c19eae5f0f69acb789865ba17bcd508a1fe6f4fa2117e04e06a8fa245a80199604c4254b80e2e51293f691027134a810df2f96d2b809a103a6f585502f8897e42991de16fe87bf17f2d10724363f0ee6513122ee97b6de60072152b605432d691f77415695137ac67351247b8acc86c02d148ef820bf86a8fb4679008c7c97e73d5a2946e5ef28866f06c17bc02435924360430ebe333c059ba1d36ca20c091c737bc8afa758f203defb5fc917b6e77c68024f0498b59d2ef8e94e4c68930299459b0934224b918f2b910f7ad93c67c755b477fe661d159fe0b7b5371dfc3e5457e6ac9dc612d7a6cd23d667342729bb580ea9e9247c73be1316aefe630c47d88674ef891afe3b185c136ad6dcd8f008febe17fefd1fd09bacf5f48d630682dbb0f67bc99ef21a1c74788486b0a8fd4f641b51179501d3267bb11d79c25993852221ad791e29633cd077886484dd13e4d80637d082dbb302d42e3cb67373d3d91c1cf512a6479bebe648294c7390e90799927e479ee37e07b2eb74f0b58fefa6962a9c5e9a7a360f3726fefa0ebb35d3481435abd3e380d914c303afcbb70c2a418f75359d72435ef567f95b77b6fb7175fd7c5f098cdd763d138ec72e9c13d3a27849ac42ff72ad2e1dcdc66138219f5e5a576c7e54790bf64187c2c33ca08ddb856a734e921f0a0a92ace99a33faaff6064fb2ed66690af108b29a795d8d927de4df64acef376197d69319bf75515d2f434493fb1fb12abb11b595dd553e3ba4a9f40f64e7dd31f953d101759bad616e164cf0376962d3e36aa3fa7f187ab797dc0787165e6cd82514ff2a9afe616604eb57fae7071dcd35d02c56b51081d5737655373a2f833c992fdfa873c40de3b00117162a8685a294e07c83cc9d26edcbbeee0f3a840601fe43fde6356d90cec63d0d44584b7decf4bc872e7296af6f65262b3423930b73ba2bf739decaad6d6b647e1cfc6be25a80582e0e9e95201ae8c7441172744340c7618f0993b55c30f821606a6bc9986df3971e4a32f91f5ee977a13d4b96ead812c7cd47e708cee3fe2e9428a67aa7baabedff5ef593406e2bceb5e71bdf6a380650c1da5150c9f5a4cce9781a4a1e204ad6130bacc20e96e8288776ef9caedcbbca8c8ed2452c83e01ca86a2c7a77cdf9be9aef0da3f005580ab403131f103ff7c9d1d821a8c3d2c641c53c038a1c7ffec4036236d2d6f7daf47472e9121f69d090a7092fb51980939b7552471acb20329dbd42af06afbeea3bdaa6184492fa2b19672d2cc9dc8b092cd673011dba71c31bbdb04fc8e2c2e073b61b7dcb885e548d111c0b867b77659cf6be0fe695dfa1e6d27aada2a3b98a507714549857c892a99491af87acb9bd571ee2f4e08c063c3c524489835bf26b84700ae4a1d8df94e2911d0578dc67632f237520dc7fffab1667890ef3330073736421aaf9d9ad12a5396705e104c66ba82dbf73e945a75b8527f06665346c6dee693c779ce74c4e08ac8433de616cf14f8505cb68a8952e339d5fcb72c2f8194a9fe70c3b74825096982522f853f60b97cd91798c2a0138ba544b35bf3b31b7a5a6622b3afba45681ddc2d7983ff64b1f886f829a3cda8b9636846e5de0ce3a879ada3a244cb484139f22de5c680dd5372c021f7b288664cf03e645a771746700a3ecd16df5df86b24658aea12ee7ae486e9d128b88ce2e80d3c62c9d6bfeedcad420ed93232f0f718f563ebb9653ba9176a1aaea4aeca91f2d513ed67568789b664976faf27a4a2a2297a22a52222f68c8d856629edd8c1c1103a3a4d8418d9e5357182c502a2ba2404653ac609e74e180609d8d4459f530b3d80c260bfd8dafb9a033c73a1d08ea8ebba5c2a62c9dde58d506100adae35c52df8d532d5ae4927cd09ca640bb6cfb8b74589a66c116ad733661a3f620604fe58dc873668fc4c18ed970d3c420620a84b5abffb4dffe911dc0bc396b468a699d8a94d63f281ec286780c3176f895082518c98ae1c0eae2f1b744b1e236631ef2acd6de51b018894a4f212fab204036a7359f197a37b62c4ca776edede4939a247d3b75a8f9dc22bb57af31f5696ed59a038b361dff8a631d2b4ba8b355bcbcb43e6cee6a809f85478ef64de465f6104c5a1b0b617e855f0e6767216cb59607da625094ed32a5d5844693deb0e35a9d281c9a2f2c3dee744c533dae0bf2010e1cfde8f755eafefc05e4f8f555e6f389d2535fa8efc9549c92ae80cfcd66596b3f084f01b501b11de93d76deef9fcd7469585859ba907a0817adad0ca5ebc1c4748a779baada348adf1e303b4108d5a9b6fb7edd39c227f280f2c2c67b1fa589faeb1ad06c22ce67cd956d9385a95f26fdc158f6432067a3d851e0a4d6953c2257e09b9c830b1b7ac9fdf2c93442dd0b4425953ad46d57d62ab3cb4b30e3daa481dce4da4b21dd6c9e67e272923476616cfc056b7be41964824de1ec0c70ff9559f8616c045887253d475f886d47695bef929ac4fc4fb7cb97570a1ec459250a0682019c8fd88f393befd55d00f377dc5089137f7c9b8b147296c22cacdf743e6344a9f62e0a08b2a539e650dd1b7390645ba98f5b007c759da0df33d20f0620db0129d5116854bae619a9834a17808bf2d1229133e47a79f64fa005ac7babde881d0d209b483ecd5f2fd9fd26d19e120ad826e83a1fcbc4eb7cab749536498971c3217acac771d192b4c9fcd3740a2445a0adc10d0a01174cc3b5687e68f5b2067b24764127c2e474650821603380c7a6b07af25da9b89eb12ba1e8e9a492b2891c98fbba993ed6bf9b878f6b92ee5f5a2ddca9ba49c2fb3d5a914db91cae03ebf1d234939ab6afec9e7f58e4a18924be2383433cef3b78dc720941ced0666bf8b670fc8504c8f20ac876a53f148fcc4fa59b7bc435f4cbe0b2cdc341948d9c599bfebc7948be366c11c8c7860bb51e31ee8ab7e5a86d15ede0d2a9b699d837cec13a140fea95b40493eeb399d82f427ae61c9b4396b763224d4b1648d01f5aee53761fd3d9c9fec09a2e60f8f708d3eb123c296e79cc7b209cdde5ff37dfab0ff3df8cc3290bc1a9e462016b98b02bdcd17c01342f540480237487533cdf393c84b262d2be17ea54b3a2a4f84bed5f1a5ec4df16bb3fea922171ae0d320805422e4c15dc922497ace166e2f1bf4e49ae07e9d2cde29bbfd9725202af112ce94a750e38cc78b190909afe26e718439bd534e815650b3e8f01cd4345fe10c3e10549b0065e4859f576cf4b3d849bdbaa819de14559eceaf3b5c603b78919b911a9247fe6ada1a29323c3256007b7f5fa985ef77a9092bd40745e0dd54885a10f06935a8f106ccdaa6d3d793fe12ff5b7da59963653c7a63d1b0ea2b30ccee225d47c729c63d2dfe35307aa4c09c0bc7fd401d2e2ab5efe3c9592b6cb407d357c1895086a33673c61b506edbaf162c833f6b9732a9d4faea9727918340061b99b3d06a68d6998ea3a2e29a6ce9ee3b8d21a6f15e6474d381e2a04c94f10a41a657c178f602745789f1a6c1e987f9b4412ed79067635a857000458660c293b48c01ccf82b49a3fb42e64936f3586a9456289f8461b32cd9ffe6446036c9fecca5a06f9bb394d27efb2e409eea3798ed87a91803c1da006e70b2118b824e2175e64c72a99abee88c39a8f4d557f4a7769134f75de2a3070acefedc500ee8ca5cbe1ec7a938b05574299dee3b6e276c1aa5f3299e6876e4be5aa2c668f4800578bfe7e4b461b4b2cc9a0f581a3e1c79c9b21cb7ff846d2689eb0a610caebd0976d061bd2be4c3b69855a5e6e5a4cc6f58b676aa35cfe02a08d2a5287b09444c99a86f530cd83152303a33d513cb21c2fb434815991fa24210c0c87693fff9ebe4e9725807ef9c0114bf8a84865c24629780587b840ede9e3c0a92be8420dd05f465406bcf5d9af3169f0f46659c194e967159188d0c6e3fe444441e92ac26265d271e73c5b18c95ab7f4b206eafbb87d4bd4b8dbd8d1e47d0281d455b7fbd571942aa8eda618bfc49e83fc97fba9e43060fc6ca10d578e7a389d1ce14004806750b3984dae9aa2f2014d7adbebf7f6d041a116d48ff89633d644571229a4f34aa2bf98f29034dfc8415c7967a403d3ebf21d8c5f90a00826107f7709493cfb80ae34564b66a5f884fbc273cb80d2a3d681f565034d5eeef8a9f9a85c33a2d2780491fab5226d5ad05afa67dbc7a1c43a8164e08b67114abb601ea1d0143980fe5588a103f5f5ccf4045f1421a549b04b3e22a8f8732a48be4dd19b5f13a63f7b95909a90128445165575a01993437098834d0d89e783295deadc7a0caa6a235e74942c48064a5fce28627df8a7c9b61b37ece10d22a2560168e1f98b460bafd2e2b7fc383c00176d0c1cfde2fe3797298471a3af63ebb106d4a2ec529424e52d007dcbef65a78742a8ad307c26c6adc5d9eaabde58e16842e075838e487be4c12a589ad20ddd1075e6ca5e45c5a333dbb5444fd510404bb6d37265218c962b2240b948260b8f38cbc0afbcdc8883a46493fdaa2475a716a564e98784ba0d887fb86e7ff89e52a6318278ed6f3eaa648cc7372be14c90a9408a7750e713d7f94028ffb026a6b24e046c65a055c1dbd61c102108995ad85e6bb4ba7fef1d75d11d515a055744ae83ce08ac3fe5abea9bbad30033f78e2534d240a80d60bde81d0b2f887ddb1d0cb62cf1183da6cec689d78305fdce323a6b6bcaafcbade84687f4b26d7d6ff6e2c3a1fa013a5f4d9c2517d86a604d1615e3e80628054ff0ce86dd7d9b3ea989032d2b07c9193614390e4c42a206aca64995db86ea965b4e893c8047b12706f7223c1037a27c7e89f0f920a5d32473a3f24a2307bb2016319b24c8065e21f5edc014ea4ac01a60db70c68c2ebd6a557d8a097158dd910cd118fb05183c3b58cf189927e2efc5738cb0edca10df42ffe124868c85e99b171431e5173c6029cc261c68fa9cf3df04eaf7b3fb6db54f40d6bed85e83e36ee992bd6c8450666c6f4f435d5a2e287600b1b14c6312b65d52b"})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1951.159965] binder: 10191:10192 unknown command 0
20:22:30 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x2000, &(0x7f0000000700)="f3"})

[ 1951.186499] binder: 10191:10192 ioctl c0306201 20000200 returned -22
[ 1951.220099] binder: 10191:10192 unknown command 0
[ 1951.237921] binder: 10191:10192 ioctl c0306201 20000200 returned -22
[ 1951.269914] binder_alloc: 10191: binder_alloc_buf size 158913789952 failed, no address space
[ 1951.281940] block nbd0: shutting down sockets
20:22:31 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f0000000040))
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1951.293962] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1951.300779] binder: BINDER_SET_CONTEXT_MGR already set
[ 1951.308706] binder: 10202:10205 ioctl 40046207 0 returned -16
[ 1951.333070] binder: BINDER_SET_CONTEXT_MGR already set
20:22:31 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0x0, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1951.340547] binder: 10191:10192 ioctl 40046207 0 returned -16
[ 1951.348665] binder: 10191:10199 unknown command 0
[ 1951.366705] binder: 10202:10205 unknown command 0
[ 1951.367158] binder: 10191:10210 unknown command 0
[ 1951.371959] binder: 10202:10205 ioctl c0306201 20000200 returned -22
[ 1951.380275] binder: 10191:10199 ioctl c0306201 20000200 returned -22
[ 1951.400962] binder: 10191:10210 ioctl c0306201 20000200 returned -22
[ 1951.423640] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1951.439956] binder: BINDER_SET_CONTEXT_MGR already set
[ 1951.492100] binder: 10202:10208 unknown command 0
[ 1951.492725] block nbd0: shutting down sockets
[ 1951.497167] binder: 10202:10208 ioctl c0306201 20000200 returned -22
[ 1951.508995] binder: 10202:10205 ioctl 40046207 0 returned -16
[ 1951.543196] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1951.675930] binder: 10190:10211 unknown command 0
[ 1951.680914] binder: 10190:10211 ioctl c0306201 20000200 returned -22
[ 1951.700101] binder: 10190:10211 unknown command 0
[ 1951.705141] binder: 10190:10211 ioctl c0306201 20000200 returned -22
20:22:31 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x6c, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:31 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl(0xffffffffffffffff, 0x105, &(0x7f0000000040)="8b33bf573598e2c328b309163b7a5f6bba6f0712df1e2fe045548eb00195579d9fb411174443b5575d737788b30a35c5f7fc29b8eb0000c484dd53920baa5a1eacd37a32e63560d0a85abcc0aadb6e5b394f7a7d088199234db793be148606b7")
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:31 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x4800, &(0x7f0000000700)="f3"})

20:22:31 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:31 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(0x0, 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:31 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl(0xffffffffffffffff, 0x105, &(0x7f0000000040)="8b33bf573598e2c328b309163b7a5f6bba6f0712df1e2fe045548eb00195579d9fb411174443b5575d737788b30a35c5f7fc29b8eb0000c484dd53920baa5a1eacd37a32e63560d0a85abcc0aadb6e5b394f7a7d088199234db793be148606b7")
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1952.199311] binder: BINDER_SET_CONTEXT_MGR already set
[ 1952.208646] binder: 10229:10232 unknown command 0
[ 1952.220665] binder: 10227:10233 ioctl 40046207 0 returned -16
[ 1952.228240] binder: 10229:10232 ioctl c0306201 20000200 returned -22
[ 1952.244236] binder: 10227:10233 unknown command 0
20:22:32 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(0x0, 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1952.271445] binder: 10229:10232 unknown command 0
[ 1952.281419] binder: 10227:10233 ioctl c0306201 20000200 returned -22
[ 1952.301759] binder: 10229:10232 ioctl c0306201 20000200 returned -22
[ 1952.311049] binder_alloc: 27169: binder_alloc_buf, no vma
20:22:32 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl(0xffffffffffffffff, 0x105, &(0x7f0000000040)="8b33bf573598e2c328b309163b7a5f6bba6f0712df1e2fe045548eb00195579d9fb411174443b5575d737788b30a35c5f7fc29b8eb0000c484dd53920baa5a1eacd37a32e63560d0a85abcc0aadb6e5b394f7a7d088199234db793be148606b7")
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1952.321992] binder_alloc: 10229: binder_alloc_buf size 158913789952 failed, no address space
[ 1952.344397] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1952.374413] binder: BINDER_SET_CONTEXT_MGR already set
[ 1952.380824] binder: 10227:10233 ioctl 40046207 0 returned -16
[ 1952.390614] binder: 10227:10239 unknown command 0
[ 1952.406233] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1952.414831] binder: BINDER_SET_CONTEXT_MGR already set
20:22:32 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(0x0, 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1952.420968] binder: 10229:10232 ioctl 40046207 0 returned -16
[ 1952.426113] binder: 10229:10237 unknown command 0
[ 1952.430359] binder: 10227:10239 ioctl c0306201 20000200 returned -22
[ 1952.456580] binder: BINDER_SET_CONTEXT_MGR already set
20:22:32 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl(0xffffffffffffffff, 0x105, &(0x7f0000000040)="8b33bf573598e2c328b309163b7a5f6bba6f0712df1e2fe045548eb00195579d9fb411174443b5575d737788b30a35c5f7fc29b8eb0000c484dd53920baa5a1eacd37a32e63560d0a85abcc0aadb6e5b394f7a7d088199234db793be148606b7")
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:32 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x4c00, &(0x7f0000000700)="f3"})

[ 1952.475135] binder: 10229:10248 ioctl 40046207 0 returned -16
[ 1952.475438] binder: 10229:10237 ioctl c0306201 20000200 returned -22
[ 1952.493768] binder: 10229:10232 unknown command 0
[ 1952.498655] binder: 10229:10232 ioctl c0306201 20000200 returned -22
20:22:32 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x0, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1952.604495] binder: BINDER_SET_CONTEXT_MGR already set
[ 1952.628653] binder: 10255:10258 ioctl 40046207 0 returned -16
[ 1952.654577] binder: 10255:10258 unknown command 0
[ 1952.673812] binder: 10255:10258 ioctl c0306201 20000200 returned -22
[ 1952.721726] binder: BINDER_SET_CONTEXT_MGR already set
[ 1952.727741] binder: 10255:10258 ioctl 40046207 0 returned -16
[ 1952.735382] binder: 10255:10263 unknown command 0
[ 1952.740943] binder: 10255:10263 ioctl c0306201 20000200 returned -22
20:22:33 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x6c, 0x0, &(0x7f0000000600)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)={0x0, 0x20, 0x38}}}, @dead_binder_done, @acquire_done, @increfs], 0x0, 0x0, 0x0})

20:22:33 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:33 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl(0xffffffffffffffff, 0x105, &(0x7f0000000040)="8b33bf573598e2c328b309163b7a5f6bba6f0712df1e2fe045548eb00195579d9fb411174443b5575d737788b30a35c5f7fc29b8eb0000c484dd53920baa5a1eacd37a32e63560d0a85abcc0aadb6e5b394f7a7d088199234db793be148606b7")
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x0, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:33 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x6800, &(0x7f0000000700)="f3"})

[ 1953.245041] binder: 10272:10273 unknown command 0
[ 1953.250223] binder: 10272:10273 ioctl c0306201 20000200 returned -22
[ 1953.262229] binder: 10272:10273 unknown command 0
[ 1953.267140] binder: 10272:10273 ioctl c0306201 20000200 returned -22
[ 1953.367637] binder: BINDER_SET_CONTEXT_MGR already set
[ 1953.387125] binder: 10278:10283 unknown command 0
[ 1953.387586] binder: 10277:10282 ioctl 40046207 0 returned -16
20:22:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x0, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1953.411410] binder: 10278:10283 ioctl c0306201 20000200 returned -22
[ 1953.425709] binder: 10277:10285 unknown command 0
[ 1953.439737] binder: 10277:10285 ioctl c0306201 20000200 returned -22
[ 1953.450741] binder: 10278:10283 unknown command 0
20:22:33 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl(0xffffffffffffffff, 0x105, &(0x7f0000000040)="8b33bf573598e2c328b309163b7a5f6bba6f0712df1e2fe045548eb00195579d9fb411174443b5575d737788b30a35c5f7fc29b8eb0000c484dd53920baa5a1eacd37a32e63560d0a85abcc0aadb6e5b394f7a7d088199234db793be148606b7")
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1953.467439] binder: 10278:10283 ioctl c0306201 20000200 returned -22
[ 1953.484872] binder: BINDER_SET_CONTEXT_MGR already set
[ 1953.501100] binder_alloc: 10278: binder_alloc_buf size 158913789952 failed, no address space
[ 1953.503137] binder: 10277:10282 ioctl 40046207 0 returned -16
[ 1953.510050] binder: 10277:10285 unknown command 0
20:22:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

[ 1953.542967] binder: 10277:10285 ioctl c0306201 20000200 returned -22
[ 1953.556039] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:33 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
ioctl(0xffffffffffffffff, 0x105, &(0x7f0000000040)="8b33bf573598e2c328b309163b7a5f6bba6f0712df1e2fe045548eb00195579d9fb411174443b5575d737788b30a35c5f7fc29b8eb0000c484dd53920baa5a1eacd37a32e63560d0a85abcc0aadb6e5b394f7a7d088199234db793be148606b7")
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1953.599709] binder: 10278:10286 unknown command 0
[ 1953.605422] binder: BINDER_SET_CONTEXT_MGR already set
[ 1953.610979] binder: 10278:10286 ioctl c0306201 20000200 returned -22
[ 1953.638613] binder: 10278:10283 ioctl 40046207 0 returned -16
20:22:33 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x6c00, &(0x7f0000000700)="f3"})

[ 1953.645215] binder: BINDER_SET_CONTEXT_MGR already set
[ 1953.659148] binder: 10278:10299 unknown command 0
[ 1953.674617] binder: 10278:10298 ioctl 40046207 0 returned -16
[ 1953.685472] binder: 10278:10299 ioctl c0306201 20000200 returned -22
20:22:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

20:22:33 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1953.762095] binder: BINDER_SET_CONTEXT_MGR already set
[ 1953.768305] binder: 10304:10307 ioctl 40046207 0 returned -16
[ 1953.795447] binder: 10304:10307 unknown command 0
[ 1953.817881] binder: 10304:10307 ioctl c0306201 20000200 returned -22
[ 1953.839427] binder: 10310:10312 unknown command 0
[ 1953.851890] binder: 10310:10312 ioctl c0306201 20000200 returned -22
[ 1953.865208] binder: 10310:10312 unknown command 0
[ 1953.870221] binder: 10310:10312 ioctl c0306201 20000200 returned -22
[ 1953.878739] binder_alloc: 10310: binder_alloc_buf size 158913789952 failed, no address space
[ 1953.888701] binder: BINDER_SET_CONTEXT_MGR already set
[ 1953.894541] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1953.900724] binder: 10304:10307 ioctl 40046207 0 returned -16
[ 1953.905382] binder: 10304:10314 unknown command 0
[ 1953.917963] binder: 10304:10314 ioctl c0306201 20000200 returned -22
[ 1953.927575] binder: BINDER_SET_CONTEXT_MGR already set
[ 1953.935802] binder: 10310:10318 unknown command 0
[ 1953.948024] binder: 10310:10312 ioctl 40046207 0 returned -16
[ 1953.954535] binder: 10310:10318 ioctl c0306201 20000200 returned -22
[ 1953.968785] binder: BINDER_SET_CONTEXT_MGR already set
[ 1953.980223] binder: 10310:10320 unknown command 0
[ 1953.994505] binder: 10310:10319 ioctl 40046207 0 returned -16
[ 1954.006236] binder: 10310:10320 ioctl c0306201 20000200 returned -22
20:22:33 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:33 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:33 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r2 = dup(0xffffffffffffffff)
ioctl$NBD_SET_SOCK(r1, 0xab00, r2)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

20:22:33 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x7400, &(0x7f0000000700)="f3"})

20:22:33 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1954.122658] binder: 10328:10329 unknown command 0
[ 1954.127592] binder: 10328:10329 ioctl c0306201 20000200 returned -22
[ 1954.139791] binder: 10328:10329 unknown command 0
[ 1954.148293] binder: 10328:10329 ioctl c0306201 20000200 returned -22
[ 1954.206857] binder: 10332:10334 unknown command 0
[ 1954.216961] binder: 10332:10334 ioctl c0306201 20000200 returned -22
[ 1954.227900] binder: BINDER_SET_CONTEXT_MGR already set
[ 1954.250045] binder: 10332:10334 unknown command 0
[ 1954.253627] binder: 10335:10337 ioctl 40046207 0 returned -16
20:22:34 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r2 = dup(r1)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r2)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

[ 1954.277842] binder: 10335:10337 unknown command 0
[ 1954.286858] binder: 10332:10334 ioctl c0306201 20000200 returned -22
[ 1954.297220] binder: 10335:10337 ioctl c0306201 20000200 returned -22
[ 1954.314873] binder_alloc: 10332: binder_alloc_buf size 158913789952 failed, no address space
[ 1954.344475] binder: 10335:10345 unknown command 0
[ 1954.344582] binder: BINDER_SET_CONTEXT_MGR already set
[ 1954.365707] binder: 10335:10345 ioctl c0306201 20000200 returned -22
[ 1954.375222] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:34 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1954.398927] binder: 10335:10337 ioctl 40046207 0 returned -16
[ 1954.416811] binder: BINDER_SET_CONTEXT_MGR already set
[ 1954.423406] binder: 10332:10334 ioctl 40046207 0 returned -16
[ 1954.423813] binder: 10332:10339 unknown command 0
20:22:34 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x7a00, &(0x7f0000000700)="f3"})

20:22:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r2 = dup(r1)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r2)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

[ 1954.455993] binder: BINDER_SET_CONTEXT_MGR already set
[ 1954.475265] binder: 10332:10357 unknown command 0
[ 1954.477062] binder: 10332:10339 ioctl c0306201 20000200 returned -22
[ 1954.480790] binder: 10332:10356 ioctl 40046207 0 returned -16
[ 1954.525327] binder: 10332:10357 ioctl c0306201 20000200 returned -22
20:22:34 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:34 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1954.570235] binder: BINDER_SET_CONTEXT_MGR already set
[ 1954.590095] binder: 10360:10365 ioctl 40046207 0 returned -16
[ 1954.636109] binder: 10360:10369 unknown command 0
[ 1954.661817] binder: 10360:10369 ioctl c0306201 20000200 returned -22
[ 1954.698339] binder: 10370:10375 unknown command 0
[ 1954.705699] binder: BINDER_SET_CONTEXT_MGR already set
[ 1954.711647] binder: 10360:10365 ioctl 40046207 0 returned -16
[ 1954.711701] binder: 10360:10369 unknown command 0
[ 1954.734042] binder: 10370:10375 ioctl c0306201 20000200 returned -22
[ 1954.734432] binder: 10360:10369 ioctl c0306201 20000200 returned -22
[ 1954.765123] binder: 10370:10375 unknown command 0
[ 1954.783214] binder: 10370:10375 ioctl c0306201 20000200 returned -22
[ 1954.805149] binder_alloc: 10370: binder_alloc_buf size 158913789952 failed, no address space
[ 1954.831077] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1954.853302] binder: 10370:10380 unknown command 0
[ 1954.858401] binder: 10370:10380 ioctl c0306201 20000200 returned -22
[ 1954.867433] binder: BINDER_SET_CONTEXT_MGR already set
[ 1954.882997] binder: 10370:10375 ioctl 40046207 0 returned -16
[ 1954.887543] binder: BINDER_SET_CONTEXT_MGR already set
[ 1954.902039] binder: 10370:10380 unknown command 0
[ 1954.902218] binder: 10370:10388 ioctl 40046207 0 returned -16
[ 1954.908607] binder: 10370:10380 ioctl c0306201 20000200 returned -22
[ 1954.938398] binder: 10390:10391 unknown command 0
[ 1954.950305] binder: 10390:10391 ioctl c0306201 20000200 returned -22
20:22:34 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r2 = dup(r1)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r2)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

20:22:34 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:34 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x1000000, &(0x7f0000000700)="f3"})

20:22:34 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1955.015577] binder: 10390:10391 unknown command 0
[ 1955.020840] binder: 10390:10391 ioctl c0306201 20000200 returned -22
[ 1955.037059] binder: 10390:10391 ioctl c0306201 20000380 returned -14
[ 1955.114354] binder: BINDER_SET_CONTEXT_MGR already set
[ 1955.125694] binder: 10400:10403 ioctl 40046207 0 returned -16
[ 1955.136472] binder: 10396:10405 unknown command 0
[ 1955.151165] binder: 10400:10403 unknown command 0
[ 1955.154992] binder: 10396:10405 ioctl c0306201 20000200 returned -22
20:22:34 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:34 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

[ 1955.163005] binder: 10400:10403 ioctl c0306201 20000200 returned -22
[ 1955.184164] binder_alloc_new_buf_locked: 10 callbacks suppressed
[ 1955.184172] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1955.205366] binder: 10396:10406 unknown command 0
[ 1955.220555] binder: 10396:10406 ioctl c0306201 20000200 returned -22
[ 1955.234279] binder: 10400:10403 ioctl c0306201 20000380 returned -14
[ 1955.249088] binder_alloc: 10396: binder_alloc_buf size 158913789952 failed, no address space
[ 1955.257237] binder: BINDER_SET_CONTEXT_MGR already set
20:22:35 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1955.272142] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1955.281078] binder: 10400:10414 unknown command 0
[ 1955.294278] binder: 10400:10403 ioctl 40046207 0 returned -16
[ 1955.309563] binder_alloc: 27169: binder_alloc_buf, no vma
20:22:35 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

[ 1955.318989] binder: 10400:10414 ioctl c0306201 20000200 returned -22
[ 1955.332674] binder: 10396:10406 unknown command 0
[ 1955.337757] binder: BINDER_SET_CONTEXT_MGR already set
[ 1955.344630] binder: 10396:10406 ioctl c0306201 20000200 returned -22
[ 1955.345964] binder: 10400:10416 ioctl c0306201 20000380 returned -14
[ 1955.357611] binder: 10396:10405 ioctl 40046207 0 returned -16
[ 1955.365282] binder: BINDER_SET_CONTEXT_MGR already set
[ 1955.379602] binder: 10396:10422 unknown command 0
[ 1955.385657] binder: 10396:10418 ioctl 40046207 0 returned -16
[ 1955.396073] binder: 10396:10422 ioctl c0306201 20000200 returned -22
20:22:35 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x2000000, &(0x7f0000000700)="f3"})

20:22:35 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, 0xffffffffffffffff)
r3 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r3, 0xab04)

20:22:35 executing program 5:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1955.520481] binder: BINDER_SET_CONTEXT_MGR already set
[ 1955.534344] binder: 10430:10435 ioctl 40046207 0 returned -16
[ 1955.564619] binder: 10430:10435 unknown command 0
[ 1955.583841] binder: 10430:10435 ioctl c0306201 20000200 returned -22
[ 1955.615920] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1955.628417] binder: 10430:10435 ioctl c0306201 20000380 returned -14
[ 1955.646805] binder: BINDER_SET_CONTEXT_MGR already set
[ 1955.661836] binder: 10430:10443 unknown command 0
[ 1955.666725] binder: 10430:10443 ioctl c0306201 20000200 returned -22
[ 1955.673550] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1955.680590] binder: 10430:10445 ioctl c0306201 20000380 returned -14
[ 1955.687981] binder: 10430:10435 ioctl 40046207 0 returned -16
[ 1955.728352] binder: 10448:10449 unknown command 0
20:22:35 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:35 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:35 executing program 5:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:35 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:35 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x3000000, &(0x7f0000000700)="f3"})

[ 1955.767029] binder: 10448:10449 ioctl c0306201 20000200 returned -22
[ 1955.796605] binder: 10448:10449 unknown command 0
[ 1955.801845] binder: 10448:10449 ioctl c0306201 20000200 returned -22
[ 1955.809538] binder: 10448:10449 ioctl c0306201 20000380 returned -14
[ 1955.856691] binder: 10454:10458 unknown command 0
[ 1955.863580] binder: BINDER_SET_CONTEXT_MGR already set
[ 1955.870220] binder: 10454:10458 ioctl c0306201 20000200 returned -22
[ 1955.883021] binder: 10455:10459 ioctl 40046207 0 returned -16
[ 1955.895768] binder: 10454:10458 unknown command 0
20:22:35 executing program 5:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r1, 0x0)
preadv(r1, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1955.903249] binder: 10455:10459 unknown command 0
[ 1955.908414] binder: 10454:10458 ioctl c0306201 20000200 returned -22
[ 1955.916858] binder: 10455:10459 ioctl c0306201 20000200 returned -22
[ 1955.928404] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1955.935251] binder: 10455:10459 ioctl c0306201 20000380 returned -14
[ 1955.943008] binder_alloc: 10454: binder_alloc_buf size 158913789952 failed, no address space
[ 1955.946037] binder: BINDER_SET_CONTEXT_MGR already set
[ 1955.971847] block nbd0: shutting down sockets
[ 1955.982928] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1955.991261] binder: 10455:10463 unknown command 0
[ 1956.000764] binder: 10455:10463 ioctl c0306201 20000200 returned -22
[ 1956.008372] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1956.014878] binder: 10455:10459 ioctl 40046207 0 returned -16
20:22:35 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1956.032708] binder: 10455:10467 ioctl c0306201 20000380 returned -14
[ 1956.044652] binder: BINDER_SET_CONTEXT_MGR already set
20:22:35 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:35 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x4000000, &(0x7f0000000700)="f3"})

[ 1956.078747] binder: 10454:10458 ioctl 40046207 0 returned -16
[ 1956.085234] binder: 10454:10472 unknown command 0
[ 1956.093206] binder: BINDER_SET_CONTEXT_MGR already set
[ 1956.114019] binder: 10454:10477 unknown command 0
[ 1956.119279] binder: 10454:10475 ioctl 40046207 0 returned -16
[ 1956.124931] binder: 10454:10472 ioctl c0306201 20000200 returned -22
[ 1956.132641] binder: 10454:10477 ioctl c0306201 20000200 returned -22
[ 1956.162221] block nbd0: shutting down sockets
20:22:35 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:36 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:36 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(0x0, 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1956.184641] binder: BINDER_SET_CONTEXT_MGR already set
[ 1956.219815] binder: 10485:10487 ioctl 40046207 0 returned -16
[ 1956.255720] binder: 10485:10489 unknown command 0
[ 1956.276557] binder: 10491:10494 unknown command 0
[ 1956.280192] binder: 10485:10489 ioctl c0306201 20000200 returned -22
[ 1956.295347] binder: 10491:10494 ioctl c0306201 20000200 returned -22
[ 1956.309169] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1956.318793] binder: 10485:10487 ioctl c0306201 20000380 returned -14
[ 1956.342909] binder: 10491:10494 unknown command 0
[ 1956.357221] binder: BINDER_SET_CONTEXT_MGR already set
[ 1956.361707] block nbd0: shutting down sockets
[ 1956.371677] binder: 10491:10494 ioctl c0306201 20000200 returned -22
[ 1956.382559] binder: 10485:10487 ioctl 40046207 0 returned -16
[ 1956.382607] binder: 10485:10489 unknown command 0
[ 1956.393896] binder_alloc: 10491: binder_alloc_buf size 158913789952 failed, no address space
[ 1956.411917] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1956.421253] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1956.435069] binder: 10485:10489 ioctl c0306201 20000200 returned -22
[ 1956.452382] binder: 10485:10502 ioctl c0306201 20000380 returned -14
[ 1956.483326] binder: BINDER_SET_CONTEXT_MGR already set
[ 1956.488911] binder: 10491:10494 ioctl 40046207 0 returned -16
[ 1956.497060] binder: 10491:10498 unknown command 0
[ 1956.504709] binder: 10491:10498 ioctl c0306201 20000200 returned -22
[ 1956.516435] binder: BINDER_SET_CONTEXT_MGR already set
[ 1956.540236] binder: 10491:10510 ioctl 40046207 0 returned -16
[ 1956.540357] binder: 10491:10494 unknown command 0
[ 1956.563451] binder: 10491:10494 ioctl c0306201 20000200 returned -22
20:22:36 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:36 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:36 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04)

20:22:36 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x5000000, &(0x7f0000000700)="f3"})

[ 1956.678825] binder: 10517:10518 unknown command 0
[ 1956.684064] binder: 10517:10518 ioctl c0306201 20000200 returned -22
[ 1956.696823] binder: 10517:10518 unknown command 0
[ 1956.702097] binder: 10517:10518 ioctl c0306201 20000200 returned -22
[ 1956.710936] binder: 10517:10518 ioctl c0306201 20000380 returned -14
20:22:36 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
mmap$binder(&(0x7f00001e7000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x7)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
open_by_handle_at(r5, &(0x7f00000003c0)=@ocfs2={0xc, 0x1, {0x81, 0x6, 0x7fff}}, 0x88000)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000380)={0x70, 0x0, &(0x7f0000000400)=[@acquire_done={0x40106309, 0x2}, @enter_looper, @enter_looper, @acquire={0x40046305, 0x1}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x0, &(0x7f0000000040)=""/130, 0x82, 0x2, 0x9}, @fda={0x66646185, 0x4, 0x2, 0x15}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/198, 0xc6, 0x1, 0x1c}}, &(0x7f0000000300)={0x0, 0x28, 0x48}}, 0x40}], 0x78, 0x0, &(0x7f0000000480)="fea211ca1ef932fbad39cf717fe812890ef01e70cc90db05e65e15dece7349171578990a873dc0ca12d223ac7e36bac1de7535ea3d0d4a2aaed900c890b5f063329cfcc331c7d0ced420fb6952d0f4a43113dc93d8aaabc78d575ef39c880546fb420e5a2c4e566cba3c3cc9b09e758b2267a35ba528cc1e"})

20:22:36 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = dup2(0xffffffffffffffff, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1956.783791] binder: BINDER_SET_CONTEXT_MGR already set
[ 1956.795129] binder: 10519:10527 unknown command 0
[ 1956.800588] binder: 10523:10524 ioctl 40046207 0 returned -16
[ 1956.821527] binder: 10519:10527 ioctl c0306201 20000200 returned -22
[ 1956.841066] binder: 10519:10527 unknown command 0
[ 1956.847774] binder: 10519:10527 ioctl c0306201 20000200 returned -22
[ 1956.860620] binder_alloc: 10519: binder_alloc_buf size 158913789952 failed, no address space
[ 1956.871753] binder: 10523:10524 unknown command 0
[ 1956.876759] binder: 10523:10524 ioctl c0306201 20000200 returned -22
[ 1956.884314] block nbd0: shutting down sockets
20:22:36 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04)

[ 1956.914877] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1956.923548] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1956.946108] binder: 10523:10524 ioctl c0306201 20000380 returned -14
[ 1956.957458] binder: BINDER_SET_CONTEXT_MGR already set
[ 1956.964558] binder: BINDER_SET_CONTEXT_MGR already set
[ 1956.971861] binder: 10519:10527 ioctl 40046207 0 returned -16
[ 1956.977115] binder: 10519:10532 unknown command 0
[ 1956.978658] binder: 10523:10529 unknown command 0
[ 1956.990285] binder: 10523:10529 ioctl c0306201 20000200 returned -22
[ 1956.991681] binder: 10519:10532 ioctl c0306201 20000200 returned -22
[ 1956.998839] binder: 10523:10524 ioctl 40046207 0 returned -16
[ 1957.012007] binder: BINDER_SET_CONTEXT_MGR already set
[ 1957.014538] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1957.019129] binder: 10519:10535 unknown command 0
[ 1957.030263] binder: 10519:10534 ioctl 40046207 0 returned -16
[ 1957.036760] binder: 10519:10535 ioctl c0306201 20000200 returned -22
20:22:36 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1957.064470] binder: 10523:10537 ioctl c0306201 20000380 returned -14
20:22:36 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = dup2(0xffffffffffffffff, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:36 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x6000000, &(0x7f0000000700)="f3"})

[ 1957.152105] block nbd0: shutting down sockets
20:22:37 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab04)

[ 1957.189944] binder: BINDER_SET_CONTEXT_MGR already set
[ 1957.198816] binder: 10547:10551 unknown command 0
[ 1957.213239] binder: 10547:10551 ioctl c0306201 20000200 returned -22
[ 1957.224591] binder: 10550:10553 ioctl 40046207 0 returned -16
20:22:37 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = dup2(0xffffffffffffffff, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1957.245700] binder: 10547:10551 unknown command 0
[ 1957.257296] binder: 10550:10553 unknown command 0
[ 1957.262849] binder: 10550:10553 ioctl c0306201 20000200 returned -22
[ 1957.270965] binder: 10547:10551 ioctl c0306201 20000200 returned -22
[ 1957.292440] binder_alloc: 10547: binder_alloc_buf size 158913789952 failed, no address space
[ 1957.302537] binder: 10550:10553 ioctl c0306201 20000380 returned -14
[ 1957.322598] binder: 10550:10556 unknown command 0
[ 1957.327687] binder: 10550:10556 ioctl c0306201 20000200 returned -22
[ 1957.337821] binder: BINDER_SET_CONTEXT_MGR already set
20:22:37 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$binderN(&(0x7f0000000180), 0x0, 0x0)
dup3(0xffffffffffffffff, r4, 0x0)
splice(r3, &(0x7f0000000100), 0xffffffffffffffff, 0x0, 0xffffffffffff131d, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000003, 0x50, r3, 0xb1e3a000)
r5 = syz_open_dev$video4linux(&(0x7f0000000140), 0x5, 0x240c00)
r6 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000680)={0xd8, 0x0, &(0x7f0000000480)=[@request_death, @register_looper, @increfs_done={0x40106308, 0x1}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000240)={@fda={0x66646185, 0x6, 0xfdfdffff00000000, 0x7}, @ptr={0x70742a85, 0x1, &(0x7f00000001c0)=""/124, 0x7c, 0x1, 0x1b}, @flat=@binder={0x73622a85, 0xbe9cbbd1e344fe76, 0x3}}, &(0x7f0000000040)={0x0, 0x20, 0x48}}, 0x1000}, @acquire_done, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000003c0)={@fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r5}, @ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/194, 0xc2, 0x2, 0x14}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @free_buffer={0x40086303, r6}], 0xe1, 0x0, &(0x7f0000000580)="1bf3ba046e33b72a2cd85d2e1b8ae94db8e3a2c5d3edfbc6a905c0e71674cf0a8d8c7731a0a43d8b272dc3f57fef52d1e5d517330db3bb8b4e1718a2595f691a5120c48e05328029ff35837a9be3f3af824e2f049196a4bc284be0c062bc6e0498ee60fddfc4a79a1c57e7453cb6a35237c0a42112f4a40affdf72b3169563f789346ed617711b9c787f55121613b804f7841d2c395b3ff586f720371300f5d8a396e2984997dc37a5dde0d099b5f07330f36b50c292629ee1dfcb835f8e6ccb3daa88ae6e0dbb69b0ffb85bb11b6a3bf9bb7e415042ec74498d4cf1202e220e1b"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x38, 0x0, &(0x7f0000000040)=[@release={0x40046306, 0x2}, @free_buffer, @dead_binder_done, @free_buffer={0x40086303, r6}, @dead_binder_done], 0x5d, 0x0, &(0x7f0000000080)="9ea3ee87731380a88c9ebacbb61cb8c64a40c3e9b0d93e5c01adfb0aacd56c6f5d7c4f6db702927a7aed1e7264b6bf53e7bbdf9f0a593cb0801312c856b88fd43781fae66e2efb654dc97b9a4937ba708aa567685cd5d9dbbf312373a5"})
r7 = dup2(r1, r0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r8, 0x0)
preadv(r8, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1957.344179] block nbd0: shutting down sockets
[ 1957.355758] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1957.376171] binder: 10550:10553 ioctl 40046207 0 returned -16
[ 1957.376255] binder: 10550:10563 ioctl c0306201 20000380 returned -14
[ 1957.418578] binder: BINDER_SET_CONTEXT_MGR already set
20:22:37 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = dup2(r0, 0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:37 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x7000000, &(0x7f0000000700)="f3"})

[ 1957.446706] binder: 10547:10551 ioctl 40046207 0 returned -16
[ 1957.448841] binder: 10547:10568 unknown command 0
[ 1957.468552] binder: 10547:10568 ioctl c0306201 20000200 returned -22
20:22:37 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1957.527901] binder: BINDER_SET_CONTEXT_MGR already set
[ 1957.554433] binder: 10575:10577 ioctl 40046207 0 returned -16
[ 1957.586562] binder: 10575:10581 unknown command 0
[ 1957.598383] binder: 10575:10581 ioctl c0306201 20000200 returned -22
[ 1957.617489] binder: 10575:10577 ioctl c0306201 20000380 returned -14
[ 1957.630556] binder: 10575:10581 unknown command 0
[ 1957.636720] binder: BINDER_SET_CONTEXT_MGR already set
[ 1957.646962] binder: 10580:10582 unknown command 0
[ 1957.652439] binder: 10575:10581 ioctl c0306201 20000200 returned -22
[ 1957.663286] binder: 10575:10577 ioctl 40046207 0 returned -16
[ 1957.665996] binder: 10575:10585 ioctl c0306201 20000380 returned -14
[ 1957.670467] binder: 10580:10582 ioctl c0306201 20000200 returned -22
[ 1957.719506] binder: 10580:10587 unknown command 0
[ 1957.740175] binder: 10580:10587 ioctl c0306201 20000200 returned -22
[ 1957.762808] binder_alloc: 10580: binder_alloc_buf size 158913789952 failed, no address space
[ 1957.781639] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1957.849004] binder: 10580:10587 unknown command 0
[ 1957.854816] binder: 10580:10587 ioctl c0306201 20000200 returned -22
[ 1957.862333] binder: BINDER_SET_CONTEXT_MGR already set
[ 1957.867702] binder: 10580:10582 ioctl 40046207 0 returned -16
[ 1957.867706] binder: BINDER_SET_CONTEXT_MGR already set
[ 1957.867722] binder: 10580:10593 ioctl 40046207 0 returned -16
[ 1957.886302] binder: 10580:10592 unknown command 0
[ 1957.900031] binder: 10580:10592 ioctl c0306201 20000200 returned -22
20:22:38 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda={0x66646185, 0x5, 0x0, 0x37}, @fd={0x66642a85, 0x0, r3}, @flat=@handle={0x73682a85, 0x180b}}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done={0x40106309, 0xffffffffffffffff}, @increfs={0x40046304, 0x3}], 0xffffffffffffff3f, 0x0, 0x0})

20:22:38 executing program 0:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0xc04a01, 0x0})

20:22:38 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = dup2(r0, 0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:38 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x20000000, &(0x7f0000000700)="f3"})

20:22:38 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1959.127532] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.144400] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.154583] binder: 10598:10601 ioctl 40046207 0 returned -16
[ 1959.159257] binder: 10602:10604 unknown command 0
[ 1959.164644] binder: 10600:10603 ioctl 40046207 0 returned -16
[ 1959.179053] binder: 10602:10604 ioctl c0306201 20000200 returned -22
[ 1959.187235] binder: 10600:10603 unknown command 0
[ 1959.196235] binder: 10598:10601 unknown command 0
[ 1959.201202] binder: 10598:10601 ioctl c0306201 20000200 returned -22
[ 1959.218184] binder: 10602:10604 unknown command 0
20:22:39 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r1 = dup2(r0, 0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1959.230662] binder: 10600:10603 ioctl c0306201 20000200 returned -22
[ 1959.246613] binder: 10602:10604 ioctl c0306201 20000200 returned -22
[ 1959.253370] binder: 10600:10607 ioctl c0306201 20000380 returned -14
[ 1959.266419] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.276614] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.284139] binder_alloc: 10602: binder_alloc_buf size 158913789952 failed, no address space
[ 1959.295560] binder: 10598:10601 ioctl 40046207 0 returned -16
[ 1959.306910] binder: 10600:10607 unknown command 0
[ 1959.312385] binder: 10600:10612 ioctl c0306201 20000380 returned -14
[ 1959.319326] binder: 10600:10607 ioctl c0306201 20000200 returned -22
[ 1959.321475] binder: 10598:10606 unknown command 0
[ 1959.326811] binder: 10600:10603 ioctl 40046207 0 returned -16
[ 1959.333004] binder: 10598:10606 ioctl c0306201 20000200 returned -22
[ 1959.341721] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:39 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x48000000, &(0x7f0000000700)="f3"})

[ 1959.377944] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.383690] binder: 10602:10604 ioctl 40046207 0 returned -16
[ 1959.384642] binder: 10602:10609 unknown command 0
[ 1959.408563] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.418947] binder: 10602:10609 ioctl c0306201 20000200 returned -22
20:22:39 executing program 5:
r0 = syz_open_dev$binderN(0x0, 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1959.429760] binder: 10602:10617 unknown command 0
[ 1959.440297] binder: 10602:10616 ioctl 40046207 0 returned -16
[ 1959.468478] binder: 10602:10617 ioctl c0306201 20000200 returned -22
20:22:39 executing program 0 (fault-call:8 fault-nth:0):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

[ 1959.508585] binder: BINDER_SET_CONTEXT_MGR already set
20:22:39 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:39 executing program 5:
r0 = syz_open_dev$binderN(0x0, 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1959.559131] binder: 10619:10625 ioctl 40046207 0 returned -16
[ 1959.566937] binder: 10619:10626 unknown command 0
[ 1959.592368] binder: 10619:10626 ioctl c0306201 20000200 returned -22
[ 1959.621293] binder: 10619:10625 ioctl c0306201 20000380 returned -14
[ 1959.641844] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.645315] binder: 10631:10635 unknown command 0
[ 1959.662101] block nbd0: shutting down sockets
20:22:39 executing program 5:
r0 = syz_open_dev$binderN(0x0, 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1959.668937] binder: 10619:10625 ioctl 40046207 0 returned -16
[ 1959.669244] binder: 10619:10626 unknown command 0
[ 1959.696623] binder: 10619:10637 ioctl c0306201 20000380 returned -14
[ 1959.709414] binder: 10631:10640 unknown command 0
[ 1959.721426] binder: 10619:10626 ioctl c0306201 20000200 returned -22
[ 1959.728092] binder: 10631:10635 ioctl c0306201 20000200 returned -22
[ 1959.754242] binder: 10631:10640 ioctl c0306201 20000200 returned -22
[ 1959.763988] binder_alloc: 10631: binder_alloc_buf size 158913789952 failed, no address space
[ 1959.795402] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1959.844627] binder: 10631:10640 unknown command 0
[ 1959.849673] binder: 10631:10640 ioctl c0306201 20000200 returned -22
[ 1959.857803] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.879820] binder: 10631:10645 ioctl 40046207 0 returned -16
[ 1959.885989] binder: BINDER_SET_CONTEXT_MGR already set
[ 1959.886023] binder: 10631:10635 ioctl 40046207 0 returned -16
20:22:39 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x4c000000, &(0x7f0000000700)="f3"})

20:22:39 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:39 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab04)

20:22:39 executing program 3 (fault-call:12 fault-nth:0):
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:39 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:39 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH(r3, 0xd0009411, &(0x7f00000568c0)={{<r4=>0x0, 0x0, 0x1f, 0x7ff, 0x6, 0x5, 0xfef, 0xfffffff8, 0x7, 0xfff, 0xffffe7ef, 0x81, 0x0, 0x8, 0x6}})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000005a080)={0x0, <r5=>0x0, "01e24de72b8f0ba015dbec607077afa07ddd2467594c493e29ce55353135fc8679ab35634368868519341ceea0a277f45abc88b96af1534ca004956eb62e18072de79d95cd71e5c3f1bd3e5bf9b6979bb6a666884523c41cc8a8236d4479e5ff4f7bd09eb1a4b9bdd047d1b7b5f6165a2c53daa75b91ef92d35f9ae121ef09a71d0025c683de886eb345cfc79a4f7fedfb78f9a02cd3414d9dbaaf6e85064a664620f8c8b8befd5966842b1508ec8e38c9d948af15af10f24af97a5eb5c3e0b98753e782f701a3d057c2139ed399a02941fb5cbe8ba0aa4f8e01134928bfb91eb687c2390c874a69100cdab3e5f25e5fd782b32d508673f23ef3c1fd3400d1cb", "776917bbdd3cc7ed5274c93122cf7400234399ba81fbbf32c35e1f670e16d79b2a565ce8cd6c642c18b05bdc4a99ac5373f9010540b804dd4fbc9290717e3b1942da25214a27b85be6f02414cde2ccecdb0265fd9fe7f35d1a822a5dad1be5abbbd47a9bbb28040b3ea9076c1e8fd26e756351908d53b2e7451419523c0fe1b83872cc4bac47b26f7e7429355eb027d2a3feb2862be341c51df2d7458eeee66209264536ae2efeff9b2fc77fa6b057f058a361b99b4558c2796ceb628c087cd46294b59f9d203dbd893a68391be9a82f3ee27e3b917051906f303557a8c5c507afa0ef4655e321f0d523e95aa5920a4be1e43b2f5380c6424e21b4078dfdb2e47b15440d492ed014a08e72659d0805d3781351fecee03c71c911d9e84c94c587a6162139801f70e52ef81e1912989c5d472eef422aee244e08be1ca7e7fa5a4291a2db463c32038dc187a4d0a5675eb32184331d50915873380640cd16b030b4186b0d05137ad353ce9232cbda8a3f4c04081db8c58a7e393d74a58ee6c9c435b1dde9d7aac270a087e78b0eacf8979a2329c519ebb1dc2025ad8d3062464dbc9f15e47678e8219dbfd48a72fb35546ea72dea62fe57516b431515c6cf2280f6a1fd5c1f89e3170f777082468ee0e32430f3844772fdba1ede78440f571b0e6fb21d6aecefd73f192bbeaf225320bf653482e23ce410929076dc6e50a1c58bd2049fe29595d8acdc4a3bb0edd1674662fa2b25365843a92eca646f2cedf1f087ca79b6215591f3db4563b1022a48f1831246c171c88233b90eeeb23dd0995ad56acf79585237c8d734fa1c7b7f6aad88931816cd842ff300c1c1586ff5ab44d51d393f115a177eabe80237629c8ab053f7b1268f00d2ac97b1edfa40e2b1256aa360f0ea2429b696ea9850ef28921d382eb3e32990af9fbf5d1a78fd8ce812da75484b0f41a40dc3114ac15b132f3329be0413835d6b463c1fe931378de0e0104221c8a68a026390144b813356a190f65af38ee9723bca5c2491c2bf556f981b96fd3f318f246c399308aea2c07eeeb26e65a495cf319c5d0c02033d103982c88c79b8916ae30f2ebf3d5b1401f8b5e47665587ddbee9a2549369d3cf64d3ca8f7afcac25695013269329e8a1596202f6a49b54892a722630b7aba5ac7f04fa024028d1755ea7209dcf84958cfdbe53bbaa6feccd9197917f9e901aa79324f289dd72560fc5543948f3327f678fb7ebce96e370ef2978948bcc1ea84f76112566a19eba7ae71b8db8fd0070cd87e0f6d9992a31ad84978be54064038e982d4aeda0af91f5c933d604701eb1e64eb9c335ea9669ca1991745c95118d70b44e34b95cb0a26fe31bf14ce52b50bc2cd2de51860d98e30093ba004bad967fd1bd642d343cb39abe3dc5244b09f6eb7ed0abb455c162be26c4592e6203911e80d3a8ec753db1d7ef0ce5c319674ff7265a829f576dbb6e8bc4e5343d5042a3782ef57e1d384e261f2fe1195cb7c2b1cd9726c9c7cf73cbf11b4dfabad42f5a62306d34dd435a51fd2c04d21ba9d0d7b86568323073e7127e77ae9e54b48ea1d5bade9db9c3c93a585f5c352a9d6d311bf944953c20e7ea4a5840ef9fe5f15e769834936a0908d9fe572cfab6ec315cce8e5259c2c8bb429e22ac6c9410dd8a632547a3c13ebf551a120acb87181bfa2970b67c7f1d87e4e5094ff229f71e0c9a8c0b96d9ebac0b32044ff4701b4b462bb97dbfdbc5a0bf9abc87002c99298bde838d046094afeb8e69f253954aa01f91a5305f5b76d5be84ba33a6dbcad2c57c9c77f04906c58cfef3056dda87c4d401b37f993dad73988c42dee4563ce02df5376ea4bbe1d66b94c4c639ec4095bccc878494a6fbcf71e2b4e22a2578bd29bb5f4086adcad86602c4a48e85950027494d67438f16a04d6bc2fcc5025f8ae47fd4ee2fcdb98a95537163a26416049e3d33f244f341a17823faa3efaefe5cd204d688cf91d856513a5d8ed40978974ab0898ed92ece82334c1487d4965c88b051b8909272943e09e9ceb07be1299ddb38b6e0e203ae0c40fcbb91995ba1bfbf1f1c0a83eed52d5d492e424324a96eadc4865a928a5acac573c6801c13285ac16751102f4e863097cb186574109d56a17cd55d162e924234730a5f42b798c9384cec92e0fefd6caef26abea3c58db1217f3fd26286a2c0df2e735faa8f58087912367ccc59d01d56a47d8fb40fb6e90d00d388f4b244c4d6ff5ec511e782c0776a20a4b8d15a968dbfb7e92d342c642bfa5703965800790f3a5bf3169226a3910ae239dc8140ee8f5a4196162c4246b14ef274359d8928166a48b59102b6c97cbd22b20f7d4167b0a8051400a761b01a693ba0508f05a4576c885849b828d2f98b1dce5c2c89108f5f40f6a38e77343115b9fac10669b6ac81885d05307fcb73961754aab5cce8549048e0bc26c8d2dba863b136b4d6bf67b58a0dd22925f7e535f929c49b8324c92c90c136f84475295fb9aae2e7f9c8deba7784f994fe17b9d6b4792e54ddf75c568dd5e65ad382f2b8f359120e86e251a8425ce8aae39a5bad7ac6bc5e22ae02d36e77cfb5caae24229ff648820a9fa8033b8dbc4d2932c7908dd7e98952204340f1a26a5c87a2622c9a70003fb7192b47e35ec4f816e1d0c872474cad1d9d78023fc9dd9e56fab5447a8b6789f4d97ad22925ec431c704be8ada7202763e4bcdb308291e1986385f431b7590b4cc34a758a3f3989549b6b79b9b24e1b577bb72c1116eddec8401c46f2614d72ccd67c524c15f8f3095bb41603d9c88a910f1a2de53ac11b350df8b7885c47ec57450c4f44389fba83aae7b23123531f0b27f9c5346e175ac070b86ec4d248832db670edb475579370f4d6e1e05c2d871603a29d6af3761332d95070c7a68ccc512ee407e82731881a82a21eb38747e72bd42b8ffa85818219815ed2081d410718f811d9638a8af8109c058542bf34cec2925ac068afae49a3daafacfda4068bcb96a35d903469f325cfef4ecf8b7efd9c560b8606971442b9385100aae4cdef7decbbeb51da493596c00cfbb146d537974b8df861ed35a33c29711f71925974ec3ae40ba0426a24a20fdda6a8fa88b391da72f25eb76365ed8095b27d500a5e9456b6032f37a90482594b0e70cee29e515c20cde862424b39ca9aa68a496741a2a76952d3763d87d4a1cb2b6997c9895407ed016354d0016aae04135281a268c36294721d7e16302dba0bd62d10fed1a3bd05b1d457f3ded7b21a80dcb162873dc2853afa7023f5eeb66f67d5625c59b4a5cf3cf8a45e0a6ae63b15cffa3c1e969389a58ddcbea789fec757fbccb8d43be214b29a9a72cf7d49ebcf2025973e97915cd25562449c616da164161bf8e47327ed2123869f4d861878d297d18a05dffe0e5dd2ef3207dd04e5dbd75732f08d70c02a63219013d3caf2ace209c8dfc73f5eb9761e3a6ee603ba0ee76b2bbb952f8bd5be0a9ee1c7142c7826a92a3fdcbd12565113bf7a47ce590809ca0d27fc1c68f5dcfcc5ffff47adc589d848e777dc3e59f3d4b55ebb85a3485dba60db366f8299d57567d5fb6aa60cd2c293064cae7d7730acde349cd617cdd5a0ad09e47a8eb598fb5cee803a00fe377a93cba8201f51d7cd5afd3a8bc81e6aa53bf38647e06a75cb9b58f3e76de7b42d5ea39eb0f50365885ed1a552a87c39231947468058ce13a5277f28326d8c2a445fe68aaccfd927f23df3c4442bcc2b4dacad324a3eb7c5cb858775b1ee790aa2e84a03573fd548650eb9d028372c69efb8b5da0b7df8d364714b893be6ede9286e5bf8af5a33a4ee19b0afe940355c26c89b6221ffc7692467ee3985a0a7b2fde6f742387d2c1a27fdc4a1a652fbf3a5a6c695e84318ed756678a298def3fcd7a97b04a7f7bad016226cc00c336f0c5f1fd032f5c490472987f1783c9514eaa72f4d161a7b22dc3f9a09e5c9014ef76b8634d0cfa0dc3ea402bbb52298852de00f41609a8daded31ffef37cb3871cd2a18e527d8ee07c41a1894b7c5325267d1f6eeaaefaac3e0b343700acf02c77f8db6a2bb8bc258683589c97fb9660b0deb8bdca9db02764c39d5452934089aad291603a3906e94311bc105a5ded5088d8dd4ea6fb7853937e9b1643dd519b3eb66fc9cffc2843879966f79a01b4df726960e5f4963a10bc5821bfb4a5093e2baa1fc9a3e0d51e4ce27bd96fa8bb8706ae355603ccef44529bdb0c94beaf9c6b3bbd25a1f2f59a0a2a96583ed2a88facd8dab86b4943626082f7d438d8864a65b2fc836fbd4c26aec603a0637c2a92568d52ee71f81bf4aae71886df5324b8c700652c47c91f0292d7b21612e023137e821ab52f1f325f1fffe1e4a8a0e3a925f2b07fb5dc9805aaab331ff26d580c25a061180c15622d1ec7968c41a6b1d801cd8ad2d4e2d89704948894edaa0cbd59a12840341290302f5367a269f97774babbaf560472890ab619918558f3a22401530f4be23b2f236618c18fb917dfd3fadb9815b325021faf4c342b54b9bccddd13a1a9b5de4d5f9c0c86814cc4887871a3fdd44ef9221b4a0ecf1342da7dcce371a888746fde689d70c1b71db2657d3ce179097aa6b86ca10af35368b2a5404799c05d5b15ef4a205b16345bc1456e2ea86338582228d098a797b068f64765dcec98bb0e6460877490620d9ef8807f54c316091090f49286f165fc1f3a5d9fe7a56fda50cf9be0a512b4fd307710e34dd9ee8314b350c13675666c0d359022769f8a61c9355845070dd10020b6a349d1169e6448685e66a0b646ae100af8ff8373c15b347c94065bfe3526f07dbefc341105764c2e20531b6f7f22f49282c952baafc65fac4d67ddd61884020c7abef7a2e261c8701cab6407a20d0c0c3d0551194a83c4add2402be48334d745e633c5b87ecc627104d3e3f5a81e7ce32439562960c772ff2186dfe86322a68363289e74d1e2c27a5921795a801c150a02ed551a2f1f05f3fa4bea3d213630ba4ee3f6b6628f5a845976e38752b0360fa1b7d88e8d57cf9333e529b9664b5571357310fcb63b9ce482ad69f069d1b65980862e8a1919d600d5472d62fdfabaced6c9dba4cb11cc4669a60b3c6af2cfd907bcbb28915acd5716b1432e4a9e459480f6d47323f91e165b070c0aad357c4a49fad624040f5d635d094eb93c260134c2c0ffe9a00925547e27de0e14470714913d7e4ec734967e8e3f53fc5327c3d73ca7bc023965a2f8b2f81211f60bf25b18a05f58baee762b9e3a72fb94e3b3bde53ed2dbec1f659c45d6d4b37870dee4023fd5eef9b3dff2a233264a971217f357dff40680653afb09d8a0706dbb1549a8647baec0b31ef19ec0393be93933f4defdc9ee2fe3450713a9971f6876efec872cf79760"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000005c080)={0x8, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r6=>0x0}], 0x0, "ee8151fb1ef9ea"})
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f000005d080)={<r7=>0x0, 0x0, "1fea8d96a7cded03d5d9cdb2af587d91aa6a040c822c65c79fafea2462af03a4d9062e15d7f51665943a1ac7afc5fba1774b452a83bed9817def6d5bc3b861c0262ec41da41592b4eac129f34086c84e6b6e3adeb3bbb055a339389dcf0b6218838bd0bcca9dcf86896644a44aef681f3ce956fbe6ba84c804c9363db7db18c48576eb52b13255edeb48adb0a0f0639454b5ec7eae1e714d7aa677cf2dbd4d277f1703bd02b20f90a55b1e7ae1e38c8532b4ebcd1036bf390a8ef65277cfba7929f265aa68bfec82808ede4d8d4b1c783cc53acdfd49916336c978c242ba9bfc73de9ca63f0dc036d773ab3d883302b1021dd420fefea59afa077f16fbb34614", "29c83c6d510241a958baea5eccdad5eef273d033dccaa922609c2df557a0438894801b6ed79d1b00ef7aa1de5994f6afc66e31ecd7acee5fd444db15251d6c84672eb9f6e72d685a6ea00f42ff12c17023f46be4e7b4fcf1588d4f7cf211c2a00787cb605e14d18bc8fb1467f6ca37b949ed85d0c864bce5c934ae95b937ae51acd3f0e72bf78cca9f6939e7811ebb77ef20886be2acd3097122931690c66381a56d3160179eb48c7d91d51198ca7792401960ddff498a6f431c6a527a694f3312b8ecf48470305063978b7e377ac8041b98dffccec0d3b1c9bf79811a69711000f98345372d414657830b68888bb55eac6f7824a364803ef65b15fdac5facec8c4dd23f74944829dcdfffb18ccb8cb1388c90edb3d7005f83f31441aaf06d395cca8bda7d53b9e51745c9b6290f16b2113e14a3b0f18e2754d027782bde6a1272e05cb33dd3cae74a9fa5a9adac921822e4259fd1064c5d81907a4c62ea9f5818f0e16fb9c182aea0b00ae0275c16cf2334ed92ff0efef5ed78ffb940fcf94d913e04eb64037e84958f2f500c047cd9d46bad71651b64e78e58cafa0eb0e3d81b04b23c56a3d5c749f7eae281ff004235611d860350d6525b89f3ee95249b335ddde8e767658e2fba3384898f64bf4a1acd3db5f84ea66e073eb04f04ad651ab64dedcde8166d8352b9220dd6cf56f0be1f6bd0bfdda5117414d133e89f8f73615e7e08c9fe82fa20d9e79a30604b7afcc20d0b4a038a9ba1ac9a79da7e31371af779136d42b54eedce108c7e702b3a37a55cee1147cb7c27d1e1c52907acbcf21efe4a7b249cccaf87d3d87a48b28b107186f7ad4452e1e3fde6baaa1347bce05f5177a112afa5186bee472637d891cbe823be3962e3e24acea561816be5aa4f3fa3c42f1a0eee708e57584e36acbfbbc22adb97536253c870a4556d7988e4078d62959fce76d2889e9aca0dd02006cd87e99af052942d549874ddf4449f07c900c27c9bd4db9e4d70f0eab8cddee421e2aeb04b244b586468c83ec13eb56c1e0bb569ac851845d74125316ebf25543a3fb9cf79bb1fdea6e6cfb3d33a51fc5ef07f826e746923a24a2669fd6031cf8cc23c7d52546dc6178a2c620480945d32e9b6917c7a53ed332d2bd1f3a2834ccffaf447d341f47e0d66502af5f0802c34bbea931c528e22ff333a6951de66582b6a43a1aefb639327c5857f3827343ed9e2b0fa8bf56e2ec1e3ae728636c58049714d054ea27232982cad99379471345c56c3a111f347fb281384ce71971ef6e964e253b5be4262bf97068236b9481e9f187568af623bacf36e1a51020091abc92d2c339beb2cf76203eafdb4ac2839f7aef6a25b730034dd5f789c3a0a13c33bb793c18a99cac8174c2a31e6b11a6f2225cd13b4c9a9e0e794b9d5423e178ad8cc7d1a85116ca79ea13c34e152984059ed7b0f724f8268d691c951b2d47c865d7b7682d244c6c5ad9538bb8d98948ead74a9a4e3e18427f99c14bcc7c3cbae2b709fafdf22e95b2ce37c2f7f58bd3a9abcc8dd5d41c44638307427fa4ce13f4b9f8baa70c1630337d0662209e152c7b7aa730d9f31f6836d0f60b6df83a13100e6eefafe169110db5b5c89f1b76de078c284bb4703f16001a9b82b0962cfa8d9b845d4e8dc6f6ecd09d9add51d541015e7ae5d78528af1ea927081cae8445890260f23ad01431faad929c4654abd720a1ba4ce464a904463514a10348c3ef3211a6c2f043f554b0383c1fa071fb56302df7bc2dc98883a566ea578679271d5324d016566161d72508bea264eca221e183a611ce9fbe3f545396b4904025965c842876c61077dd7014a6ebd9652db46871ff71256ade313359d7ff1896b7cb5715c25f4c82e3ae990c1dad5fa7d30eabae0d94c35f868c09d5214ebefa4adf779538c42987d206b2d07e348614b483f2fca21fa1edae5054d5d3a64833ab1de89f327c6620df70d0e9972643773e1d41bb7776a755104c43d062c4f2c75043dda6c0a57fc3b82fec651d4ae1c8a8e0363c44c612677ff6ea107732b8c3b75807b58885d58dbe6b2b77011a8a8ff271d3b40219b191c300402594caffb2bca06e35720f271b97d297011eb82a4a5c09b4ae5bc7e224c3b7e5e8751329125169ec7e43231801efb47d15df0db31b0b111eda8b5b0c7a2c310e16addec26e075ec4b456dfd0815f346f82f361ff62c3b5014bee5e3df623c5b367ae7a8c8aa1517fd1ae181ac2075fa605fcf66a2a3db9fdb3f6fd9be710e217d4a971c13110808b737fb5e5da1a00662d986f63e87e507e5f563ff911be6f6fcf659961cded2a5baa64cf43fe59f929b8619c7fc17c95f5332970aa7e735f1a92256392803220c44ba67578d5ead30a7ba36aba8e9b09efaa3496899c182ba2e3a78cefafdc9daa3ef6fbc23897a363f082a7c0cde032d2aee66288f4f5f53c21727f12b4a302804293b1fb2aa2c0b605ee23e66690b43c9681268f662197ed3293df4e5734d99548fb9a55a91bb088838352750e5352b857641ab840b10e6d941dfbbc476094237fdcc62b20bc16eea0a2f4337e4528007f013b447985a569843406aab35205d6b81eeea2235ad3fdef874eec87d0d17f779dcbd1a345bcc6905d837f914780decdda4d6f0dbe35ead6770e5e6363020421953e45a4197e53fce238af897edad4a6c61c4060ef3e7416ab3efe9f82459c5b2b8a3a123f8d4301b77a23379cd3abb78276038e1d0c6b384f850b758eddced1e079c50f61f4b82bca6255056e129f286e5e2e5b92cafc21283d919423cf9a4c5e98e96088fc893796cadb7bdbd8d2051b4c836865c6eed347c5f640c1f4bdf7c93b171b66e69128cad0eb46ba6e6b0d4c00fa37860dfcfa7d7597f7477b15ea0f1e01c59005d10fb63c263c665b0840ed49a876abec757eae988baeb9444835899e57ee20fc3c736ba2a6e02ea36d828e3856dc4c2ca6783c5e50f6bd06b4227ff11365db40cc72f2a0614de1cd5fc29ab5ddb167b2c2a59e109e7ab2566b6a28e6b79b4ebc5c98b5497c65c227c66b0165bfa4d888f1575ee1ab733e8016c2f5041264269296228137b9aff102173a63464c4171e5934ff811a450e19a97a2a51e5d147034d104aa00c62bf61a513e87d653ef0fc822509b2e4ad355dc61e558576feccb028a61ba99fb8ece8f7a0f0b92973359b2a4eac4169c5801c10bfb85c5cb06b780691436ea4628719630647d3210f1ee61624483856f86409a089f93c59d026338f1a4775d156494e1aa1cd5c146a97903f653a7870a166f38f9fea3763e9e7bd80de7edb15d2ea13986dbe774b90abed7021a97521937a45b49eeb90d9e7864295f3a578aa595d0524fbfbcc59a3f1663c45fc577beb4909a24c3ed52f69ebfc546e0915a580f0ed5c64820540763a22d6cff8ce8b7b18dd2a6c7a645df454a421d355e09a4fd89053825a1a7276d4824821d617dbf9a817079b50644e981fe4875e0c367b2ebe1c05861e0142c0b5a5b1b58130874292e0a4be67cdd7a7d6d53c504893ab7b9ae2a833801a8c85f1b3f1935a0b9297dc45aea958945b4c6b0acb45c54f74e392bbd788e618943d80322b8a899425fd506406820ee423172f6969d2ca6e88acd98efc276fdc2213fdd6f5a19d218f149242f2e08a5bf31df95f23b8d2e82f2d5ef314e154b36dea4655abb55add4021f136f314016fe801ff1500fccfb8298c3a60f5885ffa34524766123ccbfef71fd10f64c4ecdce9b3a34e7638a8bfba4151fa8eb120d85c9a27b3533f5891cf91143571b4fd67842386fee90d89233d8e664fb5534fffd122b71f0ca4983bef052043d37b816b50d02be049784cdc2bb9167d133146ad4064144c0ee140161e265325d2a815897af6ac7a6f3c0a18f6e4650e4654d4c2c8252f65ebb23e634bdf649b4ed783c241cfef1b151aa6d6a591a7feb855ddbd58736ac53fcbc7e09483fc3b3502dacbeadc41ce42762a95f7e55ff578eeff73231414b18e7285ae1bbd0aa0ad52ade6daeec3267c114a3dda7bfd89e2e399b4ce28b823add0f93baeb04a6eb3cc3db063d9624ce6ee23ff40c83b553d3be8237f06e81539483525b08e95dbeaefc5b8cb5b85d7805ab29d54416debb0322101468043e3b4b1b018602135e19a79e884c24358a891d21b6d64b9a5aca3302b48f82f11f6209282abb7b7d31beea0e429e658654c13b11d43944d0b443ecf47db0f4236672546cfc8c875c3b8ca510676172c6069ba18f6e5960f14b08954ad5600b518824a680b96940fc1907bc0b932b71dc951384092d8b22370b71ea9f1f6381552383cec3181cf4da8af9a08b92b567757f1234b02430e53a002c253041c8ca082f284c4a6b2d789c503b3dfbcd61af9e95002d706312ab5a0b2d32e6c396bcca1b4b9d61cddd4b6c0ab323b77f5003a33846973206e1e406b21f79ae5d2eee40b8ed66f8349fd902c41d74b200b3aaf7051e803b7bdd28a1d920259cce7cbc9317a791e7c41b2e7835fcc3b8d141e3fdf679b869ae046be1549c2ee2d556e0899035decaf5c8f56f099c1a5a0134af74411f3ef4bac37f118c9a34d9b197b2ebe7789dfaf1562655c70092bab318fb291ada0ce05890a19705169eb2963103fdfb4a812aac577ab44856486bc317987b3018fd48b4824fb5e77e3cbc08b556e3cd5f5d17c82ded2664332a01442c763f59bb089c85c3be6cbbce0e0b6fa906ac366d263622069627873aad7dd7f12381bf12e8edd9c963d980c5888a284fc4a5fd503403a51108e51ee8a57f0ad095be7b7cf5facc26e7cb5790010f8cf686aff724f3153b4f11b7ca024d266cfae2fb24e0401057a2e5c85a42fd6bf431f4e60ffc46eb2d27bdc2acae4af3fa7d58fefad8bc45b56bdaf71664266ef5c3dd7638d3895c14890902dc916009f902fd1547ff281ebef24caac2dd4a9c81f1a320c7e5a2815fc3bcdcc02b86906677400053ed23b7c0456cf510da22b2df1b1d395455e51e765ab3ffb0aca516feca769e77186c4800e7f1d58e7b590cfb4608a7dd394127f4300f8164d17c7f4a6e3baba5086121510d0ea17a5137a7b2484fecb1be27f5191d1fe9e950de657ce26f1d47e7ec949f92f7e1201c8572dde342abb65593a2471ac57cd14cc11ba59a1c59b98159619ec7481456f977c4d29c25b9324a400e17c0f172b4f82ba3c4f47c05b23be51746207921d3ff429eef26f30213613aab3dd04f45f3984ecadd93d099f62d6ca9fdc881b8efdf850e9ab737743a884a8a1300d7e5aa4a1ba5bef97715bcd005803e089fbb22563fbd28d753b5f2bef75cae980500b8379f4b502ce8b83f58211e6e786585fcf5b8450d230a57b7f5d4e7c2eebd92f1d48303f4c31913b31cbf8312d24c089bef9"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000003c0)={0x0, ""/256, 0x0, <r8=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000005e080)={0x3f, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {0x0, r6}, {0x0, r7}, {0x0, r8}], 0xf9, "c9906f9b59b102"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f00000578c0)={0x7, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {0x0, r8}], 0x0, "84250f92ecc685"})
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1960.025721] binder: 10652:10653 unknown command 0
[ 1960.031983] binder: 10652:10653 ioctl c0306201 20000200 returned -22
[ 1960.046539] binder: 10652:10653 unknown command 0
[ 1960.051907] binder: 10652:10653 ioctl c0306201 20000200 returned -22
[ 1960.064252] binder: 10652:10653 ioctl c0306201 20000380 returned -14
20:22:39 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1960.131190] binder: 10656:10660 unknown command 0
[ 1960.159089] binder: 10656:10660 ioctl c0306201 20000200 returned -22
[ 1960.167605] binder: BINDER_SET_CONTEXT_MGR already set
[ 1960.173720] block nbd0: shutting down sockets
[ 1960.179269] binder: 10655:10663 unknown command 0
[ 1960.192007] binder: 10655:10663 ioctl c0306201 20000200 returned -22
[ 1960.196455] binder: 10656:10660 ioctl d000943d 200578c0 returned -22
[ 1960.198617] binder: 10659:10665 ioctl 40046207 0 returned -16
[ 1960.213549] binder: 10659:10665 unknown command 0
[ 1960.213565] binder: 10659:10665 ioctl c0306201 20000200 returned -22
[ 1960.215756] binder_alloc_new_buf_locked: 8 callbacks suppressed
[ 1960.215763] binder_alloc: 27169: binder_alloc_buf, no vma
20:22:40 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:40 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x2)

[ 1960.257412] binder: 10655:10663 unknown command 0
[ 1960.266569] binder: 10656:10671 unknown command 0
[ 1960.272640] binder: 10655:10663 ioctl c0306201 20000200 returned -22
[ 1960.279392] binder: 10656:10671 ioctl c0306201 20000200 returned -22
[ 1960.296067] binder_alloc: 10655: binder_alloc_buf size 158913789952 failed, no address space
[ 1960.308418] binder: 10659:10665 ioctl c0306201 20000380 returned -14
[ 1960.309877] binder: 10656:10660 ioctl c0306201 20000540 returned -14
[ 1960.335770] binder: 10656:10671 unknown command 0
[ 1960.337885] binder: BINDER_SET_CONTEXT_MGR already set
[ 1960.340750] binder: 10656:10671 ioctl c0306201 20000200 returned -22
[ 1960.359937] binder: 10656:10678 ioctl d000943d 200578c0 returned -22
[ 1960.363203] binder: BINDER_SET_CONTEXT_MGR already set
[ 1960.372505] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1960.373498] binder: BINDER_SET_CONTEXT_MGR already set
[ 1960.387410] binder: 10656:10660 ioctl 40046207 0 returned -16
[ 1960.396391] block nbd0: shutting down sockets
[ 1960.397589] binder: 10659:10665 ioctl 40046207 0 returned -16
20:22:40 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1960.403759] binder: 10659:10680 unknown command 0
[ 1960.414577] binder: BINDER_SET_CONTEXT_MGR already set
[ 1960.419971] binder: 10655:10663 ioctl 40046207 0 returned -16
[ 1960.422148] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1960.439325] binder: 10655:10686 unknown command 0
[ 1960.447102] block nbd0: shutting down sockets
[ 1960.452188] binder: BINDER_SET_CONTEXT_MGR already set
[ 1960.458181] binder: 10655:10689 ioctl 40046207 0 returned -16
[ 1960.468644] binder: 10659:10680 ioctl c0306201 20000200 returned -22
[ 1960.468890] binder: 10655:10690 unknown command 0
[ 1960.482550] binder: 10655:10686 ioctl c0306201 20000200 returned -22
[ 1960.491407] binder: 10656:10679 ioctl 40046207 0 returned -16
[ 1960.497525] binder: 10656:10685 unknown command 0
[ 1960.497544] binder: 10656:10685 ioctl c0306201 20000200 returned -22
20:22:40 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x301)

20:22:40 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1960.512278] binder: 10655:10690 ioctl c0306201 20000200 returned -22
[ 1960.513431] binder: 10659:10688 ioctl c0306201 20000380 returned -14
20:22:40 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x68000000, &(0x7f0000000700)="f3"})

[ 1960.647700] binder: BINDER_SET_CONTEXT_MGR already set
[ 1960.654994] block nbd0: shutting down sockets
[ 1960.662074] binder: 10704:10705 ioctl 40046207 0 returned -16
[ 1960.669384] binder: 10704:10705 unknown command 0
[ 1960.674987] binder: 10704:10705 ioctl c0306201 20000200 returned -22
[ 1960.686183] block nbd0: shutting down sockets
[ 1960.707404] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1960.720128] binder: 10704:10705 ioctl c0306201 20000380 returned -14
[ 1960.736233] binder: BINDER_SET_CONTEXT_MGR already set
[ 1960.742823] binder: 10704:10710 unknown command 0
[ 1960.755162] binder: 10704:10705 ioctl 40046207 0 returned -16
[ 1960.762415] binder: 10704:10710 ioctl c0306201 20000200 returned -22
[ 1960.773433] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1960.780030] binder: 10704:10710 ioctl c0306201 20000380 returned -14
[ 1960.780677] binder: 10714:10715 unknown command 0
[ 1960.817029] binder: 10714:10715 ioctl c0306201 20000200 returned -22
[ 1960.845935] binder: 10714:10715 unknown command 0
[ 1960.850906] binder: 10714:10715 ioctl c0306201 20000200 returned -22
[ 1960.869625] FAULT_INJECTION: forcing a failure.
[ 1960.869625] name failslab, interval 1, probability 0, space 0, times 0
[ 1960.883769] CPU: 0 PID: 10715 Comm: syz-executor.3 Not tainted 4.19.194-syzkaller #0
[ 1960.891770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1960.901224] Call Trace:
[ 1960.903823]  dump_stack+0x1fc/0x2ef
[ 1960.907644]  should_fail.cold+0xa/0xf
[ 1960.911480]  ? setup_fault_attr+0x200/0x200
[ 1960.915825]  ? lock_acquire+0x170/0x3c0
[ 1960.919816]  __should_failslab+0x115/0x180
[ 1960.924255]  should_failslab+0x5/0x10
[ 1960.928267]  kmem_cache_alloc_trace+0x284/0x380
[ 1960.933149]  binder_transaction+0xa0c/0x7480
[ 1960.940184]  ? perf_trace_lock_acquire+0x530/0x530
[ 1960.945144]  ? perf_trace_lock+0xe2/0x4b0
[ 1960.949490]  ? perf_trace_lock_acquire+0x530/0x530
[ 1960.954533]  ? binder_deferred_func+0x16e0/0x16e0
[ 1960.959379]  ? lock_downgrade+0x720/0x720
[ 1960.963544]  ? lock_acquire+0x170/0x3c0
[ 1960.967543]  ? __might_fault+0xef/0x1d0
[ 1960.971601]  ? __might_fault+0x192/0x1d0
[ 1960.975659]  binder_thread_write+0x681/0x3290
[ 1960.980359]  ? binder_thread_read+0x3960/0x3960
[ 1960.985052]  ? lock_downgrade+0x720/0x720
[ 1960.989332]  ? lock_acquire+0x170/0x3c0
[ 1960.993769]  ? __might_fault+0xef/0x1d0
[ 1960.997834]  ? __might_fault+0x192/0x1d0
[ 1961.001941]  binder_ioctl_write_read+0x23a/0x920
[ 1961.006816]  ? lock_acquire+0x170/0x3c0
[ 1961.010822]  ? binder_get_thread+0x51/0x9d0
[ 1961.015876]  ? binder_thread_write+0x3290/0x3290
[ 1961.020783]  ? _raw_spin_unlock+0x29/0x40
[ 1961.025036]  ? binder_get_thread+0x240/0x9d0
[ 1961.029598]  binder_ioctl+0x3fb/0x1240
[ 1961.033733]  ? binder_ioctl_write_read+0x920/0x920
[ 1961.038700]  ? perf_trace_lock_acquire+0x530/0x530
[ 1961.043641]  ? perf_trace_lock+0xe2/0x4b0
[ 1961.047801]  ? binder_ioctl_write_read+0x920/0x920
[ 1961.052831]  do_vfs_ioctl+0xcdb/0x12e0
[ 1961.056891]  ? lock_downgrade+0x720/0x720
[ 1961.061124]  ? check_preemption_disabled+0x41/0x280
[ 1961.066282]  ? ioctl_preallocate+0x200/0x200
[ 1961.070812]  ? __fget+0x356/0x510
[ 1961.074379]  ? do_dup2+0x450/0x450
[ 1961.078087]  ? vfs_write+0x393/0x540
[ 1961.081895]  ? fput+0x2b/0x190
[ 1961.085260]  ksys_ioctl+0x9b/0xc0
[ 1961.089081]  __x64_sys_ioctl+0x6f/0xb0
[ 1961.093355]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[ 1961.098299]  do_syscall_64+0xf9/0x620
[ 1961.102459]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1961.108040] RIP: 0033:0x4665d9
[ 1961.111278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1961.131277] RSP: 002b:00007fd25783a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1961.139024] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1961.146333] RDX: 0000000020000380 RSI: 00000000c0306201 RDI: 0000000000000004
[ 1961.153705] RBP: 00007fd25783a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1961.161333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
20:22:40 executing program 3 (fault-call:12 fault-nth:1):
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:40 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:40 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
r4 = perf_event_open$cgroup(&(0x7f0000000080)={0x2, 0x80, 0xe6, 0x5, 0x20, 0x7f, 0x0, 0x0, 0xc4880, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x40, 0x2, @perf_bp={&(0x7f0000000040)}, 0x4000, 0x0, 0x8, 0x7, 0x3, 0x80, 0x7b70, 0x0, 0x0, 0x0, 0x4}, r3, 0xffffffffffffffff, r3, 0x1)
mmap(&(0x7f00005dc000/0x4000)=nil, 0x4000, 0x8, 0x100010, r4, 0x46c42000)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:40 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x88, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}, @acquire_done], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:40 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x125d)

20:22:40 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x6c000000, &(0x7f0000000700)="f3"})

[ 1961.168796] R13: 00007ffcc9f39f3f R14: 00007fd25783a300 R15: 0000000000022000
[ 1961.181737] binder: 10714:10715 ioctl c0306201 20000380 returned -14
[ 1961.222676] binder: 10722:10724 unknown command 0
[ 1961.228942] binder: 10722:10724 ioctl c0306201 20000200 returned -22
[ 1961.262329] binder: 10722:10724 unknown command 0
20:22:41 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1961.272085] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.286227] binder: 10726:10732 unknown command 0
[ 1961.291168] binder: 10726:10732 ioctl c0306201 20000200 returned -22
[ 1961.294109] binder: 10722:10724 ioctl c0306201 20000200 returned -22
[ 1961.308441] binder: 10725:10729 ioctl 40046207 0 returned -16
[ 1961.310601] binder: 10733:10735 ioctl c0306201 0 returned -14
[ 1961.316687] block nbd0: shutting down sockets
[ 1961.326899] binder: 10726:10732 unknown command 0
[ 1961.332928] binder: 10722:10736 ioctl c0306201 20000540 returned -14
[ 1961.339815] binder: 10725:10737 unknown command 0
[ 1961.350659] binder: 10726:10732 ioctl c0306201 20000200 returned -22
[ 1961.369285] binder: 10725:10737 ioctl c0306201 20000200 returned -22
[ 1961.371208] block nbd0: shutting down sockets
[ 1961.384941] binder_alloc: 10726: binder_alloc_buf size 158913789952 failed, no address space
[ 1961.385406] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1961.400874] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.420790] binder: 10722:10724 ioctl 40046207 0 returned -16
[ 1961.428368] binder: 10722:10736 unknown command 0
[ 1961.435587] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.440327] binder: 10725:10729 ioctl c0306201 20000380 returned -14
[ 1961.441206] binder: 10722:10736 ioctl c0306201 20000200 returned -22
[ 1961.460082] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:41 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:41 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x125e)

[ 1961.469918] binder: 10722:10747 ioctl c0306201 20000540 returned -14
[ 1961.473360] binder: 10725:10737 unknown command 0
[ 1961.478556] binder: 10722:10746 unknown command 0
[ 1961.483639] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.496173] binder: 10722:10744 ioctl 40046207 0 returned -16
[ 1961.502234] binder: 10722:10746 ioctl c0306201 20000200 returned -22
[ 1961.523543] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.528650] binder: 10725:10737 ioctl c0306201 20000200 returned -22
[ 1961.528865] binder: 10726:10732 ioctl 40046207 0 returned -16
[ 1961.529788] binder: 10726:10732 unknown command 0
[ 1961.550414] binder: 10725:10729 ioctl 40046207 0 returned -16
[ 1961.550623] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1961.565489] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.570883] binder: 10726:10743 ioctl 40046207 0 returned -16
[ 1961.581082] binder: 10726:10755 unknown command 0
[ 1961.593774] binder: 10726:10755 ioctl c0306201 20000200 returned -22
[ 1961.600830] binder: 10725:10753 ioctl c0306201 20000380 returned -14
[ 1961.609354] binder: 10726:10732 ioctl c0306201 20000200 returned -22
20:22:41 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000040)=""/179, 0xb3}], 0x2, 0x8, 0x9)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:41 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x74000000, &(0x7f0000000700)="f3"})

20:22:41 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1961.620106] binder: 10756:10759 ioctl c0306201 0 returned -14
[ 1961.627084] block nbd0: shutting down sockets
[ 1961.668590] block nbd0: shutting down sockets
[ 1961.710861] binder: 10762:10765 unknown command 0
[ 1961.721552] binder: 10762:10765 ioctl c0306201 20000200 returned -22
[ 1961.731139] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.731967] binder: 10764:10769 unknown command 0
[ 1961.744931] binder: 10763:10767 ioctl 40046207 0 returned -16
[ 1961.753772] binder: 10762:10765 unknown command 0
[ 1961.758803] binder: 10762:10765 ioctl c0306201 20000200 returned -22
[ 1961.769264] binder: 10763:10767 unknown command 0
[ 1961.775687] binder: 10763:10767 ioctl c0306201 20000200 returned -22
[ 1961.784666] binder: 10764:10769 ioctl c0306201 20000200 returned -22
[ 1961.792549] binder_alloc: 10762: binder_alloc_buf size 158913789952 failed, no address space
[ 1961.803830] binder: 10764:10771 unknown command 0
[ 1961.805217] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1961.816750] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1961.816792] binder: 10764:10771 ioctl c0306201 20000200 returned -22
[ 1961.827491] binder: 10763:10767 ioctl c0306201 20000380 returned -14
[ 1961.846565] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.852247] binder: 10762:10765 ioctl 40046207 0 returned -16
[ 1961.860874] binder: 10764:10769 ioctl c0306201 20000540 returned -14
[ 1961.870137] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.877958] binder: 10762:10773 unknown command 0
[ 1961.885347] binder: 10763:10775 unknown command 0
[ 1961.890060] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.894473] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.902527] binder: 10763:10767 ioctl 40046207 0 returned -16
[ 1961.909707] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1961.909776] binder: 10763:10775 ioctl c0306201 20000200 returned -22
[ 1961.919691] binder: 10763:10776 ioctl c0306201 20000380 returned -14
[ 1961.925157] binder: 10764:10769 ioctl 40046207 0 returned -16
[ 1961.932490] binder: 10764:10771 unknown command 0
[ 1961.937615] binder: 10762:10773 ioctl c0306201 20000200 returned -22
[ 1961.941008] binder: 10764:10771 ioctl c0306201 20000200 returned -22
[ 1961.955956] binder: 10764:10787 unknown command 0
[ 1961.961120] binder: BINDER_SET_CONTEXT_MGR already set
[ 1961.966470] binder: 10762:10780 ioctl 40046207 0 returned -16
[ 1961.967039] binder: 10764:10787 ioctl c0306201 20000200 returned -22
[ 1961.983492] binder: 10764:10783 ioctl 40046207 0 returned -16
[ 1962.010142] binder: 10761:10788 unknown command 0
[ 1962.015535] binder: 10761:10788 ioctl c0306201 20000200 returned -22
[ 1962.031027] binder: 10761:10788 unknown command 0
[ 1962.049627] binder: 10761:10788 ioctl c0306201 20000200 returned -22
[ 1962.080670] FAULT_INJECTION: forcing a failure.
[ 1962.080670] name failslab, interval 1, probability 0, space 0, times 0
[ 1962.100903] CPU: 0 PID: 10788 Comm: syz-executor.3 Not tainted 4.19.194-syzkaller #0
[ 1962.108981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1962.118660] Call Trace:
[ 1962.121295]  dump_stack+0x1fc/0x2ef
[ 1962.124985]  should_fail.cold+0xa/0xf
[ 1962.128894]  ? setup_fault_attr+0x200/0x200
[ 1962.133244]  ? lock_acquire+0x170/0x3c0
[ 1962.137352]  __should_failslab+0x115/0x180
[ 1962.141606]  should_failslab+0x5/0x10
[ 1962.145431]  kmem_cache_alloc_trace+0x284/0x380
[ 1962.150128]  binder_transaction+0xa81/0x7480
[ 1962.154561]  ? perf_trace_lock_acquire+0x530/0x530
[ 1962.159606]  ? perf_trace_lock+0xe2/0x4b0
[ 1962.163988]  ? perf_trace_lock_acquire+0x530/0x530
[ 1962.169102]  ? binder_deferred_func+0x16e0/0x16e0
[ 1962.173991]  ? lock_downgrade+0x720/0x720
[ 1962.178311]  ? lock_acquire+0x170/0x3c0
[ 1962.182315]  ? __might_fault+0xef/0x1d0
[ 1962.186710]  ? __might_fault+0x192/0x1d0
[ 1962.190946]  binder_thread_write+0x681/0x3290
[ 1962.196061]  ? binder_thread_read+0x3960/0x3960
[ 1962.201053]  ? lock_downgrade+0x720/0x720
[ 1962.205340]  ? lock_acquire+0x170/0x3c0
[ 1962.209324]  ? __might_fault+0xef/0x1d0
[ 1962.213406]  ? __might_fault+0x192/0x1d0
[ 1962.217581]  binder_ioctl_write_read+0x23a/0x920
[ 1962.222532]  ? lock_acquire+0x170/0x3c0
[ 1962.226527]  ? binder_get_thread+0x51/0x9d0
[ 1962.230958]  ? binder_thread_write+0x3290/0x3290
[ 1962.237326]  ? _raw_spin_unlock+0x29/0x40
[ 1962.241586]  ? binder_get_thread+0x240/0x9d0
[ 1962.246093]  binder_ioctl+0x3fb/0x1240
[ 1962.249981]  ? binder_ioctl_write_read+0x920/0x920
[ 1962.255009]  ? perf_trace_lock_acquire+0x530/0x530
[ 1962.260029]  ? perf_trace_lock+0xe2/0x4b0
[ 1962.264213]  ? binder_ioctl_write_read+0x920/0x920
[ 1962.269941]  do_vfs_ioctl+0xcdb/0x12e0
[ 1962.274298]  ? lock_downgrade+0x720/0x720
[ 1962.278566]  ? check_preemption_disabled+0x41/0x280
[ 1962.283582]  ? ioctl_preallocate+0x200/0x200
[ 1962.287986]  ? __fget+0x356/0x510
[ 1962.291443]  ? do_dup2+0x450/0x450
[ 1962.295004]  ? vfs_write+0x393/0x540
[ 1962.298720]  ? fput+0x2b/0x190
[ 1962.301905]  ksys_ioctl+0x9b/0xc0
[ 1962.305348]  __x64_sys_ioctl+0x6f/0xb0
[ 1962.309340]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[ 1962.313934]  do_syscall_64+0xf9/0x620
[ 1962.317739]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1962.322928] RIP: 0033:0x4665d9
[ 1962.326121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1962.345812] RSP: 002b:00007fd25783a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1962.353605] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1962.361152] RDX: 0000000020000380 RSI: 00000000c0306201 RDI: 0000000000000004
[ 1962.368430] RBP: 00007fd25783a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1962.375703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
20:22:42 executing program 3 (fault-call:12 fault-nth:2):
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:42 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:42 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x125f)

20:22:42 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x7a000000, &(0x7f0000000700)="f3"})

20:22:42 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:42 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180), 0xc2, 0x0, &(0x7f0000000240)="7d8cc20f33c1f71e91c393d219996f0adeb8f955315ef371697555cd4cb1d1281c31863e5edca28f93607f91befb02464219d179257343db3417ea5c5b01228e3d9ef869d357c6f025e711c2e9826690025b6ba3edd15ce651b1278609639ab2491756ea1f8f286c93feaa87bf85b8cde159e950c3ef7bc653de3620d98de81634e2a91154b10ec4d0f076a613d189e124bce051a59e3e86604edd54b38980966883f3473810c78f4dbccd5960a87b168825203e431b803bb3ce2bd78a580ee0f01b"})
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000440), 0x80802, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480)={<r5=>0xffffffffffffffff})
dup2(r4, r5)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r6 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000600)={0x9, 0x20, 0x3, 0x0, 0x0, [{{}, 0x4f5}, {{r6}, 0x3}, {{r7}, 0x4}]})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1962.383085] R13: 00007ffcc9f39f3f R14: 00007fd25783a300 R15: 0000000000022000
[ 1962.399518] binder: 10761:10788 ioctl c0306201 20000380 returned -14
[ 1962.447349] binder: 10797:10800 ioctl c0306201 0 returned -14
[ 1962.467036] binder: BINDER_SET_CONTEXT_MGR already set
[ 1962.478745] binder: 10799:10803 ioctl 40046207 0 returned -16
[ 1962.490389] binder: 10802:10806 unknown command 0
20:22:42 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1962.490907] binder: 10799:10803 unknown command 0
[ 1962.502846] binder: 10802:10806 ioctl c0306201 20000200 returned -22
[ 1962.508232] binder: 10799:10803 ioctl c0306201 20000200 returned -22
[ 1962.516833] binder: 10801:10805 unknown command 0
[ 1962.538670] block nbd0: shutting down sockets
[ 1962.544793] binder: 10801:10805 ioctl c0306201 20000200 returned -22
[ 1962.550792] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1962.564974] binder: 10799:10810 ioctl c0306201 20000380 returned -14
[ 1962.582402] binder: 10801:10805 unknown command 0
20:22:42 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1962.582845] block nbd0: shutting down sockets
[ 1962.587576] binder: 10801:10805 ioctl c0306201 20000200 returned -22
[ 1962.614129] binder_alloc: 10801: binder_alloc_buf size 158913789952 failed, no address space
[ 1962.623335] binder: BINDER_SET_CONTEXT_MGR already set
[ 1962.629897] binder: 10802:10815 unknown command 0
[ 1962.629940] binder: 10799:10810 unknown command 0
[ 1962.635136] binder: 10802:10815 ioctl c0306201 20000200 returned -22
[ 1962.649786] binder: 10799:10803 ioctl 40046207 0 returned -16
[ 1962.657058] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1962.664110] binder: 10799:10810 ioctl c0306201 20000200 returned -22
[ 1962.671053] binder: 10799:10823 ioctl c0306201 20000380 returned -14
[ 1962.678658] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:42 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1260)

[ 1962.684701] binder: 10802:10815 ioctl c0306201 20000540 returned -14
[ 1962.705446] binder: BINDER_SET_CONTEXT_MGR already set
[ 1962.711840] binder: 10801:10811 unknown command 0
[ 1962.716809] binder: 10801:10811 ioctl c0306201 20000200 returned -22
[ 1962.732263] binder: 10801:10805 ioctl 40046207 0 returned -16
20:22:42 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:42 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0xffffff7f, &(0x7f0000000700)="f3"})

[ 1962.739726] binder: BINDER_SET_CONTEXT_MGR already set
[ 1962.757247] binder: 10801:10828 ioctl 40046207 0 returned -16
20:22:42 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1962.813916] binder: BINDER_SET_CONTEXT_MGR already set
[ 1962.819483] binder: 10834:10835 ioctl 40046207 0 returned -16
[ 1962.828173] binder: 10834:10835 unknown command 0
[ 1962.834290] binder: 10834:10835 ioctl c0306201 20000200 returned -22
[ 1962.842809] block nbd0: shutting down sockets
[ 1962.864216] binder: 10834:10835 ioctl c0306201 20000380 returned -14
[ 1962.882826] binder: BINDER_SET_CONTEXT_MGR already set
[ 1962.893632] binder: 10837:10840 unknown command 0
[ 1962.899995] binder: 10834:10841 unknown command 0
[ 1962.905209] block nbd0: shutting down sockets
[ 1962.909489] binder: 10837:10840 ioctl c0306201 20000200 returned -22
[ 1962.915680] binder: 10834:10835 ioctl 40046207 0 returned -16
[ 1962.924072] binder: 10834:10841 ioctl c0306201 20000200 returned -22
[ 1962.932133] binder: 10834:10843 ioctl c0306201 20000380 returned -14
[ 1962.961974] binder: 10837:10840 unknown command 0
[ 1962.966896] binder: 10837:10840 ioctl c0306201 20000200 returned -22
[ 1962.994889] binder_alloc: 10837: binder_alloc_buf size 158913789952 failed, no address space
[ 1963.007598] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1963.028056] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.039458] binder: 10837:10848 unknown command 0
[ 1963.050167] binder: 10837:10848 ioctl c0306201 20000200 returned -22
[ 1963.052789] binder: 10837:10840 ioctl 40046207 0 returned -16
[ 1963.068096] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.073193] binder: 10844:10857 unknown command 0
[ 1963.076269] binder: 10837:10855 ioctl 40046207 0 returned -16
[ 1963.078487] binder: 10837:10840 unknown command 0
[ 1963.078506] binder: 10837:10840 ioctl c0306201 20000200 returned -22
[ 1963.092993] binder: 10844:10857 ioctl c0306201 20000200 returned -22
[ 1963.120161] binder: 10844:10857 unknown command 0
[ 1963.128794] binder: 10844:10857 ioctl c0306201 20000200 returned -22
[ 1963.139456] FAULT_INJECTION: forcing a failure.
[ 1963.139456] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1963.153397] CPU: 0 PID: 10857 Comm: syz-executor.3 Not tainted 4.19.194-syzkaller #0
[ 1963.161520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1963.171004] Call Trace:
[ 1963.173715]  dump_stack+0x1fc/0x2ef
[ 1963.177362]  should_fail.cold+0xa/0xf
[ 1963.181318]  ? lock_acquire+0x170/0x3c0
[ 1963.185406]  ? setup_fault_attr+0x200/0x200
[ 1963.189831]  __alloc_pages_nodemask+0x239/0x2890
[ 1963.194700]  ? __lock_acquire+0x6de/0x3ff0
[ 1963.198931]  ? is_bpf_text_address+0xfc/0x1b0
[ 1963.203706]  ? __kernel_text_address+0x9/0x30
[ 1963.208433]  ? mark_held_locks+0xf0/0xf0
[ 1963.212626]  ? gfp_pfmemalloc_allowed+0x150/0x150
[ 1963.218046]  ? lock_acquire+0x170/0x3c0
[ 1963.222033]  ? binder_alloc_new_buf+0x31/0x13e0
[ 1963.226748]  ? lock_acquire+0x170/0x3c0
[ 1963.230858]  ? check_preemption_disabled+0x41/0x280
[ 1963.236204]  alloc_pages_current+0x193/0x2a0
[ 1963.240865]  binder_update_page_range+0x3e9/0x1bf0
[ 1963.245996]  ? binder_ioctl+0x1240/0x1240
[ 1963.251991]  ? should_fail+0x142/0x7b0
[ 1963.256029]  binder_alloc_new_buf+0x9dd/0x13e0
[ 1963.260969]  binder_transaction+0xf9c/0x7480
[ 1963.265405]  ? perf_trace_lock_acquire+0x530/0x530
[ 1963.270517]  ? perf_trace_lock+0xe2/0x4b0
[ 1963.274782]  ? perf_trace_lock_acquire+0x530/0x530
[ 1963.280149]  ? binder_deferred_func+0x16e0/0x16e0
[ 1963.285186]  ? lock_downgrade+0x720/0x720
[ 1963.289763]  ? lock_acquire+0x170/0x3c0
[ 1963.293745]  ? __might_fault+0xef/0x1d0
[ 1963.298957]  ? __might_fault+0x192/0x1d0
[ 1963.303233]  binder_thread_write+0x681/0x3290
[ 1963.307884]  ? binder_thread_read+0x3960/0x3960
[ 1963.312574]  ? lock_downgrade+0x720/0x720
[ 1963.316743]  ? lock_acquire+0x170/0x3c0
[ 1963.320847]  ? __might_fault+0xef/0x1d0
[ 1963.324921]  ? __might_fault+0x192/0x1d0
[ 1963.329331]  binder_ioctl_write_read+0x23a/0x920
[ 1963.334566]  ? lock_acquire+0x170/0x3c0
[ 1963.338744]  ? binder_get_thread+0x51/0x9d0
[ 1963.343358]  ? binder_thread_write+0x3290/0x3290
[ 1963.348318]  ? _raw_spin_unlock+0x29/0x40
[ 1963.352643]  ? binder_get_thread+0x240/0x9d0
[ 1963.357079]  binder_ioctl+0x3fb/0x1240
[ 1963.360986]  ? binder_ioctl_write_read+0x920/0x920
[ 1963.365935]  ? perf_trace_lock_acquire+0x530/0x530
[ 1963.370864]  ? perf_trace_lock+0xe2/0x4b0
[ 1963.375123]  ? binder_ioctl_write_read+0x920/0x920
[ 1963.380061]  do_vfs_ioctl+0xcdb/0x12e0
[ 1963.384141]  ? lock_downgrade+0x720/0x720
[ 1963.388491]  ? check_preemption_disabled+0x41/0x280
[ 1963.393529]  ? ioctl_preallocate+0x200/0x200
[ 1963.397956]  ? __fget+0x356/0x510
[ 1963.401447]  ? do_dup2+0x450/0x450
[ 1963.405196]  ? vfs_write+0x393/0x540
[ 1963.409080]  ? fput+0x2b/0x190
[ 1963.412568]  ksys_ioctl+0x9b/0xc0
[ 1963.416123]  __x64_sys_ioctl+0x6f/0xb0
[ 1963.420115]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[ 1963.424705]  do_syscall_64+0xf9/0x620
[ 1963.428691]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1963.434462] RIP: 0033:0x4665d9
[ 1963.438274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1963.457638] RSP: 002b:00007fd25783a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1963.465883] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1963.473674] RDX: 0000000020000380 RSI: 00000000c0306201 RDI: 0000000000000004
[ 1963.481613] RBP: 00007fd25783a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1963.489004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1963.496298] R13: 00007ffcc9f39f3f R14: 00007fd25783a300 R15: 0000000000022000
[ 1963.514412] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.519873] binder: 10802:10806 ioctl 40046207 0 returned -16
[ 1963.526931] binder: 10802:10815 unknown command 0
[ 1963.532355] binder: 10802:10815 ioctl c0306201 20000200 returned -22
[ 1963.542872] binder_alloc: 10844: binder_alloc_buf failed for page at 000000008a5d9ed1
[ 1963.546767] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.551217] binder: 10844:10857 ioctl c0306201 20000380 returned -14
[ 1963.563192] binder: 10802:10815 unknown command 0
20:22:43 executing program 3 (fault-call:12 fault-nth:3):
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:43 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1261)

20:22:43 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x100000000000000, &(0x7f0000000700)="f3"})

20:22:43 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x74, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0x1001}, @fda={0x66646185, 0xa, 0x1, 0x18}, @ptr={0x70742a85, 0x1, &(0x7f0000000180)=""/69, 0x45, 0x2, 0x101}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x1400}], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:43 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1963.567331] binder: 10802:10806 ioctl 40046207 0 returned -16
[ 1963.576680] binder: 10802:10815 ioctl c0306201 20000200 returned -22
20:22:43 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x28, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper, @clear_death={0x400c630f, 0x3}], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1963.654198] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.668320] block nbd0: shutting down sockets
[ 1963.675565] binder: 10866:10871 unknown command 0
[ 1963.679938] binder: 10864:10870 ioctl 40046207 0 returned -16
20:22:43 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x88, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000280)=ANY=[@ANYBLOB="d7e8624d1d85616466000000000600000000000000000000000000000036000000000000008561646600000000090000000000000002000000000000002500000000000000852a68730b1000"/88], &(0x7f0000000300)={0x0, 0x20, 0x40}}, 0x40}, @dead_binder_done, @exit_looper, @increfs_done={0x40106308, 0x3}, @increfs={0x40046304, 0x40000001}, @exit_looper, @enter_looper, @release={0x40046306, 0x1}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x40800, 0x11)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x20010, r4, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
dup2(r4, r5)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
close(0xffffffffffffffff)
signalfd(0xffffffffffffffff, &(0x7f0000000080)={[0xfff]}, 0x8)
r6 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x44, 0x0, &(0x7f0000000180)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}, @free_buffer={0x40086303, r6}], 0x0, 0x0, 0x0})

[ 1963.705519] binder: 10866:10871 ioctl c0306201 20000200 returned -22
[ 1963.705763] binder: 10864:10870 unknown command 0
[ 1963.728736] block nbd0: shutting down sockets
[ 1963.737579] binder: 10864:10870 ioctl c0306201 20000200 returned -22
[ 1963.754855] binder: 10866:10871 unknown command 0
20:22:43 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1262)

[ 1963.779489] binder: 10864:10870 ioctl c0306201 20000380 returned -14
[ 1963.783905] binder: 10866:10871 ioctl c0306201 20000200 returned -22
[ 1963.803398] binder_alloc: 10866: binder_alloc_buf size 158913789952 failed, no address space
[ 1963.815126] binder: 10864:10877 unknown command 0
[ 1963.815455] binder: BINDER_SET_CONTEXT_MGR already set
20:22:43 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x18, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}, @enter_looper], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1963.820298] binder: 10864:10877 ioctl c0306201 20000200 returned -22
[ 1963.828679] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1963.852182] binder: 10880:10883 unknown command 0
[ 1963.858310] binder: 10880:10883 ioctl c0306201 20000200 returned -22
[ 1963.872796] binder: 10864:10886 ioctl c0306201 20000380 returned -14
[ 1963.879795] binder: 10864:10870 ioctl 40046207 0 returned -16
[ 1963.894356] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.896088] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.899900] binder: 10866:10871 ioctl 40046207 0 returned -16
[ 1963.905723] binder: 10866:10876 unknown command 0
20:22:43 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x200000000000000, &(0x7f0000000700)="f3"})

[ 1963.940882] binder: 10866:10876 ioctl c0306201 20000200 returned -22
[ 1963.945756] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.956404] binder: 10880:10883 ioctl 40046207 0 returned -16
[ 1963.956626] binder: BINDER_SET_CONTEXT_MGR already set
[ 1963.982191] block nbd0: shutting down sockets
20:22:43 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x14, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1963.997186] binder: 10866:10893 ioctl 40046207 0 returned -16
[ 1964.004791] binder: BINDER_SET_CONTEXT_MGR already set
[ 1964.011101] binder: 10897:10898 ioctl 40046207 0 returned -16
[ 1964.018382] binder: 10880:10894 ioctl 40046207 0 returned -16
[ 1964.023166] binder: 10880:10891 unknown command 0
[ 1964.029988] binder: 10880:10891 ioctl c0306201 20000200 returned -22
20:22:43 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1964.043676] block nbd0: shutting down sockets
[ 1964.058531] binder: 10897:10903 unknown command 0
[ 1964.078055] binder: 10897:10903 ioctl c0306201 20000200 returned -22
[ 1964.111411] binder: 10897:10898 ioctl c0306201 20000380 returned -14
[ 1964.139767] binder: BINDER_SET_CONTEXT_MGR already set
[ 1964.163263] binder: 10897:10903 unknown command 0
[ 1964.170255] binder: 10907:10911 unknown command 0
[ 1964.175530] binder: 10897:10898 ioctl 40046207 0 returned -16
[ 1964.186898] binder: 10907:10911 ioctl c0306201 20000200 returned -22
[ 1964.188486] binder: 10897:10903 ioctl c0306201 20000200 returned -22
[ 1964.194549] binder: 10897:10910 ioctl c0306201 20000380 returned -14
[ 1964.226407] binder: 10907:10911 unknown command 0
[ 1964.235226] binder: 10914:10915 unknown command 0
[ 1964.243018] binder: 10907:10911 ioctl c0306201 20000200 returned -22
[ 1964.257462] binder_alloc: 10907: binder_alloc_buf size 158913789952 failed, no address space
[ 1964.260537] binder: 10914:10915 ioctl c0306201 20000200 returned -22
[ 1964.278474] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1964.308363] binder: BINDER_SET_CONTEXT_MGR already set
[ 1964.323970] binder: 10914:10918 unknown command 0
[ 1964.327600] binder: 10907:10920 unknown command 0
[ 1964.336662] binder: 10907:10921 unknown command 0
[ 1964.338651] binder: 10907:10911 ioctl 40046207 0 returned -16
[ 1964.342091] binder_alloc: 10907: binder_alloc_buf size 158913789952 failed, no address space
[ 1964.356991] binder: 10907:10921 ioctl c0306201 20000200 returned -22
[ 1964.363432] binder: 10907:10920 ioctl c0306201 20000200 returned -22
[ 1964.366375] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1964.395829] binder: 10914:10918 ioctl c0306201 20000200 returned -22
[ 1964.403706] FAULT_INJECTION: forcing a failure.
[ 1964.403706] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1964.428810] CPU: 1 PID: 10924 Comm: syz-executor.3 Not tainted 4.19.194-syzkaller #0
[ 1964.437252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1964.446713] Call Trace:
[ 1964.449347]  dump_stack+0x1fc/0x2ef
[ 1964.453036]  should_fail.cold+0xa/0xf
[ 1964.456957]  ? lock_acquire+0x170/0x3c0
[ 1964.461055]  ? setup_fault_attr+0x200/0x200
[ 1964.465417]  __alloc_pages_nodemask+0x239/0x2890
[ 1964.470350]  ? __lock_acquire+0x6de/0x3ff0
[ 1964.474603]  ? is_bpf_text_address+0xfc/0x1b0
[ 1964.479326]  ? __kernel_text_address+0x9/0x30
[ 1964.484045]  ? mark_held_locks+0xf0/0xf0
[ 1964.488292]  ? gfp_pfmemalloc_allowed+0x150/0x150
[ 1964.493575]  ? lock_acquire+0x170/0x3c0
[ 1964.497568]  ? binder_alloc_new_buf+0x31/0x13e0
[ 1964.502346]  ? lock_acquire+0x170/0x3c0
[ 1964.506527]  ? check_preemption_disabled+0x41/0x280
[ 1964.511566]  alloc_pages_current+0x193/0x2a0
[ 1964.516064]  binder_update_page_range+0x3e9/0x1bf0
[ 1964.521340]  ? binder_ioctl+0x1240/0x1240
[ 1964.525601]  ? should_fail+0x142/0x7b0
[ 1964.529488]  binder_alloc_new_buf+0x9dd/0x13e0
[ 1964.534338]  binder_transaction+0xf9c/0x7480
[ 1964.538882]  ? perf_trace_lock_acquire+0x530/0x530
[ 1964.543837]  ? perf_trace_lock+0xe2/0x4b0
[ 1964.548065]  ? perf_trace_lock_acquire+0x530/0x530
[ 1964.553215]  ? binder_deferred_func+0x16e0/0x16e0
[ 1964.558208]  ? lock_downgrade+0x720/0x720
[ 1964.562401]  ? lock_acquire+0x170/0x3c0
[ 1964.566381]  ? __might_fault+0xef/0x1d0
[ 1964.570345]  ? __might_fault+0x192/0x1d0
[ 1964.574414]  binder_thread_write+0x681/0x3290
[ 1964.578907]  ? binder_thread_read+0x3960/0x3960
[ 1964.583571]  ? perf_trace_lock_acquire+0x530/0x530
[ 1964.588760]  ? lock_downgrade+0x720/0x720
[ 1964.592913]  ? lock_acquire+0x170/0x3c0
[ 1964.596980]  ? __might_fault+0xef/0x1d0
[ 1964.601086]  ? __might_fault+0x192/0x1d0
[ 1964.605154]  binder_ioctl_write_read+0x23a/0x920
[ 1964.609907]  ? binder_thread_write+0x3290/0x3290
[ 1964.614827]  ? __lockdep_init_map+0x100/0x5a0
[ 1964.619429]  ? _raw_spin_unlock+0x29/0x40
[ 1964.623671]  ? binder_get_thread+0x240/0x9d0
[ 1964.628174]  binder_ioctl+0x3fb/0x1240
[ 1964.632108]  ? binder_ioctl_write_read+0x920/0x920
[ 1964.637328]  ? perf_trace_lock_acquire+0x530/0x530
[ 1964.642363]  ? perf_trace_lock+0xe2/0x4b0
[ 1964.646606]  ? binder_ioctl_write_read+0x920/0x920
[ 1964.651695]  do_vfs_ioctl+0xcdb/0x12e0
[ 1964.655593]  ? lock_downgrade+0x720/0x720
[ 1964.659751]  ? check_preemption_disabled+0x41/0x280
[ 1964.665113]  ? ioctl_preallocate+0x200/0x200
[ 1964.669531]  ? __fget+0x356/0x510
[ 1964.673146]  ? do_dup2+0x450/0x450
[ 1964.676709]  ? vfs_write+0x393/0x540
[ 1964.680548]  ? fput+0x2b/0x190
[ 1964.683775]  ksys_ioctl+0x9b/0xc0
[ 1964.687284]  __x64_sys_ioctl+0x6f/0xb0
[ 1964.691268]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[ 1964.696054]  do_syscall_64+0xf9/0x620
[ 1964.699879]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1964.705258] RIP: 0033:0x4665d9
[ 1964.708463] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1964.728982] RSP: 002b:00007fd2577f8188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1964.736725] RAX: ffffffffffffffda RBX: 000000000056c0f0 RCX: 00000000004665d9
[ 1964.744283] RDX: 0000000020000380 RSI: 00000000c0306201 RDI: 0000000000000004
[ 1964.751892] RBP: 00007fd2577f81d0 R08: 0000000000000000 R09: 0000000000000000
[ 1964.759212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1964.766584] R13: 00007ffcc9f39f3f R14: 00007fd2577f8300 R15: 0000000000022000
20:22:44 executing program 3 (fault-call:12 fault-nth:4):
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:44 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1263)

20:22:44 executing program 4:
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(0xffffffffffffffff, 0xc040564b, &(0x7f00000001c0)={0x3, 0x0, 0x1013, 0x40, 0x1000, {0xac, 0x3}})
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x28, 0x0, &(0x7f0000000040)=[@dead_binder_done, @decrefs={0x40046307, 0x1}, @exit_looper, @request_death={0x400c630e, 0x2}], 0x1000, 0x0, &(0x7f0000000880)="7f440388d0ae18b19db15566554c2122c005de35ba3dfa4d45918ea73ecfc6f742e16024ad6574d0d88d7be3c2dcccdab11c2761f113f6e938ca619da5b17d487b26b392226beb6a60c6e410b84bd207060d698ec7b7beff4e5c400749299515e5f585d9abb42ee06155db3e2b635dba5b52013bd3cc26f3033fdf1caad12fe6044683ff33f46e570b1674f2f317528317a6af451fb27f170171444e52c32a87d8ae5aa9f000ab991567e8e82a71a3fb41a1689df7cf85e8cfebffd4b2775267d2b19bdff364c6ea4dc724081aca62cfdac9f29a7538901893c0996038bcf92c7b650a5e890066b75da8574b547ecc4c2bfc7fb130cec07ca77b4e9687dba1fea7e6aaccd783596096e7f79a61fae46a0d8c7c53f79cc99d8016d94ad9a523c4845c10419ea6d7dc464476fda1ca1c7cddb0f25edc8e090eb6624760c9932ee6a318efd3d8980a4163819e83acc36820e7f8aa134a381453544a74325a26e716e87e7a873ebd2111dbabc2a670fec31650ddd67f4408ba0a6cbd8466a1bb17d4c517ffa876637fc439d90b0f35324d81745e4fcc6864475b91fa9a053497efba0f8b4976494df47ffeeb1b9837bdc6e6b608b9b4b0fb6fd2ddfa784fc2c8ce4871b4aef4943cbd2851452dae174b3cab902e0ae02243e9ddf02e5ecb457f3e0dbba668fb58202a096e1a4f5f8405f11e84ab54b848d14ec1fe076f77163793f224e8481e688cbfaa7d31680b3e9b465b525fcb0269e18551a232bc5660a9120d4bb641d5e6596e9a7833cc09ccce2aa058ea3f6cfb9f15bfb7f8a01c8dd3cda5aa457968a1929decc1f00219ecd45c6201d8ca7758ab20113d569a564d5192e764ea817ac263e9b105aab1c97f7c49a71bc6b434c4380a66a36a53017537f605f8b00284e5b8d89397e7a046426e95c8f1ed79f1bb6d4cb88e9a77b1c1b37ac9a828f0723853cea821760b5251069ff5c87819102d074c42dc3ef265c2ccd3abdc3be26468dfdbd027b939a3b220832a9a72f082c1ba30c1683061d77f473240f1132d3ed4919bf4f3652152e3980355b46aec87add8382b7ab369a123ae8cc9cdde5545b9f36b6429e6ef99e9ba32d5948c853feeee748e967d051a839003190ded3ebf662fcbd319c63ad620c279edd63d50b70d7772025b129404c6c5fba6056249c86c615672670f44f49b5920f8a12af6aa36620e44680f8689f48ed30448aba4a2fab10cb6f834f1fb5032bc9f74e13e79168b006ac8def58a6ea340ce032b0852db9b1551ab1968f4cb92b4d3b5eb0ede13eec78ff5df476ada715538e0e1c1528ac5afb03a2d1e247429d462c2523c3aaa4ca723f396a96579381c8774420057ce4f1928ee9ee5636385e32389b2bb266c23ea488eac1fdb5ecaf548429a1a67e6417e699b7340970acdc9a79e41df96a31cec2cef8d6b55e9d35212e1fde135d5a1583616964ba05fe99443d28692064028c6495fa135b262b802a4894280197cac17c5d4c32b1d66bf3b934817cd61024f0cbc02779280565ed034943f39a9d83780e01caa71180ab7e37f525a1b919abb235479d6875b2c2e4c45e0e9495f36f50c8b76d01bc5243be9256314ae0d838003aee8b58a51a5633f0756b6b625d28425799d94e7c159994398b9429703f1f05bcd4a4b35f6c898375f192f53b070b0db887ff7f8343e36d35710ab5819fdaad7ec07d4846c750611384d43ccfe9d94feaccea46028e2c3df384e2977c590d8b6bc93419f5b9b5a8adbd48b37a0de45b6812f2ff26149f392e636bc8bd6d532f90c041224014b849671cf8fb418e972c40ea2fae0bc5b88c81a8bfa0e0f3d22e4347509fc0d6d3294707fb4eafbe51cf9ed029844e8d2e5e29c167ac542d3ac6d7ff5359aaa6499ff2da67556a2f29d44002123c9761859b4849f80c6e6811062fb93864c94c69780b05da7a0d485051f4d3b697070155f03e0d16529374eab84a2097bea9e562755f713a1d3143d4e541d75238bab141e511545a66ec49d4486818c3199ad86543f49fa020b04654863c2dc8e40d050e991d9890fda89127ff543980680edc2123a1b03b54d53cb0961d021f8d0d49e31a6851a8cbce28a9efec68ac32ececb2291e363577c5261a62a61d5fc366bed4f2d40c7e36a4a8fa5d4ac617699cdd29f2c73c7f70e159b84e3333a2236992a1fe759c30bca5f649196b7a44c605af578103d5d8b52dc5e564ad3d25a6c609250561d233ada571ecf64879a2273a3b2c72e253631e1ab83521608f335cda4772d409e6f860cfabfdfca338e8c78b3496b6c958281b69c88d9467991de27ab7e5bda5237f0ade1fd4b4e7eee711cd22917038d23527ea6e3657058663498515d92ba9d0fe103d5644a0a579508a4e20ae453e6547e4f46fb1d25a32bfd4aa3656ad391a41694a6bf899ddd9964ea6cff9c2e71c3d36f117f1f0a6b13b3cca528ac389d30b1c2d0d4cfb84a85ac4a7538dd39fc3cd1b18f66b0189c5b728487680fba4a26fb5b6e43bc7474ac0bf2ff0424af476f1a94dafb6b2e54a45aabd803a6f73d1e20100cc07371ea08be8eac9f3b58349d8f0968f3623d645c0474421dd5b05f67d450e3b51413de1572b608ba1d2c2ba95bdbb99cd55194b78c83bd9745ae64e1c208b6de7d5f1a1b183618290e9f0f2e239ef56c84ed6d2d6f48d43c1286f7909091f4be6d0dbc828eec94de12cc590622eb93fef6395116335aeeb70cb41a07e894525351e4668e01defdea5dbf61126584f573a84a2c7a5f7ebc3bbe69f3661b65d1565e19b8297792113ae51b313944eb19acdfd6d84609d5ffcc027d00d7ec0abdbc04c214e7fe5222cc7da34b3f03c6001f28ec2e6d11575e948af27ea3aa954ed4ed31a4cef5200bdca758b54d3100c0b6a67f5103ecdb42e995fe39564aa4a759f0afc65a24476eea3ec2faf26b74dc16214393e2d9932cde45c172c15a719407f229c8288ad34064aeb814b6e327b189df75e8da4bdda358e75df30e13a56b5e7182b20b5159565dc3b8765befd8a43bc1b0993c52b161371167621af8830286033c91b98dc93e4c4c50e382e26def4a0940e017efee7fe43530f094e17a0a63627ed37389d60db6e531eb4ce99418a4695ad79b5ba5562b2bfc2fe71f6043d43ddbd9b8f312c827a854ec741db8edaa9dd8ab975023106d15385221e726e865fa5dc44a63dcfe17cf90a0535693ee232c5c28487f50afb4871ab22d42d92a4a2a80823611f36143e87047fcf3f0916cf9905ca218998575af39fccce1d7c04a538418b5ed59dbdf1806c10cc65b23c6645cc37926c96f1a23dcf2acb43c48abcf6bc83f2d4fcc091742fd4372e9d8441f8e853aac123b4f1ef9de1011516a6dfd5322f3cd4be2c8072ecd0da3eea1d68dc5260cb6295dfd5400d7966cfb9817adabb958cbff509c8f4605f224607665c46798962dd0e713fdacb7b8d3c622045de75653cdf7a89c1160da4b709a17e0b4f73560f7476e52644a12ae54a07295038475f0d274cf65ca3a2a538514cdc7c1ab094801c84fdbae9fe47d0511765bb85a5a3984e50223396f3e750d7a24df9e4c74f8a452940accea9889e8a8e63f0892ea29277d3a0d74e82d18b1384cd29556fae1b5ce2f20addbd76361c447f086b2bad43529d36b91e07241b7fb849f202cca228aed25de5c18deae16841727897843c1cb4896ecbe6e1cf572b55b7198fdd9da968be356fc95e5a7d9c1bdc575c45c7a5bb8eee3a8d4471011d20711ed4e560ecf0f3477c6408518b14a489185531f4b5324149bbf4ff2430a4812ba5b408e92ebf7dd965d01075f63b867698f8c8f23696e3495cb11629ae08450027a46c2a231704f90fa046fedf1dbf98863670286b94ea4310bdaa50286f8dc33469dc0c8a134abe0cc2d5522d6889bd004536496123f149c2b9222c7eaf55c809c98714a2703ca37542a0320ef18de875d72bffecfb1087a3cb736821d004d509ae02e46cf7da86509a3d04c78f50c8aad6e0feef47ef6d7759950f41b4f6fe5c831490bf84696e9a3e4025a679f607ffde5762efe8904f46efc6b344105a74484b1c1c3117bfd1e07709c5ecf9cff86f11a34eacdf8cfccc64492d8986a2eb756d2667513e02e9e1ca5a029e8d11c5b9505044467abee4c7e874c4c73d510adee48cd4615c33f3778b1fba77f53f3e125237fbbe1b701f5d85b4579483cfd87f814c63c35a5bd538faa2274ec4bf24d569d3a8fed133957bfc81112dc92b2864d8973b8b0174bf832e37112fe1f1089dffff58bc7f2d03b26d21f7a834dee60389cea9266f9531148e34af58d0dfaba68f2eb3e41cfa0db972f7574ba06f8927e92d2b7453d046dc44f658b22909551d410d001ba9fe273a034f7556145bcce35b6b610b64359a4775916560692aa273f226acdf0fa6ad058e25910d58c7fffcb71dd1b809394d0df078654dc2845b0d76fdbe8404c89710634894d971c6e94dcecfceab9fd197da89da7f49cdf5ab46910a79c9ee74cbf7f8fe657246c713d8760288f318c894b655c3563d18afd9a26310a998facaffda694a76d5ddbc58cdefefe1647c50dfe8bbe021e3b0602734b548e22f524886627d7ba3346f35cdf9cacab0a9f228aff9745e0c35c242437da6dd4c7ddc4b30a4725267c5a10da6bca6d92e083a5892e3d2e318332ebb67decc8bf53009b8f1e23aa7d2a7add0f75002a941caf915f9bdf071d674fb38f5bf980198c05e96f10486a52ec84ffc4dcee95d87135667fafa0f557cddefd16c1229a4dc850cbdf85369921014c621247c0b06d92d1ba31befa5c024928b313dc728b6fadcd880dd0881689a4542a78df9005b6ab65e9b29315d6810142a3a61c03ecdaf168afd48e16f992c3440bc522e5b31c9fe235d0efa381ea4ef785eb6e22fd8f27183581f747d190776979cf824ce7f51c158ccab76e42f377095c62b6a713e9cb0f1792d4421d969b8969be5945b2caa20323c2a50bc700a204634ff2e5a1f013b58e6f0887e49153996dd21280a7b4ea8a1cfc2bbc42cda6cf4ef2ff8f4a297498849a628a82a77abf3072ae92b305f5f9bdee1ec9461f6a766c2b66123aba8230e8e81f63f119f9f9013adde56d39c9a450e2a2f3b97c500c9489a3dbe421a06406a1a681c06fda1bcd5d4e5d0c2cb4c2a3dd2868818fae0e471d7a39acefae617296c9ee70d0bd502146916f4542b4ebd1f6d11feea1ab34ea7b4cef6007704a485c53c70c2ce247ff72dcd3bafc9134c2544ce82d4f9855ef33044550810c9a4d0528d2fd92bfda7685b6df00190fbaac0661fece256d9fae29a6f127cf35699efed1ebf7908a9378f13fa3a3fda3c828943a72ea12327be31e2769ed4f68894fe34235f21e250e75a0d6530e3022a03ed9d464bd4862de9707f8448a4043963a1aa2bf64b02a8294dbd0fe8d60713aa68225208da1e380c2a3be0321d5fa19822315f58379655dd24cc812be4559a4bae77f6444b5761e1e39144bba35178e575b2ac81a35d761e6ff53116ec5a445ed35ded4b243a2c6d14a4a161d602c4f51c200d2e6ac098c1ebd1da5cec99e40c10d75d00bd71f70df7c401289d1479e5ae23e3b71da25aaf9c66ae1c8d23cd6c9f8fd481fda0be05dc0947621834d5c14478ae5092e9cfb6736f3b5b2e252c7cb0c0085d446ba72ed52f7424faee698c77d8f7788727a97188eb9aba7d2351f1b3213a86df9d22e3995f42b7d9566529db6ab3304ad563e400504da868d329e5a3f86c41f4016abfae4c3d4e2354858223621a6f435"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:44 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x14, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:44 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x300000000000000, &(0x7f0000000700)="f3"})

20:22:44 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1964.792027] binder_alloc: 10914: binder_alloc_buf failed for page at 0000000074f91887
[ 1964.808271] binder: 10914:10924 ioctl c0306201 20000380 returned -14
[ 1964.877402] binder: 10931:10934 unknown command 0
[ 1964.886929] binder: BINDER_SET_CONTEXT_MGR already set
[ 1964.889197] binder: 10931:10934 ioctl c0306201 20000200 returned -22
[ 1964.903142] binder: 10933:10939 ioctl 40046207 0 returned -16
[ 1964.904183] binder: 10932:10937 unknown command 0
[ 1964.910929] binder: 10933:10939 unknown command 0
20:22:44 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x14, 0x0, &(0x7f0000000400)=[@increfs_done={0x40106308, 0x2}], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1964.926650] binder: 10931:10934 unknown command 0
[ 1964.931959] binder: 10932:10937 ioctl c0306201 20000200 returned -22
[ 1964.939123] binder: 10931:10934 ioctl c0306201 20000200 returned -22
[ 1964.941948] block nbd0: shutting down sockets
[ 1964.955202] binder: 10932:10937 unknown command 0
[ 1964.957313] binder: 10933:10939 ioctl c0306201 20000200 returned -22
[ 1964.963914] binder: 10931:10934 ioctl c0306201 20000540 returned -14
[ 1964.976113] binder: 10932:10937 ioctl c0306201 20000200 returned -22
[ 1964.976648] binder: 10933:10940 ioctl c0306201 20000380 returned -14
[ 1964.990035] binder_alloc: 10932: binder_alloc_buf size 158913789952 failed, no address space
[ 1965.009518] block nbd0: shutting down sockets
[ 1965.012484] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.022475] binder: 10933:10939 ioctl 40046207 0 returned -16
[ 1965.028360] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.028847] binder: 10933:10940 unknown command 0
[ 1965.042532] binder: 10933:10940 ioctl c0306201 20000200 returned -22
[ 1965.048179] binder: 10933:10949 ioctl c0306201 20000380 returned -14
[ 1965.059618] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1965.072884] binder: 10931:10944 ioctl 40046207 0 returned -16
20:22:44 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1264)

20:22:44 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0xab, 0x0, &(0x7f00000004c0)="b816eaaec400838d95c226b01588601c3b237e38481a4cf05c329cc456213a75ea35fa990f89610917bf3fd481ed63afbc41b3087679a77ea560cb22f578e41975b959d788f7042c286f116e5c9ffbaa6d80afb7003d1f93dd2c2f34eeb0472f5324d3aa339780d4a1697f29e3272a478c226e24228584bfb15bf0b33fe7431b85831feb03b6a5c148045d7aa9dfe447bad4a827c46213c53269d694c642fd5f3b99750667dcf66f81a92a"})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1965.079510] binder: 10931:10934 unknown command 0
[ 1965.084894] binder: 10931:10934 ioctl c0306201 20000200 returned -22
[ 1965.112261] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.120883] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.132782] binder: 10931:10950 ioctl 40046207 0 returned -16
[ 1965.141273] binder: 10932:10937 ioctl 40046207 0 returned -16
[ 1965.141724] binder: 10932:10952 unknown command 0
[ 1965.149165] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.158390] binder: 10932:10954 unknown command 0
[ 1965.164667] binder: 10932:10953 ioctl 40046207 0 returned -16
[ 1965.168990] binder: 10931:10944 unknown command 0
20:22:44 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x400000000000000, &(0x7f0000000700)="f3"})

[ 1965.177584] binder: 10931:10944 ioctl c0306201 20000200 returned -22
[ 1965.193241] binder: 10932:10954 ioctl c0306201 20000200 returned -22
[ 1965.198021] binder: 10932:10952 ioctl c0306201 20000200 returned -22
[ 1965.210372] block nbd0: shutting down sockets
20:22:45 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_dev$binderN(&(0x7f0000000480), 0x0, 0x800)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = syz_mount_image$cramfs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x5, 0x7, &(0x7f0000001880)=[{&(0x7f0000000240)="338a82186d95c1052553e68e9d3be35d29e04fbf607c2c03d33980ddfd1b1259ea3e708c47f2502276b784d0585f50f98628e07167ea04d121abbc62ae4b52759880fdd6f7b8c2e7ba349ca24f03693642787079bdb8faf5d83eac1ea1a2d645f1393cb00c75b73de318e2709fa56144c45d95fa70559196dbb97fc23c840399b88e999c7d1833a66413657e1ab3181c7e7c6efa20d45041d2a01669ae280fc928a6e99ed8839d024571454b545b92277fa383118456de1b8c30b0c3c4edf1f0", 0xc0, 0x3}, {&(0x7f0000000180)="d46004530b7baf6f10f4ce31de80753d6f337823ee26e18b21981c06edaf55e9a30d6b6685d6c0364d28011f5d21fb1b35f46883194099267338c1e8272cac5876e6ebe87544fc423bfb4e2d427d1dc0439a0124e51bfeac1d04ac056f4c0260ad", 0x61, 0x3}, {&(0x7f00000000c0)="2cdc0e53650fc057aef5c37f978e9db9f5b36ea844b5", 0x16, 0x5}, {&(0x7f0000000300)="1ce362e1cdf3aa", 0x7, 0x89}, {&(0x7f0000000600)="1014a7ae237756452c005bc0c72388c23b01ce2596b43a0f96b87e435ba036873f6943a106d2d365054875027658f9914b0ecca2f39accd40e583ede9f2a7e4746edefefe67679b719fae0309f93358c8b31756bde7031cfa7071f996a7c65fbfe37ae5af38ba308e5cb105109df28f21272d38ab872eefabd6146f9edeebeffb24de48f2b27e1d94b79486ba8c86c4e6cbb47debe4ec73af15cac27e3136f410b63f2d4a76788e37c6212c72fd8", 0xae, 0x9}, {&(0x7f00000006c0)="6fe28f1c615d3324ff3fc7afeb52129bedd613f559d74728e58308ce746e34ea7f714926742cadece0606952c1ab3409043d305c363e205bbbf5e99b6198a10976dd0c3a4d6c451320147b07c1a4966b4f0c185ab232b577b44825eaf472d18f7337b7c259032ef9480085de4d5bb86406408101e6dbf5fbe0708fe78f62cacae7433b50091996ad33baa7dd9e846422f071c38cd1", 0x95}, {&(0x7f0000000880)="af23326757f0366f13f0b86e4bb1d72f617666a51b203d445f4403b14cec04a05f7c72b88885145d7762ec0a89a26577160b8b18510f6b13f108aa0c526cd9b2cb6a630b9a2101ae9bbb1b0cbf321b767b857085a7eda0bd8f5ff199295fc49c9e8b71782a780c395b7e9ef8e09bf045ed67d8dc18a4d15a7e36bd38780aba771efb47e0cdcb578833c80abf4bd4a9ea5a950651f16c219e0f183a195265362a880fd33528615e2c786b3289ded43583c1d4d162f29e0ab992c45231fb95597849fc9fe4999289351af5ccb69c9964239611777d95e283b92207c8a4f1ccfe58f47a38c6b76c4f425995d0b87a78ff2da0851639722bf858b12c08f16d3bd78b407f5158cdb562f11cf50db39aebdde1f25e47aabe9c1d37cbd3b7dcf60decd9fd870d1ae02ab6f6c2a3a0a3e8d32b6ee40182458bee8a5cd27ad844031aed7443b8ff26e4261ec452d0a7d58a99b3c7a2ba50d984523afc8fcb5aae424bbd4cece763e0b67695a7dc28c96dfe245dfc4af87efd1c325ed74aad877e21d2ae6219771f4acb136232a07724acf777bd085cad276ec2a716d1d19f70d32c9a406531385455182b5e7e4a37fc4d8893709a1c5db63bbd0cdec13e3f9a0bb536d0ac663f69404481bb6c17c6e85170c34445ca5c988dbbac88e20d621db239a567d891cbfcf6efde09f8e6cff4a9055b1ec00428833c04e8c8858179f08cad641360c5418f8d167f6646c4f63f2906e842992fd6eba164e5101423d16dc1fbbfd5d254c3edbbe1755e773bf9cd00dc7ceb3a35b6eb135a612c9dd1b79e811477babbd0aecb6988c63e947568270bffabf88bf9a8dbf097a8b3ef034be3e4a258e463ebd422a8cabbc24dec473aa55f197a1ec3538d7f01f4bbf5ecdfda155a03c4bc78bdb00682308fd53936b71121864ac56da490705a3626533a4b847619d12a8873bfb9c28fc455b28cecab30054811bceaa2bdfb43b9e8eddd3cd125ac4d300e258ed5e0b3c9463a3fdd387aa7a57cbe133e1c82e415dc39a2d4ff605c2b3a6341123d65581235bcaa17226986e38fc16e981ced63117d181020e8470e3c85a7cfd85eac9e631441f1b402cf60e3e7d53596a4812b2138f80a16273bbe5f608c95cfbb8434ee1b2b0af0870a5b60e36ce4cb41839e642f807e049ebeccdbd5e0b56d7da37faaa38633a26f19f914a45b41e6e73e95811ef0c17e5a9546d636380b4a01a8a6f999cfe511fe7dd07f39d6c1327ee044e7f38d21a42330b24cf278a6d06e6da9b8ea7d988d83c2e98571a8bdfb023cf40d8d614f117bbb2b0efb8e7d6dcb749778fa7824e2200f10cc98cd43c4993d14cac0e47de69bee7bc295fea44e827472d860c515a7aacf490a497b07a38cf21311a190e7c75b594d550795363289e79546487db1c681f6d8193496116981ff0c6fe3075b1beb4e04c749c1fac2ee3518c28fc8500c6e71db7fd6a20486131bb87d2452818bbfb706318f4d159ed6e902e68d4fbff26898fe03a52be82d5c7631bdd0288d28a3c1afc2397537e0c23061a75d155073ada319eb9bd90839aa828b483024ff232e1d7d0d746a9dd074febdfcc7e3e601a7607d896f650ef6ec668eb70ebda053d2fa3da6518e99afee6056a35e2e86eea400ad9e87272f91e4c8ced655bc35360e983aa341425789658b0333a203ca771d7a66249af436585d621d4a68fec407c7c267f42f83a1666c63f9d617ad2cb88bfb07f6e1585131cd84682dcd4da4efbc04d30ec6c239b8aa0f22a2e7dac79fd87ce0971b753ac6a3e31ebc9a83c8363d9ac803a2a756cb2b11c362216ff4074bf09615833363b8be31ee01b06d0521321bbe0b8dfc31da66c7e5feb8632fb906665d82efa28c3221bbffde203024be53c4c43967e63e2593b58966797b40af9129a53e84a70d54cd2641dfc06d3638babcdf9f926bb267e549e59f8a21d902f38f0065e2aa0041519f20f6f5d1f90e3c66c0de150534ca7b2154a9e218ae285d2d5a20123559da328cc48524dd3325ad71db827f3d95ad346473725c885ea55007acdfff82293fc7fa0c22236381250c64519c5ca53f3701045cb7194d0fc2859742a1caf1b62046b14aec64385250e83e48fa6f8729bf9e773c53ab65da28b2a58a44b784bd3cf49f1cb00437ec435b048bdb2698e3053b3b5b1935be65e9454d6760d0e56bef0840db84479f568ff5c7b32b132781e62c31094fc6c514aff17b25088795a0bdcc79d9868fa02a8b1253bc651826d5151ab602475bd1f7a6b52cddf9d0794fbf25a0246c6dd4962bfe96f0ee007e6afb89e6e8d1a7107aa4aa953bb64197f1c6829dc609f20bad98bafac08fb3f848d62a5386ad46b4c461a73b6a650afe339040acde25d2704051ea0cf094954a161c0b9433229b7450e1c8c75c775c88763f2fbfada4975cac8cc2ce1521499c529d3d85f6d3050a6529868aedc1026b9c2c9d90bb6a74baa0e1bdc23d943064a1a4809d54a91bea27f65096ddd0229e190e886d4d920fe19ce8c0ec49cc860e0e22c7f8d2beb3cfaf0abdc22826cf5cf140675885c417f9c62dabad4296e4714bd8530216f2317457e18afcbd958465584e6a945fd79d6bb5d1b4c48aeccac04d4accef1cc06157400308f2ebd7da52ec79f838739cca240834407d2f80a026447bd0e80246dc61dbe21c95ac74226336282d78e8983fac31acbf69a1c9b27272588d679c7f6d21c4b3fe177db0323f2a69912932a6dd6b7217266b74d24c4823c646c91357a01220d27b904b743ba39ee4424d73f38fd1ad0a9da866efe30eef5c89145f37c5705ea01bc333f7cb49dda33c5d7beba5fe18a190466803c63635174df23a9d8223e3fe0f18e350ca893ed330452278874e0fd4682c185c0db74c4e72fbe0aa1b6d86edf06ccb494eb04dd51dd41af52235f4bb6e0e5f85cb0f94f344c40f9f1127bc4bc4ee4f0d889b9292899eee7a2b84c4401fd3f72d1dae24f7c6a6e80b3d779368773f09417188fd42e9e89f21f84d9a9b0794cd1170bd5728b45451a85b300d4e82a7deff650c164dbbab6d4ae632f1d0a9d0c1c09ba449635a36c8ae5e535c2228e571285e522f3ed266ee2b1f98add607bb7c95d60854442094718e78d51127430364454b9b0748676a36812b373e1f686b7f4cf3a59f28ca2a1e1b040a7557a0d85ea787d4d571fa501e51427309199adc52e7f0132007f7c30bc2a06960c0ddfbac7201fac776c42b170c0ec374cd0bffac799ae0a64a686467beedd72fd89bc5a374e484f77b0d209f7806c7fa49bb068d14e5a14d8b5b14a71f00875f7a455cd061f0683b3283ff2e8459b208790e02827f71293f122fdd470a65527b15d6fda319cc37bcac641338f7ecda605354c10b904f7faac53abca753f0a758575e30ba9d6e62febf803a1869a1215db8fcc53ec371b1e4694fd29e9fbf3e147bcd67664625f4f2b4f8b90e6519142510e7b2d23ce9ac9dfb2eee274f825f9bb6c9f29357e7c3824d7d93303bb2810a51a57384056b9017d8316ab113e306195bb414dfa1af2acecca1b2c35dc736b735c041a11119f92d62d996cf8b7307270830178c85261a7db2312a6ae92d1281862c52cdf8bb25c00d40d782b81f2e95ef5e5674e81d39c4e897dc57f78f9ae2cd8002b58683d3e081906d5765e86568160ceffe585ec2458ae9d6004c1e1929efc1ae5f969826808824bd9db1a73cb01892f2524c09b0fd70585256ce597527e342ef59b0d118852fa845bd536573c751bf200a5a409d55c79954b1ca88e562c666bdb586ac0355438390d92a905d6c22a74bd2c65e04446d073e4dca23847f344fc49584f449ecb95ae0c54bdcad7c9d50f0f343c4e6ee87e4cd10209d1cfba34a970403153feb37a2ce3b8b6cbfcf8cf98472e91282ddd2839eb49845d4d7c32c76d47b45f98d2903696121b12359e01b326a00644937ffc9c7c2ee2321de2ec3adac628e7b5e9e46a2b8e3be3e3ac48a91971894c26e28787759adef5e4dfe5bdda2688ebd618f13b5f75b0204f283a5dea93c5b5845dad1aebf9ad8f17e02f25fd6ee6c7eca3d4df598a0b67ed906ea6d216190609c44b33ccaab741c0abb183e6cec2daffa65d4bf1043a6894dc2a8e5643e35c993924f47bdc41b5fbc83574d35effc8d29b1dc4074b252e760a823361fa5eee735d843b21433dc99d77b2429cb43ef9e16744b4f48b21c9e995631f2de61bbb1f651cc93d7b1253d00d15e5b8043c36fab29438c2001c7f57459d30434726514ff6b71ba38ddadca78cb513847e49bf6eb2ca4223e73d65950a42b93bcfa7038ad85e311ce7a36d7344093ed6e54ac014566eef117454ebfd7a7215605942610c9db3277de6b64c890e0380e9603a8ab9a9f922a8a3cb409ba02123a7e52925c890341d613be91b93ab2c447f0c33589bb1e70a03932a1fffaaf1a7fe5fd08ea30fb67b8dec6b337050559b866dc86516edd1c35f4e9da090b68128d268925f19891412cb6a0de8956cec45d6ce811154a2400a7ada5298376c97255a593b241171287dc8d92cb7bd7225783cdb7cb6e705a96e063bc708db2696d7776d4f3ec0e6ec7a11da1274381db458aa3af7940e19e968ae73c24ed8ec0f169b6c0e01937457ef556a9e72abcdb16888ae175bb5783fc4be4c93b1aec1f1724fea6e8df64f36bf1ec61f7558d9f69c017b0435cf10865a85dab28b27484308630333a9b892933ff11b4624a62213e255a1ad411476baa6e024a2b34558964abf8a885867e1e3e46c2cf108ccde778e7b6c44b1f868d6ca2f8c5e2ea9a55e52f48540c6d8885e6338f5d547f2ebd5cc7e273786788769e209b9d04edfc8f96f0d1fa9ff479e65475e3e34827076646b5f5b4468780ab473887b8a4d00cfcad6e9ac84157ef1bd2bf418697a7866929484312127c7e6507207c4411a482c29078e45e1868b32397608cd7d87b48caa8d963a384ed52e32ed7e5c42a75062ac1aac8d8790dd331e5534f029ce170e60d2658b24d0aca1385f2a7a99047d3df11362e79c9ab939a35117ec16212951149e267ee44ff53af42b3a409ff91abbf914721d2623aaebe9b3c5982e92883d2e0b1caf4a2e6c5ccb65400d8a9d6a335267397c02fd37db925e34bb014a300a7c1ac8f939f71b322417cba99296030f87a34e127fcf9a4699f3b1d2e9c162b2d425483f55552d37776fd78de1c2b264f14625b08844142bbed7c8b006594ce349e2df37aa63a940b11deb198ed02291aa1c4078711d08ac2815bf71972df83d1439d31cf51fd7560bc0cf2e3869156a0e80e464cfd4278e61de6e72f7b16aadc7af6556bb08645cf598b4a66e1e4e35a57ce6389951c7f930fe578c34d8143cb882e92daedc331d3d893f9788612abe23cb3ba0af4651c52ef13857225686a2a63dfedfae839062a7b99cdef4e147c0288bfb75bda536e1a516055cc4c816df14935f69b1343d8444983797e6f78e8743b9671ab0eda2b43c10dfee70366b1babeb1540d7b865779040aac86ca01c317cbc052787304641e142eddb2eeb7ff9ab991e52584ee010911fce745e0109b5bb47387be90de7b077687b2da287f4d65746e7d2f19ccaded29f0c7b635bb1e32df96d679002459d252d3aec124bae9a202588953a6975ef7657a20d9040c3468008cf13e3dda825c934c694663b44fb367ca82beb386b91707b883eb1d78a640cc4bf1f45f296d99453c6f938de94b2a104d83aa1115c7c6cc979d1d93597df03922f6d331dcdf03921a1991200d7bd42b7fc6cc8773", 0x1000, 0x6}], 0x14400, &(0x7f0000000380)={[{}, {'/dev/binder#\x00'}, {'/dev/binder#\x00'}], [{@appraise}]})
openat(r4, &(0x7f0000000440)='./file0\x00', 0x181402, 0x100)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:45 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1965.236482] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.246926] binder: 10961:10962 ioctl 40046207 0 returned -16
[ 1965.258271] block nbd0: shutting down sockets
[ 1965.318623] binder: 10961:10962 unknown command 0
[ 1965.324027] binder: 10961:10962 ioctl c0306201 20000200 returned -22
[ 1965.372384] binder_alloc_new_buf_locked: 8 callbacks suppressed
[ 1965.372392] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1965.387136] binder: 10969:10970 unknown command 0
[ 1965.387756] binder: 10968:10972 unknown command 0
[ 1965.397400] binder: 10961:10962 ioctl c0306201 20000380 returned -14
[ 1965.398890] binder: 10969:10970 ioctl c0306201 20000200 returned -22
[ 1965.406410] binder: 10968:10972 ioctl c0306201 20000200 returned -22
[ 1965.421714] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.428041] binder: 10961:10962 ioctl 40046207 0 returned -16
[ 1965.430294] binder: 10961:10966 unknown command 0
[ 1965.440260] binder: 10961:10966 ioctl c0306201 20000200 returned -22
[ 1965.449230] binder: 10968:10972 unknown command 0
[ 1965.454890] binder: 10969:10970 unknown command 0
[ 1965.461632] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1965.462768] binder: 10968:10972 ioctl c0306201 20000200 returned -22
[ 1965.471805] binder: 10969:10970 ioctl c0306201 20000200 returned -22
[ 1965.481689] binder: 10961:10977 ioctl c0306201 20000380 returned -14
[ 1965.488311] binder: 10969:10970 ioctl c0306201 20000540 returned -14
[ 1965.500773] binder_alloc: 10968: binder_alloc_buf size 158913789952 failed, no address space
[ 1965.517480] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1965.527920] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.533765] binder: 10969:10980 ioctl 40046207 0 returned -16
[ 1965.548855] binder: 10968:10976 unknown command 0
[ 1965.554685] binder: 10968:10976 ioctl c0306201 20000200 returned -22
[ 1965.561971] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.568903] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.576081] binder: 10968:10972 ioctl 40046207 0 returned -16
[ 1965.583595] binder: 10968:10984 ioctl 40046207 0 returned -16
[ 1965.584037] binder: 10968:10985 unknown command 0
[ 1965.601218] binder: BINDER_SET_CONTEXT_MGR already set
[ 1965.605740] binder: 10973:10989 unknown command 0
[ 1965.608119] binder: 10969:10987 ioctl 40046207 0 returned -16
[ 1965.620744] binder: 10973:10989 ioctl c0306201 20000200 returned -22
[ 1965.621446] binder: 10968:10985 ioctl c0306201 20000200 returned -22
[ 1965.629658] binder: 10969:10980 unknown command 0
[ 1965.646779] binder: 10969:10980 ioctl c0306201 20000200 returned -22
[ 1965.710049] binder: 10973:10989 unknown command 0
[ 1965.719246] binder: 10973:10989 ioctl c0306201 20000200 returned -22
[ 1965.751143] FAULT_INJECTION: forcing a failure.
[ 1965.751143] name failslab, interval 1, probability 0, space 0, times 0
[ 1965.767978] CPU: 1 PID: 10989 Comm: syz-executor.3 Not tainted 4.19.194-syzkaller #0
[ 1965.776253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1965.785789] Call Trace:
[ 1965.788553]  dump_stack+0x1fc/0x2ef
[ 1965.792260]  should_fail.cold+0xa/0xf
[ 1965.796056]  ? setup_fault_attr+0x200/0x200
[ 1965.800477]  ? lock_acquire+0x170/0x3c0
[ 1965.804490]  __should_failslab+0x115/0x180
[ 1965.808747]  should_failslab+0x5/0x10
[ 1965.812986]  kmem_cache_alloc+0x277/0x370
[ 1965.817482]  ptlock_alloc+0x1d/0x70
[ 1965.821697]  pte_alloc_one+0x68/0x190
[ 1965.825665]  __pte_alloc+0x21/0x340
[ 1965.829315]  __get_locked_pte+0x55a/0x680
[ 1965.833476]  vm_insert_page+0x29b/0x9c0
[ 1965.837800]  ? vmf_insert_mixed_mkwrite+0xa0/0xa0
[ 1965.842677]  binder_update_page_range+0x4f0/0x1bf0
[ 1965.847827]  ? binder_ioctl+0x1240/0x1240
[ 1965.852021]  ? should_fail+0x142/0x7b0
[ 1965.855908]  binder_alloc_new_buf+0x9dd/0x13e0
[ 1965.861375]  binder_transaction+0xf9c/0x7480
[ 1965.865833]  ? perf_trace_lock_acquire+0x530/0x530
[ 1965.870954]  ? perf_trace_lock+0xe2/0x4b0
[ 1965.875121]  ? perf_trace_lock_acquire+0x530/0x530
[ 1965.880088]  ? binder_deferred_func+0x16e0/0x16e0
[ 1965.888911]  ? lock_downgrade+0x720/0x720
[ 1965.894111]  ? lock_acquire+0x170/0x3c0
[ 1965.898509]  ? __might_fault+0xef/0x1d0
[ 1965.902695]  ? __might_fault+0x192/0x1d0
[ 1965.906754]  binder_thread_write+0x681/0x3290
[ 1965.911326]  ? binder_thread_read+0x3960/0x3960
[ 1965.916029]  ? lock_downgrade+0x720/0x720
[ 1965.920398]  ? lock_acquire+0x170/0x3c0
[ 1965.924424]  ? __might_fault+0xef/0x1d0
[ 1965.928497]  ? __might_fault+0x192/0x1d0
[ 1965.932556]  binder_ioctl_write_read+0x23a/0x920
[ 1965.937545]  ? lock_acquire+0x170/0x3c0
[ 1965.942409]  ? binder_get_thread+0x51/0x9d0
[ 1965.946838]  ? binder_thread_write+0x3290/0x3290
[ 1965.952063]  ? _raw_spin_unlock+0x29/0x40
[ 1965.956417]  ? binder_get_thread+0x240/0x9d0
[ 1965.961013]  binder_ioctl+0x3fb/0x1240
[ 1965.965339]  ? binder_ioctl_write_read+0x920/0x920
[ 1965.970293]  ? perf_trace_lock_acquire+0x530/0x530
[ 1965.975634]  ? perf_trace_lock+0xe2/0x4b0
[ 1965.980059]  ? binder_ioctl_write_read+0x920/0x920
[ 1965.985341]  do_vfs_ioctl+0xcdb/0x12e0
[ 1965.989227]  ? lock_downgrade+0x720/0x720
[ 1965.993457]  ? check_preemption_disabled+0x41/0x280
[ 1965.998478]  ? ioctl_preallocate+0x200/0x200
[ 1966.002878]  ? __fget+0x356/0x510
[ 1966.006424]  ? do_dup2+0x450/0x450
[ 1966.009967]  ? vfs_write+0x393/0x540
[ 1966.013761]  ? fput+0x2b/0x190
[ 1966.016950]  ksys_ioctl+0x9b/0xc0
[ 1966.020507]  __x64_sys_ioctl+0x6f/0xb0
[ 1966.024493]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[ 1966.029158]  do_syscall_64+0xf9/0x620
[ 1966.032964]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1966.038514] RIP: 0033:0x4665d9
[ 1966.041714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1966.060818] RSP: 002b:00007fd25783a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1966.068651] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1966.075914] RDX: 0000000020000380 RSI: 00000000c0306201 RDI: 0000000000000004
[ 1966.083400] RBP: 00007fd25783a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1966.090854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
20:22:45 executing program 3 (fault-call:12 fault-nth:5):
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:45 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:45 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1265)

20:22:45 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x500000000000000, &(0x7f0000000700)="f3"})

20:22:45 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000002c0), 0x0, 0x802)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x190)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000300)={<r4=>r3, 0x3, 0x4, 0x1ff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000ac0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x11}, 0xc, &(0x7f0000000a80)={&(0x7f00000007c0)=ANY=[@ANYBLOB="240000002a00000328bd7000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="05f95615df00000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20040000}, 0x50)
mmap$binder(&(0x7f000026d000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x48)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
r5 = signalfd(r3, &(0x7f0000000040)={[0x3]}, 0x8)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x113000, 0x0)
pread64(r0, &(0x7f0000000240)=""/120, 0x78, 0x8000)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000580)={0xac, 0x0, &(0x7f00000006c0)=[@acquire_done={0x40106309, 0x3}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000080)={@fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000980)=""/229, 0xe5, 0x0, 0x2e}, @fda={0x66646185, 0x4, 0x1, 0x3c}}, &(0x7f0000000180)={0x0, 0x18, 0x40}}}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000440)={@ptr={0x70742a85, 0x1, &(0x7f0000000600)=""/147, 0x93, 0x1, 0x18}, @flat=@binder={0x73622a85, 0x0, 0x3}, @flat=@handle={0x73682a85, 0x1000}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}, 0x40}], 0xf0, 0x0, &(0x7f0000000880)="f8b3ed8ca86ab528d56d528a4ef137f23f76f758c7c046826af97201851e355d2dedfb33d9b94d5191110c270bc29aaa569f3d24d22bddc5bbdcdbf79901a9a2dee61256bf399c2657721a2316629bccb28e89e9e7e105072785845fb18bc0c6d876778b3776f520bfeaee4957d91e127e2a7504d0996d3f5a5e63c2638572252d19aa325a0f8add7cfb6bdd1e4d2ea031e89d7a4fd15cc82dbf5b8f22ef6df6bc0903734d5513f91ac989cc8c8aeeea434112250c18c8800ce65205c0ef78d292f3ecd3aee36a985a49eea49e1e8cdb4439c6bc87c6885226b8f9177f5a0545786b7b2cd9933ec3419db51d317e2b4d"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:45 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1966.098216] R13: 00007ffcc9f39f3f R14: 00007fd25783a300 R15: 0000000000022000
[ 1966.110560] binder_alloc: 10973: binder_alloc_buf failed to map page at 20ffe000 in userspace
[ 1966.130837] binder: 10973:10989 ioctl c0306201 20000380 returned -14
[ 1966.189350] binder: BINDER_SET_CONTEXT_MGR already set
[ 1966.195849] binder: 11003:11007 unknown command 0
[ 1966.200961] binder: 11002:11008 ioctl 40046207 0 returned -16
[ 1966.201076] binder: 11001:11006 unknown command 0
[ 1966.209540] binder: 11003:11007 ioctl c0306201 20000200 returned -22
[ 1966.222800] binder: 11002:11008 unknown command 0
[ 1966.224708] binder: 11001:11006 ioctl c0306201 20000200 returned -22
[ 1966.235235] binder: 11003:11007 unknown command 0
[ 1966.242824] binder: 11003:11007 ioctl c0306201 20000200 returned -22
[ 1966.249575] binder: 11001:11006 unknown command 0
[ 1966.249848] binder: 11002:11008 ioctl c0306201 20000200 returned -22
[ 1966.258957] binder: 11001:11006 ioctl c0306201 20000200 returned -22
[ 1966.268436] binder_alloc: 11003: binder_alloc_buf size 158913789952 failed, no address space
[ 1966.272319] block nbd0: shutting down sockets
[ 1966.283258] binder_alloc: 27169: binder_alloc_buf, no vma
20:22:46 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(0xffffffffffffffff, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1966.289017] binder: 11002:11008 ioctl c0306201 20000380 returned -14
[ 1966.297346] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1966.309105] binder: BINDER_SET_CONTEXT_MGR already set
[ 1966.324621] binder: 11001:11012 ioctl c0306201 20000540 returned -14
[ 1966.334070] block nbd0: shutting down sockets
[ 1966.334254] binder: 11002:11008 ioctl 40046207 0 returned -16
[ 1966.338841] binder: 11002:11013 unknown command 0
[ 1966.351426] binder: BINDER_SET_CONTEXT_MGR already set
[ 1966.356734] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1966.358950] binder: 11003:11007 ioctl 40046207 0 returned -16
[ 1966.364451] binder: BINDER_SET_CONTEXT_MGR already set
[ 1966.370979] binder: 11003:11019 unknown command 0
[ 1966.379568] binder: 11002:11013 ioctl c0306201 20000200 returned -22
[ 1966.384693] binder: 11003:11019 ioctl c0306201 20000200 returned -22
20:22:46 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1267)

[ 1966.411431] binder: 11001:11006 ioctl 40046207 0 returned -16
[ 1966.411514] binder: 11001:11012 unknown command 0
[ 1966.421542] binder: 11002:11016 ioctl c0306201 20000380 returned -14
[ 1966.422697] binder: BINDER_SET_CONTEXT_MGR already set
[ 1966.448996] binder: 11001:11012 ioctl c0306201 20000200 returned -22
20:22:46 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:46 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x600000000000000, &(0x7f0000000700)="f3"})

[ 1966.463155] binder: 11001:11025 unknown command 0
[ 1966.468740] binder: 11001:11022 ioctl 40046207 0 returned -16
[ 1966.477870] binder: 11001:11025 ioctl c0306201 20000200 returned -22
20:22:46 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(0xffffffffffffffff, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:46 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
close(r2)
dup2(r1, r2)
r3 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r3, r0)
r4 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1966.582118] block nbd0: shutting down sockets
[ 1966.592172] binder: 11033:11036 unknown command 0
[ 1966.597381] binder: 11033:11036 ioctl c0306201 20000200 returned -22
[ 1966.612105] binder: BINDER_SET_CONTEXT_MGR already set
[ 1966.622763] block nbd0: shutting down sockets
[ 1966.626423] binder: 11032:11039 ioctl 40046207 0 returned -16
[ 1966.642415] binder: 11033:11036 unknown command 0
[ 1966.647558] binder: 11033:11036 ioctl c0306201 20000200 returned -22
[ 1966.664066] binder: 11032:11039 unknown command 0
[ 1966.670552] binder: 11032:11039 ioctl c0306201 20000200 returned -22
[ 1966.678816] binder: 11034:11042 unknown command 0
[ 1966.678902] binder_alloc: 11033: binder_alloc_buf size 158913789952 failed, no address space
[ 1966.690875] binder: 11034:11042 ioctl c0306201 20000200 returned -22
[ 1966.697586] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1966.710767] binder: 11034:11042 unknown command 0
[ 1966.715920] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1966.718965] binder: BINDER_SET_CONTEXT_MGR already set
[ 1966.732661] binder: 11032:11039 ioctl c0306201 20000380 returned -14
[ 1966.737641] binder: 11034:11042 ioctl c0306201 20000200 returned -22
[ 1966.748430] binder: 11033:11036 ioctl 40046207 0 returned -16
[ 1966.748471] binder: 11033:11047 unknown command 0
[ 1966.761272] binder: 11033:11050 unknown command 0
[ 1966.767690] binder: 11034:11052 ioctl c0306201 20000540 returned -14
[ 1966.772883] binder: 11032:11044 unknown command 0
[ 1966.778343] binder: 11033:11050 ioctl c0306201 20000200 returned -22
[ 1966.779305] binder: 11032:11044 ioctl c0306201 20000200 returned -22
[ 1966.794855] binder: BINDER_SET_CONTEXT_MGR already set
[ 1966.801764] binder: 11033:11047 ioctl c0306201 20000200 returned -22
[ 1966.814000] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1966.819759] binder: 11032:11054 ioctl c0306201 20000380 returned -14
[ 1966.834350] binder: 11032:11039 ioctl 40046207 0 returned -16
[ 1966.878447] binder: 11055:11058 unknown command 0
[ 1966.888183] binder: 11055:11058 ioctl c0306201 20000200 returned -22
[ 1966.929130] binder: 11055:11058 unknown command 0
[ 1966.939934] binder: 11055:11058 ioctl c0306201 20000200 returned -22
[ 1966.967008] FAULT_INJECTION: forcing a failure.
[ 1966.967008] name failslab, interval 1, probability 0, space 0, times 0
[ 1966.986269] CPU: 1 PID: 11058 Comm: syz-executor.3 Not tainted 4.19.194-syzkaller #0
[ 1966.994512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1967.004226] Call Trace:
[ 1967.007011]  dump_stack+0x1fc/0x2ef
[ 1967.010757]  should_fail.cold+0xa/0xf
[ 1967.014592]  ? setup_fault_attr+0x200/0x200
[ 1967.019083]  ? lock_acquire+0x170/0x3c0
[ 1967.023060]  __should_failslab+0x115/0x180
[ 1967.027321]  should_failslab+0x5/0x10
[ 1967.031319]  kmem_cache_alloc_trace+0x284/0x380
[ 1967.036015]  binder_alloc_new_buf+0xa53/0x13e0
[ 1967.040963]  binder_transaction+0xf9c/0x7480
[ 1967.045819]  ? perf_trace_lock_acquire+0x530/0x530
[ 1967.050895]  ? perf_trace_lock+0xe2/0x4b0
[ 1967.055037]  ? perf_trace_lock_acquire+0x530/0x530
[ 1967.060299]  ? binder_deferred_func+0x16e0/0x16e0
[ 1967.065199]  ? lock_downgrade+0x720/0x720
[ 1967.069718]  ? lock_acquire+0x170/0x3c0
[ 1967.073684]  ? __might_fault+0xef/0x1d0
[ 1967.077680]  ? __might_fault+0x192/0x1d0
[ 1967.081736]  binder_thread_write+0x681/0x3290
[ 1967.086761]  ? binder_thread_read+0x3960/0x3960
[ 1967.091534]  ? lock_downgrade+0x720/0x720
[ 1967.095795]  ? lock_acquire+0x170/0x3c0
[ 1967.099967]  ? __might_fault+0xef/0x1d0
[ 1967.103946]  ? __might_fault+0x192/0x1d0
[ 1967.108020]  binder_ioctl_write_read+0x23a/0x920
[ 1967.113032]  ? lock_acquire+0x170/0x3c0
[ 1967.117716]  ? binder_get_thread+0x51/0x9d0
[ 1967.122288]  ? binder_thread_write+0x3290/0x3290
[ 1967.127065]  ? _raw_spin_unlock+0x29/0x40
[ 1967.131426]  ? binder_get_thread+0x240/0x9d0
[ 1967.136722]  binder_ioctl+0x3fb/0x1240
[ 1967.141055]  ? binder_ioctl_write_read+0x920/0x920
[ 1967.146116]  ? perf_trace_lock_acquire+0x530/0x530
[ 1967.151737]  ? perf_trace_lock+0xe2/0x4b0
[ 1967.155986]  ? binder_ioctl_write_read+0x920/0x920
[ 1967.161090]  do_vfs_ioctl+0xcdb/0x12e0
[ 1967.164978]  ? lock_downgrade+0x720/0x720
[ 1967.169314]  ? check_preemption_disabled+0x41/0x280
[ 1967.174330]  ? ioctl_preallocate+0x200/0x200
[ 1967.178902]  ? __fget+0x356/0x510
[ 1967.182615]  ? do_dup2+0x450/0x450
[ 1967.186608]  ? vfs_write+0x393/0x540
[ 1967.190891]  ? fput+0x2b/0x190
[ 1967.194199]  ksys_ioctl+0x9b/0xc0
[ 1967.197838]  __x64_sys_ioctl+0x6f/0xb0
[ 1967.201923]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[ 1967.206599]  do_syscall_64+0xf9/0x620
[ 1967.210762]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1967.215944] RIP: 0033:0x4665d9
[ 1967.219128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1967.238468] RSP: 002b:00007fd25783a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1967.246455] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 1967.253995] RDX: 0000000020000380 RSI: 00000000c0306201 RDI: 0000000000000004
[ 1967.262200] RBP: 00007fd25783a1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1967.269855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1967.277311] R13: 00007ffcc9f39f3f R14: 00007fd25783a300 R15: 0000000000022000
20:22:47 executing program 3 (fault-call:12 fault-nth:6):
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:47 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(0xffffffffffffffff, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:47 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1268)

20:22:47 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:47 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x700000000000000, &(0x7f0000000700)="f3"})

[ 1967.298168] binder_alloc: binder_alloc_new_buf_locked: 11055 failed to alloc new buffer struct
[ 1967.308015] binder: 11055:11058 ioctl c0306201 20000380 returned -14
20:22:47 executing program 5:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r1 = dup2(r0, 0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1967.382450] binder: 11067:11070 unknown command 0
[ 1967.387893] binder: 11067:11070 ioctl c0306201 20000200 returned -22
[ 1967.397445] binder: BINDER_SET_CONTEXT_MGR already set
[ 1967.404257] binder: 11068:11071 ioctl 40046207 0 returned -16
[ 1967.414499] binder: BINDER_SET_CONTEXT_MGR already set
[ 1967.423339] binder: 11034:11037 ioctl 40046207 0 returned -16
[ 1967.439884] binder: 11067:11070 unknown command 0
[ 1967.440625] binder: 11068:11071 unknown command 0
[ 1967.450234] binder: 11034:11074 unknown command 0
[ 1967.458369] binder: 11067:11070 ioctl c0306201 20000200 returned -22
[ 1967.463713] binder: 11034:11074 ioctl c0306201 20000200 returned -22
[ 1967.472385] binder_alloc: 11067: binder_alloc_buf size 158913789952 failed, no address space
[ 1967.476793] binder: 11068:11071 ioctl c0306201 20000200 returned -22
[ 1967.488729] block nbd0: shutting down sockets
[ 1967.495228] binder: BINDER_SET_CONTEXT_MGR already set
[ 1967.503768] binder: 11034:11042 ioctl 40046207 0 returned -16
[ 1967.512879] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1967.518798] binder: 11034:11042 unknown command 0
[ 1967.521639] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1967.526000] binder: 11034:11042 ioctl c0306201 20000200 returned -22
20:22:47 executing program 5:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r1 = dup2(r0, 0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1967.543518] binder: 11068:11078 ioctl c0306201 20000380 returned -14
[ 1967.557004] block nbd0: shutting down sockets
[ 1967.590520] binder: BINDER_SET_CONTEXT_MGR already set
[ 1967.590981] binder: BINDER_SET_CONTEXT_MGR already set
[ 1967.601016] binder: 11068:11071 ioctl 40046207 0 returned -16
[ 1967.603461] binder: 11068:11078 unknown command 0
[ 1967.622066] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1967.630074] binder: 11067:11070 ioctl 40046207 0 returned -16
20:22:47 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1269)

[ 1967.630220] binder: 11067:11082 unknown command 0
[ 1967.651495] binder: 11068:11078 ioctl c0306201 20000200 returned -22
[ 1967.658467] binder: 11068:11084 ioctl c0306201 20000380 returned -14
[ 1967.669938] binder: BINDER_SET_CONTEXT_MGR already set
[ 1967.676349] binder: 11067:11085 ioctl 40046207 0 returned -16
[ 1967.676481] binder: 11067:11070 unknown command 0
20:22:47 executing program 5:
syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r0 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r1 = dup2(r0, 0xffffffffffffffff)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1967.690986] binder: 11067:11082 ioctl c0306201 20000200 returned -22
[ 1967.705734] binder: 11067:11070 ioctl c0306201 20000200 returned -22
20:22:47 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x2000000000000000, &(0x7f0000000700)="f3"})

20:22:47 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1967.782088] block nbd0: shutting down sockets
[ 1967.812148] block nbd0: shutting down sockets
20:22:47 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1967.873618] binder: 11096:11099 unknown command 0
[ 1967.890819] binder: 11096:11099 ioctl c0306201 20000200 returned -22
[ 1967.897845] binder: BINDER_SET_CONTEXT_MGR already set
[ 1967.918055] binder: 11097:11101 ioctl 40046207 0 returned -16
[ 1967.923698] binder: 11096:11099 unknown command 0
[ 1967.943553] binder: 11096:11099 ioctl c0306201 20000200 returned -22
[ 1967.944751] binder: 11097:11101 unknown command 0
[ 1967.967905] binder_alloc: 11096: binder_alloc_buf size 158913789952 failed, no address space
[ 1967.985918] binder: 11097:11101 ioctl c0306201 20000200 returned -22
[ 1967.995269] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1968.012575] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1968.025133] binder: 11097:11107 ioctl c0306201 20000380 returned -14
[ 1968.034916] binder: BINDER_SET_CONTEXT_MGR already set
[ 1968.047270] binder: 11096:11099 ioctl 40046207 0 returned -16
[ 1968.047708] binder: 11096:11109 unknown command 0
[ 1968.060153] binder: BINDER_SET_CONTEXT_MGR already set
[ 1968.066819] binder: 11097:11101 ioctl 40046207 0 returned -16
[ 1968.074106] binder: 11096:11109 ioctl c0306201 20000200 returned -22
[ 1968.074705] binder: 11097:11107 unknown command 0
[ 1968.089039] binder: BINDER_SET_CONTEXT_MGR already set
[ 1968.098474] binder: 11096:11111 ioctl 40046207 0 returned -16
[ 1968.098649] binder: 11096:11099 unknown command 0
[ 1968.108608] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1968.120737] binder: 11097:11107 ioctl c0306201 20000200 returned -22
[ 1968.129957] binder: 11097:11115 ioctl c0306201 20000380 returned -14
[ 1968.137754] binder: 11096:11099 ioctl c0306201 20000200 returned -22
[ 1968.307920] binder: 11123:11124 unknown command 0
[ 1968.318786] binder: 11123:11124 ioctl c0306201 20000200 returned -22
[ 1968.341180] binder: 11123:11124 unknown command 0
[ 1968.346194] binder: 11123:11124 ioctl c0306201 20000200 returned -22
20:22:48 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:48 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1274)

20:22:48 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:48 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:48 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x4800000000000000, &(0x7f0000000700)="f3"})

[ 1968.360071] binder: 11123:11124 ioctl c0306201 20000380 returned -14
20:22:48 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1968.489361] binder: 11127:11132 unknown command 0
[ 1968.500573] binder: BINDER_SET_CONTEXT_MGR already set
[ 1968.513730] binder: 11127:11132 ioctl c0306201 20000200 returned -22
[ 1968.518410] binder: 11128:11131 ioctl 40046207 0 returned -16
[ 1968.541664] binder: 11128:11131 unknown command 0
[ 1968.547043] block nbd0: shutting down sockets
[ 1968.556325] binder: 11128:11131 ioctl c0306201 20000200 returned -22
[ 1968.559302] binder: 11127:11132 unknown command 0
[ 1968.583749] binder: 11127:11132 ioctl c0306201 20000200 returned -22
[ 1968.585994] binder: 11128:11131 ioctl c0306201 20000380 returned -14
[ 1968.603228] binder_alloc: 11127: binder_alloc_buf size 158913789952 failed, no address space
[ 1968.612224] block nbd0: shutting down sockets
[ 1968.616955] binder: BINDER_SET_CONTEXT_MGR already set
[ 1968.633359] binder: 11128:11138 unknown command 0
20:22:48 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1276)

20:22:48 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1968.638600] binder: 11128:11131 ioctl 40046207 0 returned -16
[ 1968.648515] binder: 11128:11138 ioctl c0306201 20000200 returned -22
[ 1968.657445] binder: 11128:11140 ioctl c0306201 20000380 returned -14
[ 1968.662130] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1968.707649] binder: BINDER_SET_CONTEXT_MGR already set
[ 1968.724751] binder: 11127:11143 unknown command 0
[ 1968.724786] binder: 11127:11132 ioctl 40046207 0 returned -16
[ 1968.729634] binder: 11127:11143 ioctl c0306201 20000200 returned -22
[ 1968.751751] binder: 11127:11143 unknown command 0
20:22:48 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x4c00000000000000, &(0x7f0000000700)="f3"})

[ 1968.756632] binder: 11127:11143 ioctl c0306201 20000200 returned -22
20:22:48 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1968.802029] block nbd0: shutting down sockets
[ 1968.818588] binder: 11142:11149 ioctl c0306201 20000340 returned -14
[ 1968.858377] binder: BINDER_SET_CONTEXT_MGR already set
[ 1968.864841] block nbd0: shutting down sockets
[ 1968.880987] binder: 11150:11153 ioctl 40046207 0 returned -16
20:22:48 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:48 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1277)

[ 1968.909407] binder: 11150:11153 unknown command 0
[ 1968.915107] binder: 11150:11153 ioctl c0306201 20000200 returned -22
[ 1968.957078] binder: 11150:11153 ioctl c0306201 20000380 returned -14
[ 1968.958762] binder: 11155:11160 unknown command 0
[ 1968.984781] binder: 11155:11160 ioctl c0306201 20000200 returned -22
[ 1968.999128] binder: BINDER_SET_CONTEXT_MGR already set
[ 1969.027852] binder: 11155:11160 unknown command 0
[ 1969.028659] binder: 11150:11162 unknown command 0
[ 1969.039083] binder: 11150:11153 ioctl 40046207 0 returned -16
[ 1969.041901] binder: 11150:11166 ioctl c0306201 20000380 returned -14
[ 1969.047351] binder: 11150:11162 ioctl c0306201 20000200 returned -22
[ 1969.057594] binder: 11155:11160 ioctl c0306201 20000200 returned -22
[ 1969.067334] binder: 11158:11163 ioctl c0306201 20000340 returned -14
[ 1969.078982] binder_alloc: 11155: binder_alloc_buf size 158913789952 failed, no address space
[ 1969.095811] block nbd0: shutting down sockets
[ 1969.106640] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1969.146141] block nbd0: shutting down sockets
[ 1969.163922] binder: BINDER_SET_CONTEXT_MGR already set
[ 1969.170352] binder: 11155:11160 ioctl 40046207 0 returned -16
[ 1969.170388] binder: 11155:11164 unknown command 0
[ 1969.201770] binder: BINDER_SET_CONTEXT_MGR already set
[ 1969.207997] binder: 11155:11160 ioctl 40046207 0 returned -16
[ 1969.208105] binder: 11155:11170 unknown command 0
[ 1969.231725] binder: 11155:11164 ioctl c0306201 20000200 returned -22
[ 1969.235348] binder: 11155:11170 ioctl c0306201 20000200 returned -22
[ 1969.360516] binder: 11177:11180 unknown command 0
[ 1969.366581] binder: 11177:11180 ioctl c0306201 20000200 returned -22
[ 1969.379719] binder: 11177:11180 unknown command 0
[ 1969.388601] binder: 11177:11180 ioctl c0306201 20000200 returned -22
[ 1969.405991] binder: 11177:11180 ioctl c0306201 20000380 returned -14
20:22:49 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0x2, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:49 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:49 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x6800000000000000, &(0x7f0000000700)="f3"})

20:22:49 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1278)

20:22:49 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1969.518355] binder: 11181:11185 ioctl c0306201 20000340 returned -14
[ 1969.521639] binder: 11182:11188 unknown command 0
[ 1969.528615] binder: BINDER_SET_CONTEXT_MGR already set
[ 1969.541799] binder: 11182:11188 ioctl c0306201 20000200 returned -22
[ 1969.548797] binder: 11183:11187 ioctl 40046207 0 returned -16
20:22:49 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1969.564457] binder: 11182:11188 unknown command 0
[ 1969.572851] block nbd0: shutting down sockets
[ 1969.574705] binder: 11183:11187 unknown command 0
[ 1969.586236] binder: 11182:11188 ioctl c0306201 20000200 returned -22
[ 1969.607244] binder: 11183:11187 ioctl c0306201 20000200 returned -22
[ 1969.615033] block nbd0: shutting down sockets
[ 1969.632550] binder_alloc: 11182: binder_alloc_buf size 158913789952 failed, no address space
[ 1969.649045] binder: 11183:11187 ioctl c0306201 20000380 returned -14
20:22:49 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x1279)

[ 1969.666855] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1969.667869] binder: BINDER_SET_CONTEXT_MGR already set
20:22:49 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1969.713685] binder: BINDER_SET_CONTEXT_MGR already set
[ 1969.720054] binder: 11182:11188 ioctl 40046207 0 returned -16
[ 1969.727778] binder: 11182:11191 unknown command 0
[ 1969.733673] binder: 11183:11187 ioctl 40046207 0 returned -16
[ 1969.733725] binder: 11183:11192 unknown command 0
[ 1969.745559] binder: 11183:11197 ioctl c0306201 20000380 returned -14
[ 1969.764557] binder: 11182:11191 ioctl c0306201 20000200 returned -22
[ 1969.773398] binder: BINDER_SET_CONTEXT_MGR already set
[ 1969.781065] binder: 11183:11192 ioctl c0306201 20000200 returned -22
[ 1969.792672] binder: 11182:11199 ioctl 40046207 0 returned -16
[ 1969.792815] binder: 11182:11203 unknown command 0
20:22:49 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x6c00000000000000, &(0x7f0000000700)="f3"})

20:22:49 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x10, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1969.828541] binder: 11182:11203 ioctl c0306201 20000200 returned -22
[ 1969.842067] block nbd0: shutting down sockets
[ 1969.886642] block nbd0: shutting down sockets
20:22:49 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0xffffff7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1969.910916] binder: BINDER_SET_CONTEXT_MGR already set
[ 1969.926447] binder: 11208:11211 ioctl 40046207 0 returned -16
20:22:49 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x127a)

[ 1969.953648] binder: 11208:11211 unknown command 0
[ 1969.971095] binder: 11208:11211 ioctl c0306201 20000200 returned -22
[ 1970.023743] binder: 11208:11211 ioctl c0306201 20000380 returned -14
[ 1970.036775] binder: 11208:11219 unknown command 0
[ 1970.037304] binder: BINDER_SET_CONTEXT_MGR already set
[ 1970.046860] binder: 11208:11219 ioctl c0306201 20000200 returned -22
[ 1970.055456] binder: 11217:11222 unknown command 0
[ 1970.069447] binder: 11217:11222 ioctl c0306201 20000200 returned -22
[ 1970.077981] binder: 11208:11211 ioctl 40046207 0 returned -16
[ 1970.078093] binder: 11208:11225 ioctl c0306201 20000380 returned -14
[ 1970.091981] block nbd0: shutting down sockets
[ 1970.101233] binder: 11217:11222 unknown command 0
[ 1970.127492] block nbd0: shutting down sockets
[ 1970.131905] binder: 11217:11222 ioctl c0306201 20000200 returned -22
[ 1970.157603] binder_alloc: 11217: binder_alloc_buf size 158913789952 failed, no address space
[ 1970.207381] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1970.224439] binder: BINDER_SET_CONTEXT_MGR already set
[ 1970.230026] binder: 11217:11222 ioctl 40046207 0 returned -16
[ 1970.238345] binder: 11217:11230 unknown command 0
[ 1970.245695] binder: 11217:11230 ioctl c0306201 20000200 returned -22
[ 1970.265068] binder: BINDER_SET_CONTEXT_MGR already set
[ 1970.277863] binder: 11217:11222 ioctl 40046207 0 returned -16
[ 1970.386369] binder: 11235:11239 unknown command 0
[ 1970.396697] binder: 11235:11239 ioctl c0306201 20000200 returned -22
[ 1970.409681] binder: 11235:11239 unknown command 0
[ 1970.421079] binder: 11235:11239 ioctl c0306201 20000200 returned -22
20:22:50 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0x10, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:50 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:50 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x7400000000000000, &(0x7f0000000700)="f3"})

20:22:50 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x127b)

20:22:50 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x2500000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1970.438110] binder: BINDER_SET_CONTEXT_MGR already set
[ 1970.445311] binder: 11235:11239 ioctl 40046207 0 returned -16
[ 1970.451617] binder: 11235:11240 unknown command 0
[ 1970.474597] binder: 11235:11240 ioctl c0306201 20000200 returned -22
[ 1970.564137] binder: BINDER_SET_CONTEXT_MGR already set
[ 1970.583102] binder: 11244:11248 ioctl 40046207 0 returned -16
[ 1970.589094] binder: 11246:11251 unknown command 0
[ 1970.589114] binder: 11246:11251 ioctl c0306201 20000200 returned -22
[ 1970.603211] binder: 11244:11248 unknown command 0
[ 1970.613261] binder: 11244:11248 ioctl c0306201 20000200 returned -22
[ 1970.617623] binder: 11246:11251 unknown command 0
[ 1970.632835] block nbd0: shutting down sockets
[ 1970.643470] binder_alloc_new_buf_locked: 8 callbacks suppressed
[ 1970.643477] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1970.648168] binder: 11246:11251 ioctl c0306201 20000200 returned -22
20:22:50 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1970.649743] binder: 11244:11248 ioctl c0306201 20000380 returned -14
[ 1970.661457] binder: BINDER_SET_CONTEXT_MGR already set
[ 1970.681641] binder_alloc: 11246: binder_alloc_buf size 158913789952 failed, no address space
[ 1970.691973] block nbd0: shutting down sockets
[ 1970.696744] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:50 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x127c)

[ 1970.725204] binder: 11244:11252 unknown command 0
[ 1970.730895] binder: 11244:11252 ioctl c0306201 20000200 returned -22
[ 1970.738058] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1970.745733] binder: 11244:11248 ioctl 40046207 0 returned -16
[ 1970.752247] binder: 11244:11257 ioctl c0306201 20000380 returned -14
20:22:50 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x7a00000000000000, &(0x7f0000000700)="f3"})

20:22:50 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, 0xffffffffffffffff, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1970.787746] binder: BINDER_SET_CONTEXT_MGR already set
[ 1970.796117] binder: 11246:11251 ioctl 40046207 0 returned -16
[ 1970.796159] binder: 11246:11253 unknown command 0
[ 1970.807807] binder: 11246:11253 ioctl c0306201 20000200 returned -22
[ 1970.821775] binder: 11246:11262 unknown command 0
[ 1970.826779] binder: 11246:11262 ioctl c0306201 20000200 returned -22
20:22:50 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1970.963387] binder: BINDER_SET_CONTEXT_MGR already set
[ 1970.985765] binder: 11268:11273 ioctl 40046207 0 returned -16
[ 1970.996228] binder: 11272:11278 unknown command 0
20:22:50 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1971.012072] binder: 11272:11278 ioctl c0306201 20000200 returned -22
[ 1971.024401] block nbd0: shutting down sockets
[ 1971.034498] binder: 11268:11273 unknown command 0
[ 1971.055768] binder: 11268:11273 ioctl c0306201 20000200 returned -22
[ 1971.059694] binder: 11272:11282 unknown command 0
[ 1971.076927] block nbd0: shutting down sockets
[ 1971.081097] binder: 11272:11282 ioctl c0306201 20000200 returned -22
[ 1971.084074] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1971.105601] binder: 11268:11273 ioctl c0306201 20000380 returned -14
20:22:50 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x127d)

[ 1971.112404] binder_alloc: 11272: binder_alloc_buf size 158913789952 failed, no address space
[ 1971.124035] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1971.150169] binder: BINDER_SET_CONTEXT_MGR already set
[ 1971.171844] binder: 11268:11273 ioctl 40046207 0 returned -16
[ 1971.171886] binder: 11268:11281 unknown command 0
[ 1971.185099] binder: BINDER_SET_CONTEXT_MGR already set
[ 1971.190793] binder: 11272:11278 ioctl 40046207 0 returned -16
[ 1971.190841] binder: 11272:11282 unknown command 0
[ 1971.198704] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1971.213006] binder: 11268:11281 ioctl c0306201 20000200 returned -22
[ 1971.221055] binder: 11272:11282 ioctl c0306201 20000200 returned -22
[ 1971.229890] binder: BINDER_SET_CONTEXT_MGR already set
[ 1971.238002] binder: 11268:11288 ioctl c0306201 20000380 returned -14
[ 1971.259526] binder: 11272:11290 ioctl 40046207 0 returned -16
[ 1971.391985] block nbd0: shutting down sockets
[ 1971.443968] block nbd0: shutting down sockets
[ 1971.558616] binder: 11305:11307 unknown command 0
[ 1971.564551] binder: 11305:11307 ioctl c0306201 20000200 returned -22
[ 1971.575354] binder: 11305:11307 unknown command 0
[ 1971.580404] binder: 11305:11307 ioctl c0306201 20000200 returned -22
[ 1971.588097] binder: 11305:11307 ioctl 10 20000380 returned -22
[ 1971.595872] binder: BINDER_SET_CONTEXT_MGR already set
[ 1971.602705] binder: 11305:11307 ioctl 40046207 0 returned -16
[ 1971.608844] binder: 11305:11308 unknown command 0
[ 1971.701776] binder: BINDER_SET_CONTEXT_MGR already set
[ 1971.791632] binder: 11305:11312 ioctl 10 20000380 returned -22
[ 1972.001577] binder: 11305:11308 ioctl c0306201 20000200 returned -22
[ 1972.103304] binder: 11305:11309 ioctl 40046207 0 returned -16
[ 1972.109491] binder: 11305:11311 unknown command 0
[ 1972.481459] binder: 11305:11311 ioctl c0306201 20000200 returned -22
20:22:52 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0x5421, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:52 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0xffffff7f00000000, &(0x7f0000000700)="f3"})

20:22:52 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:52 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:52 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x127e)

20:22:52 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1972.722348] binder: BINDER_SET_CONTEXT_MGR already set
[ 1972.727830] binder: 11315:11320 ioctl 40046207 0 returned -16
[ 1972.764306] binder: 11316:11323 unknown command 0
[ 1972.772361] binder: 11315:11320 unknown command 0
[ 1972.775485] binder: 11316:11323 ioctl c0306201 20000200 returned -22
[ 1972.789761] binder: 11315:11320 ioctl c0306201 20000200 returned -22
[ 1972.797721] block nbd0: shutting down sockets
[ 1972.826101] binder: 11316:11323 unknown command 0
[ 1972.837415] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1972.843445] binder: 11316:11323 ioctl c0306201 20000200 returned -22
[ 1972.857269] block nbd0: shutting down sockets
20:22:52 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, 0x0, 0x0, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1972.869470] binder_alloc: 11316: binder_alloc_buf size 158913789952 failed, no address space
[ 1972.878765] binder: 11315:11320 ioctl c0306201 20000380 returned -14
[ 1972.891647] binder: 11315:11328 unknown command 0
[ 1972.896854] binder: 11315:11328 ioctl c0306201 20000200 returned -22
[ 1972.904061] binder: BINDER_SET_CONTEXT_MGR already set
20:22:52 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x127f)

[ 1972.938048] binder: 11315:11320 ioctl 40046207 0 returned -16
[ 1972.938324] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1972.970418] binder: 11315:11334 ioctl c0306201 20000380 returned -14
[ 1972.974502] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:52 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, 0x0, 0x0, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:52 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r3, 0x7, &(0x7f0000000080)={0x1})
splice(r2, &(0x7f0000000040)=0x6, r3, &(0x7f0000000080)=0x1f, 0xd0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000700)="f3"})

[ 1973.065225] binder: 11316:11327 unknown command 0
[ 1973.065472] binder: BINDER_SET_CONTEXT_MGR already set
[ 1973.070441] binder: 11316:11327 ioctl c0306201 20000200 returned -22
[ 1973.108565] binder: BINDER_SET_CONTEXT_MGR already set
[ 1973.111895] block nbd0: shutting down sockets
[ 1973.115556] binder: 11316:11342 unknown command 0
[ 1973.124974] binder: 11316:11341 ioctl 40046207 0 returned -16
[ 1973.131729] binder: 11316:11323 ioctl 40046207 0 returned -16
[ 1973.151172] binder: 11316:11342 ioctl c0306201 20000200 returned -22
20:22:52 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, 0x0, 0x0, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1973.172724] block nbd0: shutting down sockets
[ 1973.191737] binder: BINDER_SET_CONTEXT_MGR already set
20:22:52 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x5421)

[ 1973.216365] binder: 11346:11350 ioctl 40046207 0 returned -16
[ 1973.236981] binder: 11346:11350 unknown command 0
[ 1973.250279] binder: 11346:11350 ioctl c0306201 20000200 returned -22
[ 1973.299310] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1973.330549] binder: 11346:11356 unknown command 0
[ 1973.336188] binder: 11346:11356 ioctl c0306201 20000200 returned -22
[ 1973.344097] binder: BINDER_SET_CONTEXT_MGR already set
[ 1973.349529] binder: 11346:11350 ioctl 40046207 0 returned -16
[ 1973.352126] block nbd0: shutting down sockets
[ 1973.390153] binder: 11313:11361 unknown command 0
[ 1973.413822] block nbd0: shutting down sockets
[ 1973.508339] binder: 11313:11361 ioctl c0306201 20000200 returned -22
[ 1973.519333] binder: 11313:11361 unknown command 0
[ 1973.525623] binder: 11313:11361 ioctl c0306201 20000200 returned -22
[ 1973.535434] binder: BINDER_SET_CONTEXT_MGR already set
[ 1973.540759] binder: 11313:11361 ioctl 40046207 0 returned -16
[ 1973.550098] binder: 11313:11366 unknown command 0
20:22:53 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0x5450, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:53 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:53 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:53 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000040)=[0xff, 0x0, 0x3, 0x100, 0x0, 0x5], 0x6, 0x80000, 0x0, <r4=>0xffffffffffffffff})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x1c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0c6190aa05630440551000000f630c4002a786e8440001ffff000000"], 0x54, 0x0, &(0x7f0000000180)="d1579139a6ec31386cc05e81a51fd42520d107e9d7ac939916e717299338293f80177dc83e313a86eec39a969da8fae42d0bdd0787a797d76b6ac987bad47fecfe5283df8d89006ee34aa01b0876ed3408eb17e4"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:53 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x5450)

[ 1973.557545] binder: 11313:11370 unknown command 0
[ 1973.563557] binder: 11313:11366 ioctl c0306201 20000200 returned -22
[ 1973.570341] binder: 11313:11370 ioctl c0306201 20000200 returned -22
20:22:53 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1973.663449] binder: BINDER_SET_CONTEXT_MGR already set
[ 1973.671113] binder: 11372:11379 unknown command 0
[ 1973.687084] binder: 11372:11379 ioctl c0306201 20000200 returned -22
[ 1973.691855] block nbd0: shutting down sockets
[ 1973.694009] binder: 11373:11378 ioctl 40046207 0 returned -16
[ 1973.730132] binder: 11372:11379 unknown command 0
[ 1973.735428] binder: 11372:11379 ioctl c0306201 20000200 returned -22
[ 1973.742505] binder: 11373:11378 unknown command 0
[ 1973.747461] binder: 11373:11378 ioctl c0306201 20000200 returned -22
[ 1973.761814] block nbd0: shutting down sockets
[ 1973.770415] binder_alloc: 11372: binder_alloc_buf size 158913789952 failed, no address space
20:22:53 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x5451)

[ 1973.783109] binder: 11373:11378 ioctl c01864c6 20000080 returned -22
[ 1973.809639] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1973.816927] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1973.835241] binder: BINDER_SET_CONTEXT_MGR already set
[ 1973.848742] binder: BINDER_SET_CONTEXT_MGR already set
[ 1973.854974] binder: 11373:11378 ioctl 40046207 0 returned -16
[ 1973.855064] binder: 11373:11383 unknown command 0
[ 1973.866986] binder: 11372:11379 ioctl 40046207 0 returned -16
[ 1973.874206] binder: 11372:11389 unknown command 0
20:22:53 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1973.883895] binder: 11373:11392 ioctl c01864c6 20000080 returned -22
[ 1973.895129] binder: 11372:11389 ioctl c0306201 20000200 returned -22
[ 1973.896789] binder: 11373:11383 ioctl c0306201 20000200 returned -22
[ 1973.902967] binder: BINDER_SET_CONTEXT_MGR already set
20:22:53 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, &(0x7f0000000100), 0xffffffffffffffff, 0x0, 0xffffffffffff131d, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000003, 0x50, 0xffffffffffffffff, 0xb1e3a000)
r2 = syz_open_dev$video4linux(&(0x7f0000000140), 0x5, 0x240c00)
r3 = mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0xd8, 0x0, &(0x7f0000000480)=[@request_death, @register_looper, @increfs_done={0x40106308, 0x1}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000240)={@fda={0x66646185, 0x6, 0xfdfdffff00000000, 0x7}, @ptr={0x70742a85, 0x1, &(0x7f00000001c0)=""/124, 0x7c, 0x1, 0x1b}, @flat=@binder={0x73622a85, 0xbe9cbbd1e344fe76, 0x3}}, &(0x7f0000000040)={0x0, 0x20, 0x48}}, 0x1000}, @acquire_done, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000003c0)={@fd, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f00000002c0)=""/194, 0xc2, 0x2, 0x14}}, &(0x7f0000000440)={0x0, 0x18, 0x30}}}, @free_buffer={0x40086303, r3}], 0xe1, 0x0, &(0x7f0000000580)="1bf3ba046e33b72a2cd85d2e1b8ae94db8e3a2c5d3edfbc6a905c0e71674cf0a8d8c7731a0a43d8b272dc3f57fef52d1e5d517330db3bb8b4e1718a2595f691a5120c48e05328029ff35837a9be3f3af824e2f049196a4bc284be0c062bc6e0498ee60fddfc4a79a1c57e7453cb6a35237c0a42112f4a40affdf72b3169563f789346ed617711b9c787f55121613b804f7841d2c395b3ff586f720371300f5d8a396e2984997dc37a5dde0d099b5f07330f36b50c292629ee1dfcb835f8e6ccb3daa88ae6e0dbb69b0ffb85bb11b6a3bf9bb7e415042ec74498d4cf1202e220e1b"})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x7c, 0x0, &(0x7f0000000180)=[@acquire={0x40046305, 0x2}, @dead_binder_done, @release={0x40046306, 0x1}, @free_buffer={0x40086303, r3}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000040)={@flat=@weak_binder={0x77622a85, 0x1101, 0x3}, @flat=@binder={0x73622a85, 0x100a, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000880)=""/4096, 0x1000, 0x2, 0x3}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}, 0x40}, @acquire={0x40046305, 0x3}], 0x2f, 0x0, &(0x7f0000000240)="1c0d9cd1c28bc14a1540a3a081bc3d3500d12f5091b46ed742f69d214930b0797602974cb08d60513b9308de435160"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r4 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f00000006c0)='./file0\x00', 0x280000, 0x100)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1973.935029] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1973.942204] binder: 11372:11390 ioctl 40046207 0 returned -16
[ 1973.945771] binder: 11372:11393 unknown command 0
[ 1973.958550] binder: 11372:11393 ioctl c0306201 20000200 returned -22
[ 1973.982697] block nbd0: shutting down sockets
[ 1973.983774] binder: 11399:11400 unknown command 0
[ 1973.998016] binder: 11399:11400 ioctl c0306201 20000200 returned -22
20:22:53 executing program 2:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000040)=0x5)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = open(&(0x7f00000001c0)='./file0\x00', 0x406261, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x4)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000180)=[{&(0x7f0000000240)=""/205, 0xcd}, {&(0x7f0000000080)=""/105, 0x69}], 0x2, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x64, 0x0, &(0x7f0000000440)=[@request_death={0x400c630e, 0x2}, @release, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000700)="f3"})

20:22:53 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1974.030855] block nbd0: shutting down sockets
[ 1974.047797] binder: 11399:11400 unknown command 0
20:22:53 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1974.077525] binder: 11399:11400 ioctl c0306201 20000200 returned -22
[ 1974.098076] binder: 11399:11404 ioctl c0306201 20000540 returned -14
[ 1974.126721] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.134857] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.143098] binder: 11407:11410 unknown command 0
[ 1974.144978] binder: 11406:11409 ioctl 40046207 0 returned -16
[ 1974.158742] binder: 11399:11400 ioctl 40046207 0 returned -16
[ 1974.166479] binder: 11407:11410 ioctl c0306201 20000200 returned -22
[ 1974.174535] binder: 11399:11413 unknown command 0
[ 1974.186831] binder: 11399:11413 ioctl c0306201 20000200 returned -22
[ 1974.188542] binder: 11407:11410 unknown command 0
[ 1974.194339] binder: 11406:11414 unknown command 0
[ 1974.215268] binder: 11407:11410 ioctl c0306201 20000200 returned -22
[ 1974.221564] binder: 11406:11414 ioctl c0306201 20000200 returned -22
[ 1974.229328] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.237394] binder: 11399:11413 ioctl 40046207 0 returned -16
[ 1974.240507] binder_alloc: 11407: binder_alloc_buf size 158913789952 failed, no address space
[ 1974.249212] binder: 11399:11404 unknown command 0
[ 1974.260091] binder_alloc: 27169: binder_alloc_buf, no vma
[ 1974.266483] binder: 11399:11404 ioctl c0306201 20000200 returned -22
[ 1974.274963] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.277962] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1974.285286] binder: 11406:11409 ioctl 40046207 0 returned -16
[ 1974.296016] binder: 11406:11419 unknown command 0
[ 1974.304700] binder: 11406:11419 ioctl c0306201 20000200 returned -22
[ 1974.345924] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.352559] binder: 11407:11410 ioctl 40046207 0 returned -16
[ 1974.368540] binder: 11407:11410 unknown command 0
[ 1974.381752] binder: 11407:11410 ioctl c0306201 20000200 returned -22
[ 1974.412126] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.420397] binder: 11407:11410 ioctl 40046207 0 returned -16
[ 1974.440527] binder: 11425:11427 unknown command 0
[ 1974.445858] binder: 11425:11427 ioctl c0306201 20000200 returned -22
[ 1974.542006] binder: 11425:11427 unknown command 0
[ 1974.547096] binder: 11425:11427 ioctl c0306201 20000200 returned -22
[ 1974.566278] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.579582] binder: 11425:11427 ioctl 40046207 0 returned -16
[ 1974.586379] binder: 11425:11430 unknown command 0
20:22:54 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0x5451, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:54 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x5452)

20:22:54 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

20:22:54 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x113841, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r2, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x2)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r4, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r5, 0x7, &(0x7f0000000080)={0x1})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000240)={0x3, @vbi={0x4, 0x1, 0x7, 0x3031334d, [0x1, 0x4], [0x101, 0x7fffffff], 0x1}})
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={0xffffffffffffffff}, 0x4)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000001c0)={r6, r1})
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:54 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1974.601721] binder: 11425:11431 unknown command 0
[ 1974.607529] binder: 11425:11430 ioctl c0306201 20000200 returned -22
[ 1974.630181] binder: 11425:11431 ioctl c0306201 20000200 returned -22
[ 1974.685388] binder: 11435:11437 unknown command 0
[ 1974.690455] binder: 11434:11440 unknown command 0
[ 1974.693431] binder: 11435:11437 ioctl c0306201 20000200 returned -22
[ 1974.702588] binder: 11434:11440 ioctl c0306201 20000200 returned -22
20:22:54 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r2, 0x0)
preadv(r2, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000340)={0x20, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death, @decrefs], 0x0, 0x0, 0x0})

[ 1974.730010] binder: 11435:11437 unknown command 0
[ 1974.735919] binder: 11434:11440 unknown command 0
[ 1974.738319] binder: 11435:11437 ioctl c0306201 20000200 returned -22
[ 1974.758426] binder: 11434:11440 ioctl c0306201 20000200 returned -22
[ 1974.770540] block nbd0: shutting down sockets
[ 1974.776848] binder_alloc: 11434: binder_alloc_buf size 158913789952 failed, no address space
[ 1974.786666] binder: 11435:11443 ioctl c0306201 20000540 returned -14
[ 1974.801862] block nbd0: shutting down sockets
[ 1974.816752] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:54 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0x5460)

[ 1974.818769] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.844835] binder: 11435:11437 ioctl 40046207 0 returned -16
[ 1974.845069] binder: 11435:11443 unknown command 0
[ 1974.863359] binder: BINDER_SET_CONTEXT_MGR already set
20:22:54 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)

[ 1974.876038] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.883774] binder: 11435:11443 ioctl c0306201 20000200 returned -22
[ 1974.894103] binder: 11435:11448 ioctl 40046207 0 returned -16
[ 1974.907580] binder: 11434:11440 ioctl 40046207 0 returned -16
[ 1974.907595] binder: BINDER_SET_CONTEXT_MGR already set
[ 1974.914994] binder: 11435:11447 unknown command 0
[ 1974.927750] binder: 11435:11447 ioctl c0306201 20000200 returned -22
[ 1974.944070] binder: 11434:11450 ioctl 40046207 0 returned -16
[ 1974.944118] binder: 11434:11449 unknown command 0
[ 1974.950475] binder: 11434:11452 unknown command 0
[ 1974.963428] binder: 11434:11449 ioctl c0306201 20000200 returned -22
20:22:54 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/softnet_stat\x00')
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000180)={0x1})
close(r1)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
mmap$binder(&(0x7f00007b2000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0xffffffffffffff80)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r2, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x1800003, 0x10010, r4, 0x4000000)
preadv(r4, &(0x7f0000000080)=[{&(0x7f0000000240)=""/214, 0xd6}], 0x1, 0xd9b, 0x9)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1974.981609] binder: 11434:11452 ioctl c0306201 20000200 returned -22
20:22:54 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1975.130432] binder: 11459:11463 unknown command 0
[ 1975.147625] binder: 11461:11464 ioctl c0306201 0 returned -14
[ 1975.151259] binder: 11460:11465 unknown command 0
[ 1975.153757] binder: 11459:11463 ioctl c0306201 20000200 returned -22
[ 1975.162530] binder: 11460:11465 ioctl c0306201 20000200 returned -22
20:22:54 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)

[ 1975.184364] binder: 11460:11465 unknown command 0
[ 1975.194264] binder: 11459:11463 unknown command 0
[ 1975.200598] binder: 11460:11465 ioctl c0306201 20000200 returned -22
[ 1975.209713] block nbd0: shutting down sockets
20:22:55 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0)

[ 1975.230493] binder_alloc: 11460: binder_alloc_buf size 158913789952 failed, no address space
[ 1975.244964] binder: 11459:11468 ioctl c0306201 20000540 returned -14
[ 1975.249103] binder: 11469:11470 ioctl c0306201 0 returned -14
[ 1975.262163] block nbd0: shutting down sockets
[ 1975.267127] binder: 11459:11463 ioctl c0306201 20000200 returned -22
[ 1975.307786] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1975.308176] binder: 11459:11472 unknown command 0
[ 1975.316920] binder: BINDER_SET_CONTEXT_MGR already set
[ 1975.360406] binder: 11474:11475 ioctl c0306201 0 returned -14
[ 1975.367102] binder: 11459:11463 ioctl 40046207 0 returned -16
[ 1975.367292] binder: 11459:11472 ioctl c0306201 20000200 returned -22
[ 1975.382471] binder: BINDER_SET_CONTEXT_MGR already set
[ 1975.387259] binder: BINDER_SET_CONTEXT_MGR already set
[ 1975.395094] binder: 11460:11465 ioctl 40046207 0 returned -16
[ 1975.405544] binder: 11459:11476 ioctl 40046207 0 returned -16
[ 1975.417724] binder: 11460:11478 unknown command 0
[ 1975.424443] binder: 11460:11478 ioctl c0306201 20000200 returned -22
[ 1975.427841] binder: 11459:11468 unknown command 0
[ 1975.439028] binder: BINDER_SET_CONTEXT_MGR already set
[ 1975.444673] binder: 11459:11468 ioctl c0306201 20000200 returned -22
[ 1975.453346] binder: 11460:11465 ioctl 40046207 0 returned -16
[ 1975.594984] binder: 11486:11487 unknown command 0
[ 1975.600239] binder: 11486:11487 ioctl c0306201 20000200 returned -22
[ 1975.619172] binder: 11486:11487 unknown command 0
[ 1975.627619] binder: 11486:11487 ioctl c0306201 20000200 returned -22
[ 1975.642061] binder: BINDER_SET_CONTEXT_MGR already set
[ 1975.647637] binder: 11486:11487 ioctl 40046207 0 returned -16
[ 1975.669888] binder: 11486:11488 unknown command 0
[ 1975.679686] binder: 11486:11489 unknown command 0
20:22:55 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0x5452, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:55 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab00)

20:22:55 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

20:22:55 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:55 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="2363040a80d72d40"], 0xed, 0x0, &(0x7f0000000240)="a41fffffba05f00f951e92c79c136f03916325f47966518bd9bee690209dc0c0cee98e26103b98aad2cff35867045d8fbbbeaeba171407e40091528d3acb2972ea945ff70b53888bcc1147d26b08617568da392ca0ff037b28f24b58d27b82e2f2347b6eaa4baaf360ec2aee3046ecca8e4f72bf785b70f7e05c1331f388070d2a3a04ce5aa74192254bfabd6d2204b5f18efe8525f915ea1a8ce2c892a84d421af61ea3690ad11a4618a1deda70303c267a629c0fbba381470892c0c2918463f5326eb3ceb10786c46dc8c65e57d1f3687ea939508c888af3146bac1b8fd8cd8e96289e55fd4908a7a0b760c4"})
r2 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r2, r0)
r3 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x1010, r4, 0x0)
preadv(r4, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000180)={0x1})
close(0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)={0xf, 0x10000, 0xefd4, 0x3, 0x19, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x1}, 0x40)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1975.689677] binder: 11486:11488 ioctl c0306201 20000200 returned -22
[ 1975.701239] binder: 11486:11489 ioctl c0306201 20000200 returned -22
20:22:55 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1975.770240] binder: 11493:11496 unknown command 0
[ 1975.782721] binder: 11493:11496 ioctl c0306201 20000200 returned -22
[ 1975.790796] binder: 11495:11498 unknown command 0
[ 1975.808447] binder: 11495:11498 ioctl c0306201 20000200 returned -22
[ 1975.811935] block nbd0: shutting down sockets
[ 1975.827885] binder: 11493:11496 unknown command 0
[ 1975.840044] binder: 11495:11498 unknown command 0
[ 1975.847598] binder: 11493:11496 ioctl c0306201 20000200 returned -22
[ 1975.858033] binder: 11495:11498 ioctl c0306201 20000200 returned -22
[ 1975.865354] block nbd0: shutting down sockets
20:22:55 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[ 1975.874230] binder_alloc: 11493: binder_alloc_buf size 158913789952 failed, no address space
[ 1975.885677] binder: 11495:11498 ioctl c0306201 20000540 returned -14
[ 1975.905617] binder: BINDER_SET_CONTEXT_MGR already set
[ 1975.911255] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
20:22:55 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab01)

[ 1975.935120] binder: 11495:11504 unknown command 0
[ 1975.942195] binder: BINDER_SET_CONTEXT_MGR already set
[ 1975.944474] binder: 11495:11498 ioctl 40046207 0 returned -16
[ 1975.957796] binder: 11495:11504 ioctl c0306201 20000200 returned -22
[ 1975.964684] binder: 11495:11508 unknown command 0
[ 1975.964703] binder: 11495:11508 ioctl c0306201 20000200 returned -22
[ 1975.965482] binder: 11495:11506 ioctl 40046207 0 returned -16
[ 1975.979468] binder: BINDER_SET_CONTEXT_MGR already set
[ 1975.995076] binder: 11493:11496 ioctl 40046207 0 returned -16
[ 1976.003970] binder: 11493:11510 unknown command 0
[ 1976.010896] binder: BINDER_SET_CONTEXT_MGR already set
[ 1976.020203] binder: 11493:11511 ioctl 40046207 0 returned -16
[ 1976.038769] binder: 11493:11510 ioctl c0306201 20000200 returned -22
[ 1976.039398] binder: 11493:11496 unknown command 0
[ 1976.054401] binder: 11493:11496 ioctl c0306201 20000200 returned -22
20:22:55 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:55 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r2, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r2, 0x7, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2000000000})
r3 = openat$cgroup_ro(r2, &(0x7f00000001c0)='hugetlb.2MB.limit_in_bytes\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f0000000280)=[@increfs={0x40046304, 0x2}, @decrefs={0x40046307, 0x3}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r4 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x800)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r5, 0x0)
preadv(r5, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r4, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1976.202715] binder: 11519:11526 unknown command 0
[ 1976.216519] binder: 11521:11525 unknown command 0
[ 1976.216859] binder: 11519:11526 ioctl c0306201 20000200 returned -22
[ 1976.230832] binder: 11521:11525 ioctl c0306201 20000200 returned -22
[ 1976.240052] block nbd0: shutting down sockets
20:22:56 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x18, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper, @request_death], 0x0, 0x0, 0x0})

[ 1976.260686] binder: 11519:11526 unknown command 0
[ 1976.269512] binder: 11521:11528 ioctl c0306201 20000540 returned -14
[ 1976.287009] binder: 11519:11526 ioctl c0306201 20000200 returned -22
[ 1976.295602] block nbd0: shutting down sockets
[ 1976.305989] binder: BINDER_SET_CONTEXT_MGR already set
[ 1976.306644] binder_alloc: 11519: binder_alloc_buf size 158913789952 failed, no address space
[ 1976.318897] binder: 11521:11525 ioctl 40046207 0 returned -16
[ 1976.329765] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1976.345120] binder: BINDER_SET_CONTEXT_MGR already set
[ 1976.351256] binder: 11521:11532 ioctl c0306201 20000540 returned -14
20:22:56 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab02)

[ 1976.358346] binder: 11521:11531 unknown command 0
[ 1976.365680] binder: 11521:11528 ioctl 40046207 0 returned -16
[ 1976.379239] binder: 11521:11531 ioctl c0306201 20000200 returned -22
[ 1976.397785] binder: BINDER_SET_CONTEXT_MGR already set
[ 1976.421599] binder: 11519:11526 ioctl 40046207 0 returned -16
[ 1976.422395] binder: 11519:11537 unknown command 0
[ 1976.430875] binder: BINDER_SET_CONTEXT_MGR already set
[ 1976.449194] binder: 11519:11540 ioctl 40046207 0 returned -16
[ 1976.457217] binder: 11519:11539 unknown command 0
[ 1976.477100] binder: 11519:11537 ioctl c0306201 20000200 returned -22
[ 1976.491964] block nbd0: shutting down sockets
[ 1976.501265] binder: 11519:11539 ioctl c0306201 20000200 returned -22
[ 1976.541787] block nbd0: shutting down sockets
[ 1976.690640] binder: 11547:11548 unknown command 0
[ 1976.714061] binder: 11547:11548 ioctl c0306201 20000200 returned -22
[ 1976.725379] binder: 11547:11548 unknown command 0
[ 1976.739130] binder: 11547:11548 ioctl c0306201 20000200 returned -22
[ 1977.247402] binder: BINDER_SET_CONTEXT_MGR already set
[ 1977.333339] ieee802154 phy1 wpan1: encryption failed: -22
[ 1977.719098] binder: 11547:11551 unknown command 0
[ 1977.719187] binder: 11547:11548 ioctl 40046207 0 returned -16
[ 1977.719233] binder: BINDER_SET_CONTEXT_MGR already set
[ 1977.756644] binder: 11547:11551 ioctl c0306201 20000200 returned -22
[ 1977.766447] binder: 11547:11554 unknown command 0
[ 1977.776779] binder: 11547:11552 ioctl 40046207 0 returned -16
[ 1977.785006] binder: 11547:11554 ioctl c0306201 20000200 returned -22
20:22:57 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0x5460, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x8, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper], 0x0, 0x0, 0x0})

20:22:57 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0xd0, 0x0, &(0x7f0000000600)=[@increfs_done={0x40106308, 0x1}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000040)={@fda={0x66646185, 0x7, 0x0, 0x9}, @flat=@binder={0x73622a85, 0x1000, 0x3}, @flat=@weak_binder={0x77622a85, 0x20a}}, &(0x7f00000000c0)={0x0, 0x20, 0x38}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000180)=ANY=[@ANYBLOB="852a68770a10000002000000000000000000000000000000852a62770001000001000000000000000000000000000000852a6873010000000200"/72], &(0x7f0000000240)={0x0, 0x18, 0x30}}}, @enter_looper, @decrefs={0x40046307, 0x1}, @release={0x40046306, 0x1}, @release={0x40046306, 0x1}, @dead_binder_done, @dead_binder_done], 0x1a, 0x0, &(0x7f0000000280)="14bb4397410ef8d16781eff14c7dcbf3e351186cf077b9006540"})
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:57 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

20:22:57 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r0, 0x0)
preadv(r0, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
r3 = dup(r2)
ioctl$NBD_SET_SOCK(r1, 0xab00, r3)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_CLEAR_SOCK(r4, 0xab03)

[ 1977.912702] binder: 11558:11562 unknown command 0
[ 1977.915169] binder: 11557:11561 unknown command 0
[ 1977.925072] binder: 11558:11562 ioctl c0306201 20000200 returned -22
[ 1977.932153] binder: 11557:11561 ioctl c0306201 20000200 returned -22
[ 1977.938130] binder: 11557:11561 ioctl c0306201 20000540 returned -14
20:22:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x8, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper], 0x0, 0x0, 0x0})

[ 1977.957873] binder: BINDER_SET_CONTEXT_MGR already set
[ 1977.969546] binder: 11558:11562 unknown command 0
[ 1977.971862] binder: 11557:11561 ioctl 40046207 0 returned -16
[ 1977.985201] binder: 11557:11565 unknown command 0
[ 1978.015465] binder: 11557:11568 unknown command 0
[ 1978.021980] binder: 11558:11562 ioctl c0306201 20000200 returned -22
[ 1978.025058] binder_alloc: 11558: binder_alloc_buf size 158913789952 failed, no address space
[ 1978.030732] binder: 11557:11565 ioctl c0306201 20000200 returned -22
[ 1978.048772] binder: 11557:11568 ioctl c0306201 20000200 returned -22
20:22:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x8, 0x0, &(0x7f00000003c0)=[@register_looper, @enter_looper], 0x0, 0x0, 0x0})

[ 1978.071953] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1978.110858] binder: BINDER_SET_CONTEXT_MGR already set
20:22:57 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r3)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000600)={0x12c, r4, 0x20, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xd4, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe9d8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xb429}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x50}, 0x4020)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

[ 1978.118728] binder: 11558:11562 ioctl 40046207 0 returned -16
[ 1978.118782] binder: 11558:11571 unknown command 0
[ 1978.138322] binder: BINDER_SET_CONTEXT_MGR already set
[ 1978.150935] binder: 11558:11577 unknown command 0
[ 1978.164953] binder: 11558:11576 ioctl 40046207 0 returned -16
20:22:57 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x14, 0x0, &(0x7f00000003c0)=[@register_looper, @request_death], 0x0, 0x0, 0x0})

[ 1978.173627] binder: 11558:11571 ioctl c0306201 20000200 returned -22
[ 1978.184982] binder: 11558:11577 ioctl c0306201 20000200 returned -22
20:22:58 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1978.232221] binder: 11581:11583 unknown command 0
[ 1978.248334] binder: 11581:11583 ioctl c0306201 20000200 returned -22
20:22:58 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x10, 0x0, &(0x7f00000003c0)=[@request_death], 0x0, 0x0, 0x0})

[ 1978.285338] binder: 11581:11583 unknown command 0
[ 1978.301843] binder: 11581:11583 ioctl c0306201 20000200 returned -22
[ 1978.317090] binder: 11587:11589 unknown command 0
[ 1978.332844] binder: 11587:11589 ioctl c0306201 20000200 returned -22
[ 1978.344784] binder: 11581:11583 ioctl c0306201 20000540 returned -14
[ 1978.360873] binder: 11587:11589 unknown command 0
[ 1978.379335] binder: 11587:11589 ioctl c0306201 20000200 returned -22
[ 1978.379940] binder: BINDER_SET_CONTEXT_MGR already set
[ 1978.400533] binder_alloc: 11587: binder_alloc_buf size 158913789952 failed, no address space
[ 1978.405650] binder: 11581:11597 ioctl c0306201 20000540 returned -14
[ 1978.426456] binder: 11581:11592 unknown command 0
[ 1978.426475] binder: BINDER_SET_CONTEXT_MGR already set
20:22:58 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x10, 0x0, &(0x7f00000003c0)=[@request_death], 0x0, 0x0, 0x0})

[ 1978.437288] binder: 11581:11583 ioctl 40046207 0 returned -16
[ 1978.443272] binder: 11581:11596 unknown command 37
[ 1978.443291] binder: 11581:11596 ioctl c0306201 20000200 returned -22
[ 1978.444595] binder: 11581:11594 ioctl 40046207 0 returned -16
[ 1978.454149] binder: 11581:11592 ioctl c0306201 20000200 returned -22
[ 1978.478356] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1978.536085] binder: BINDER_SET_CONTEXT_MGR already set
[ 1978.555655] binder: 11587:11601 unknown command 0
[ 1978.563571] binder: BINDER_SET_CONTEXT_MGR already set
[ 1978.565784] binder: 11587:11589 ioctl 40046207 0 returned -16
[ 1978.579490] binder: 11587:11601 ioctl c0306201 20000200 returned -22
[ 1978.583987] binder: 11587:11604 unknown command 0
[ 1978.591695] binder: 11587:11604 ioctl c0306201 20000200 returned -22
[ 1978.606000] binder: 11587:11603 ioctl 40046207 0 returned -16
[ 1978.608863] binder: 11608:11609 unknown command 0
[ 1978.652205] binder: 11608:11609 ioctl c0306201 20000200 returned -22
[ 1978.674690] binder: 11608:11609 unknown command 0
[ 1978.679703] binder: 11608:11609 ioctl c0306201 20000200 returned -22
[ 1978.711282] binder: BINDER_SET_CONTEXT_MGR already set
[ 1978.728244] binder: 11608:11609 ioctl 40046207 0 returned -16
[ 1978.741521] binder: 11608:11610 unknown command 0
[ 1978.746773] binder: 11608:11610 ioctl c0306201 20000200 returned -22
[ 1978.757622] block nbd0: Device being setup by another task
[ 1978.769247] block nbd0: shutting down sockets
20:22:58 executing program 3:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0x40046205, &(0x7f0000000380)={0x44, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={@fda, @fd, @flat=@handle}, &(0x7f0000000180)}}, @dead_binder_done, @acquire_done, @increfs], 0xffffffffffffff3f, 0x0, 0x0})

20:22:58 executing program 4:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe8d, 0x18, 0x0, &(0x7f0000000340)}}], 0x2, 0x0, 0x0})

20:22:58 executing program 5:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x0, 0x0})
r2 = dup2(r1, r0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x10, 0x0, &(0x7f00000003c0)=[@request_death], 0x0, 0x0, 0x0})

20:22:58 executing program 1:
r0 = syz_open_dev$binderN(&(0x7f0000000140), 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
r1 = syz_open_dev$binderN(&(0x7f0000000100), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f0000000800)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
dup2(r1, r0)
r2 = syz_open_dev$binderN(&(0x7f00000005c0), 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1800003, 0x12, r3, 0x0)
preadv(r3, &(0x7f0000000280), 0x18, 0xd9f, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x40046304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x44, 0x0, &(0x7f00000003c0)=[@transaction={0x40486311, {0x1, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x541000, 0x0})

[ 1978.805101] binder: BINDER_SET_CONTEXT_MGR already set
[ 1978.811237] binder: 11608:11612 ioctl 40046207 0 returned -16
[ 1978.828190] binder: 11608:11609 unknown command 0
[ 1978.836943] binder: 11608:11609 ioctl c0306201 20000200 returned -22
[ 1978.909488] binder: 11620:11625 unknown command 0
[ 1978.919913] binder: 11622:11624 unknown command 0
[ 1978.922752] binder: 11620:11625 ioctl c0306201 20000200 returned -22
[ 1978.935492] binder: 11622:11624 ioctl c0306201 20000200 returned -22
[ 1978.970135] binder: 11622:11624 unknown command 0
[ 1978.970564] binder: 11620:11625 unknown command 0
[ 1978.986748] binder: 11622:11624 ioctl c0306201 20000200 returned -22
[ 1978.996116] binder: 11620:11625 ioctl c0306201 20000200 returned -22
[ 1979.014037] binder_alloc: 11620: binder_alloc_buf size -344 failed, no address space
[ 1979.030582] binder_alloc: 11622: binder_alloc_buf size 158913789952 failed, no address space
[ 1979.034083] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1979.045645] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[ 1979.066479] binder: 11620:11625 ioctl c0306201 20000540 returned -14
[ 1979.085860] binder: BINDER_SET_CONTEXT_MGR already set
[ 1979.091933] binder: 11622:11624 ioctl 40046207 0 returned -16
[ 1979.096774] binder: 11622:11631 unknown command 0
[ 1979.107164] binder: BINDER_SET_CONTEXT_MGR already set
[ 1979.110192] binder: BINDER_SET_CONTEXT_MGR already set
[ 1979.118549] binder: 11620:11625 ioctl 40046207 0 returned -16
[ 1979.118667] binder: 11622:11633 unknown command 0
[ 1979.130721] binder: 11622:11632 ioctl 40046207 0 returned -16
[ 1979.133358] binder: 11622:11631 ioctl c0306201 20000200 returned -22
[ 1979.140279] binder: 11622:11633 ioctl c0306201 20000200 returned -22
[ 1979.151819] binder: BINDER_SET_CONTEXT_MGR already set
[ 1979.158783] binder: 11620:11637 ioctl c0306201 20000540 returned -14
[ 1979.171099] binder: 11620:11636 ioctl 40046207 0 returned -16
[ 1979.171149] binder: 11620:11635 unknown command 0
[ 1979.177846] binder: 11620:11625 unknown command 0
[ 1979.187486] binder: 11620:11625 ioctl c0306201 20000200 returned -22
[ 1979.190851] binder: 11620:11635 ioctl c0306201 20000200 returned -22
[ 1979.250755] binder: 11638:11639 unknown command 0
[ 1979.260254] binder: 11638:11639 ioctl c0306201 20000200 returned -22
[ 1979.289762] binder: 11638:11639 unknown command 0
[ 1979.300293] binder: 11638:11639 ioctl c0306201 20000200 returned -22
[ 1979.358851] binder: BINDER_SET_CONTEXT_MGR already set
[ 1979.368334] binder: 11638:11639 ioctl 40046207 0 returned -16
[ 1979.375106] binder: 11638:11644 unknown command 0
[ 1979.388524] binder: BINDER_SET_CONTEXT_MGR already set
[ 1979.395827] binder: 11638:11644 ioctl c0306201 20000200 returned -22
[ 1979.410743] binder: 11638:11646 unknown command 0
[ 1979.416476] binder: 11638:11645 ioctl 40046207 0 returned -16
[ 1979.428829] binder: 11638:11646 ioctl c0306201 20000200 returned -22
[ 2038.772771] ieee802154 phy1 wpan1: encryption failed: -22
[ 2100.213910] ieee802154 phy1 wpan1: encryption failed: -22
[ 2127.091750] INFO: task syz-executor.0:11560 blocked for more than 140 seconds.
[ 2127.100605]       Not tainted 4.19.194-syzkaller #0
[ 2127.106888] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2127.115468] syz-executor.0  D28104 11560   8135 0x00000004
[ 2127.121484] Call Trace:
[ 2127.124103]  __schedule+0x887/0x2040
[ 2127.128048]  ? io_schedule_timeout+0x140/0x140
[ 2127.132974]  ? perf_trace_lock_acquire+0x530/0x530
[ 2127.138388]  ? perf_trace_lock+0xe2/0x4b0
[ 2127.143924]  schedule+0x8d/0x1b0
[ 2127.147409]  schedule_timeout+0x92d/0xfe0
[ 2127.151962]  ? usleep_range+0x170/0x170
[ 2127.156111]  ? wait_for_common+0x294/0x470
[ 2127.160382]  ? lock_downgrade+0x720/0x720
[ 2127.164845]  ? lock_acquire+0x170/0x3c0
[ 2127.169244]  ? wait_for_common+0x9e/0x470
[ 2127.173738]  ? _raw_spin_unlock_irq+0x24/0x80
[ 2127.179154]  wait_for_common+0x29c/0x470
[ 2127.183400]  ? bit_wait_io_timeout+0x100/0x100
[ 2127.188084]  ? __mutex_unlock_slowpath+0xea/0x610
[ 2127.193166]  ? wake_up_q+0xe0/0xe0
[ 2127.196771]  ? check_flush_dependency+0x86/0x400
[ 2127.203225]  flush_workqueue+0x40b/0x13e0
[ 2127.207912]  ? uevent_store+0x70/0x70
[ 2127.211859]  ? check_flush_dependency+0x400/0x400
[ 2127.216760]  ? sock_shutdown+0x1d1/0x240
[ 2127.220929]  nbd_ioctl+0x75b/0xbe0
[ 2127.224706]  ? nbd_disconnect_and_put+0x190/0x190
[ 2127.229944]  ? wait_woken+0x250/0x250
[ 2127.234577]  ? __lock_acquire+0x6de/0x3ff0
[ 2127.239492]  ? nbd_disconnect_and_put+0x190/0x190
[ 2127.244558]  blkdev_ioctl+0x5cb/0x1a80
[ 2127.249130]  ? blkpg_ioctl+0x9d0/0x9d0
[ 2127.253885]  ? perf_trace_lock_acquire+0x530/0x530
[ 2127.258878]  ? perf_trace_lock+0xe2/0x4b0
[ 2127.263108]  ? perf_trace_lock_acquire+0x530/0x530
[ 2127.268284]  ? futex_exit_release+0x220/0x220
[ 2127.274090]  block_ioctl+0xe9/0x130
[ 2127.277881]  ? blkdev_fallocate+0x3f0/0x3f0
[ 2127.282601]  do_vfs_ioctl+0xcdb/0x12e0
[ 2127.286515]  ? lock_downgrade+0x720/0x720
[ 2127.291030]  ? check_preemption_disabled+0x41/0x280
[ 2127.296362]  ? ioctl_preallocate+0x200/0x200
[ 2127.300798]  ? __fget+0x356/0x510
[ 2127.305710]  ? do_dup2+0x450/0x450
[ 2127.309562]  ? __se_sys_futex+0x298/0x3b0
[ 2127.313956]  ksys_ioctl+0x9b/0xc0
[ 2127.317546]  __x64_sys_ioctl+0x6f/0xb0
[ 2127.321640]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[ 2127.326515]  do_syscall_64+0xf9/0x620
[ 2127.330423]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2127.335813] RIP: 0033:0x4665d9
[ 2127.339198] Code: 00 00 8b bb 24 01 00 00 41 89 f0 c1 e6 11 41 31 f0 89 fe 44 31 c7 41 c1 e8 07 41 31 f8 89 f7 c1 ee 10 44 31 c6 8d 04 37 49 89 <d0> 48 99 48 f7 f9 89 bb 20 01 00 00 89 b3 24 01 00 00 48 85 d2 74
[ 2127.359068] RSP: 002b:00007f460067b188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2127.367201] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[ 2127.375617] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007
[ 2127.383612] RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
[ 2127.391245] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
[ 2127.398994] R13: 00007ffd5bf8049f R14: 00007f460067b300 R15: 0000000000022000
[ 2127.408186] 
[ 2127.408186] Showing all locks held in the system:
[ 2127.414790] 1 lock held by khungtaskd/1568:
[ 2127.419467]  #0: 0000000079a6a466 (rcu_read_lock){....}, at: debug_show_all_locks+0x53/0x265
[ 2127.428537] 1 lock held by in:imklog/7820:
[ 2127.432962]  #0: 00000000db422fcd (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x26f/0x310
[ 2127.441080] 3 locks held by kworker/u5:2/8152:
[ 2127.445845]  #0: 00000000174b9b86 ((wq_completion)"knbd%d-recv"nbd->index){+.+.}, at: process_one_work+0x767/0x1570
[ 2127.456781]  #1: 00000000775f7723 ((work_completion)(&args->work)){+.+.}, at: process_one_work+0x79c/0x1570
[ 2127.467368]  #2: 000000008f52f9e0 (sk_lock-AF_AX25){+.+.}, at: ax25_recvmsg+0xbb/0x810
[ 2127.476582] 2 locks held by kworker/u4:6/9520:
[ 2127.481859]  #0: 0000000059cb8c15 (&rq->lock){-.-.}, at: pick_next_task_fair+0x556/0x1570
[ 2127.493074]  #1: 00000000014f7416 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}, at: process_one_work+0x79c/0x1570
[ 2127.505174] 
[ 2127.507670] =============================================
[ 2127.507670] 
[ 2127.514931] NMI backtrace for cpu 0
[ 2127.518690] CPU: 0 PID: 1568 Comm: khungtaskd Not tainted 4.19.194-syzkaller #0
[ 2127.526811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2127.536244] Call Trace:
[ 2127.538859]  dump_stack+0x1fc/0x2ef
[ 2127.542539]  nmi_cpu_backtrace.cold+0x63/0xa2
[ 2127.547168]  ? lapic_can_unplug_cpu+0x80/0x80
[ 2127.551779]  nmi_trigger_cpumask_backtrace+0x1a6/0x1f0
[ 2127.557268]  watchdog+0x991/0xe60
[ 2127.561273]  ? reset_hung_task_detector+0x30/0x30
[ 2127.566325]  kthread+0x33f/0x460
[ 2127.569814]  ? kthread_park+0x180/0x180
[ 2127.573817]  ret_from_fork+0x24/0x30
[ 2127.577854] Sending NMI from CPU 0 to CPUs 1:
[ 2127.583389] NMI backtrace for cpu 1
[ 2127.583396] CPU: 1 PID: 4694 Comm: systemd-journal Not tainted 4.19.194-syzkaller #0
[ 2127.583403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2127.583407] RIP: 0010:__hrtimer_next_event_base+0x30/0x260
[ 2127.583419] Code: ce 41 55 41 54 49 89 fc 55 89 d5 53 48 83 ec 28 48 89 34 24 e8 b1 7f 0e 00 31 ff 89 ee e8 18 81 0e 00 85 ed 0f 84 1b 01 00 00 <e8> 9b 7f 0e 00 89 e8 f3 48 0f bc c0 41 89 c5 0f b3 c5 89 c3 49 83
[ 2127.583424] RSP: 0018:ffff8880ba107eb0 EFLAGS: 00000002
[ 2127.583432] RAX: 0000000000010001 RBX: dffffc0000000000 RCX: ffffffff8153fa38
[ 2127.583438] RDX: 0000000000000007 RSI: ffff8880a0834600 RDI: 0000000000000005
[ 2127.583444] RBP: 0000000000000007 R08: 0000000000000001 R09: 0000000000000000
[ 2127.583449] R10: 0000000000000005 R11: ffffffff8c66205b R12: ffff8880ba124c80
[ 2127.583455] R13: 0000000000000000 R14: 7fffffffffffffff R15: ffff8880ba124cf0
[ 2127.583460] FS:  00007f1b491c68c0(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
[ 2127.583465] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2127.583470] CR2: 00007f1b46869018 CR3: 00000000a1433000 CR4: 00000000001426e0
[ 2127.583476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2127.583481] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2127.583485] Call Trace:
[ 2127.583488]  <IRQ>
[ 2127.583492]  hrtimer_interrupt+0x726/0x9e0
[ 2127.583496]  smp_apic_timer_interrupt+0x10c/0x550
[ 2127.583500]  apic_timer_interrupt+0xf/0x20
[ 2127.583504]  </IRQ>
[ 2127.583508] RIP: 0010:__sanitizer_cov_trace_pc+0x47/0x50
[ 2127.583520] Code: 90 60 13 00 00 83 fa 02 75 20 48 8b 88 68 13 00 00 8b 80 64 13 00 00 48 8b 11 48 83 c2 01 48 39 d0 76 07 48 89 34 d1 48 89 11 <c3> 0f 1f 84 00 00 00 00 00 49 89 f1 49 89 fa 65 48 8b 34 25 80 df
[ 2127.583524] RSP: 0018:ffff8880a083f908 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
[ 2127.583534] RAX: ffff8880a0834600 RBX: ffff8880a083fa70 RCX: ffffffff81a60626
[ 2127.583539] RDX: 0000000000000000 RSI: ffffffff81a60809 RDI: 0000000000000005
[ 2127.583545] RBP: ffff8880a083fc38 R08: 0000000000000000 R09: 0000000000000000
[ 2127.583551] R10: 0000000000000005 R11: 0000000000000000 R12: ffff88808e6b38c0
[ 2127.583556] R13: 1ffff11014107f2a R14: 00000000fffffffe R15: ffff8880a083fa40
[ 2127.583560]  ? lookup_fast+0x306/0x1080
[ 2127.583564]  ? lookup_fast+0x4e9/0x1080
[ 2127.583568]  lookup_fast+0x4e9/0x1080
[ 2127.583572]  ? follow_managed+0xbc0/0xbc0
[ 2127.583577]  ? perf_trace_lock_acquire+0x530/0x530
[ 2127.583581]  ? perf_trace_lock+0xe2/0x4b0
[ 2127.583585]  ? mark_held_locks+0xf0/0xf0
[ 2127.583589]  walk_component+0xde/0xda0
[ 2127.583593]  ? lookup_fast+0x1080/0x1080
[ 2127.583597]  ? lock_downgrade+0x720/0x720
[ 2127.583601]  ? generic_permission+0x116/0x4d0
[ 2127.583605]  ? security_inode_permission+0xc5/0xf0
[ 2127.583610]  ? inode_permission.part.0+0x10c/0x450
[ 2127.583614]  link_path_walk.part.0+0x901/0x1230
[ 2127.583618]  ? walk_component+0xda0/0xda0
[ 2127.583622]  path_parentat+0x51/0x140
[ 2127.583626]  filename_parentat+0x198/0x590
[ 2127.583630]  ? getname+0x20/0x20
[ 2127.583634]  ? cache_alloc_refill+0x2f8/0x340
[ 2127.583639]  ? do_raw_spin_lock+0xcb/0x220
[ 2127.583643]  ? do_raw_spin_unlock+0x171/0x230
[ 2127.583647]  filename_create+0x9e/0x490
[ 2127.583651]  ? kern_path_mountpoint+0x40/0x40
[ 2127.583655]  ? strncpy_from_user+0x2a2/0x350
[ 2127.583659]  ? getname_flags+0x25b/0x590
[ 2127.583663]  do_mkdirat+0xa0/0x2d0
[ 2127.583667]  ? __ia32_sys_mknod+0x120/0x120
[ 2127.583672]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 2127.583677]  ? trace_hardirqs_off_caller+0x6e/0x210
[ 2127.583681]  ? do_syscall_64+0x21/0x620
[ 2127.583685]  do_syscall_64+0xf9/0x620
[ 2127.583689]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2127.583693] RIP: 0033:0x7f1b48481687
[ 2127.583704] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48
[ 2127.583709] RSP: 002b:00007ffc0cc63788 EFLAGS: 00000293 ORIG_RAX: 0000000000000053
[ 2127.583718] RAX: ffffffffffffffda RBX: 00007ffc0cc666a0 RCX: 00007f1b48481687
[ 2127.583724] RDX: 00007f1b48ef2a00 RSI: 00000000000001ed RDI: 000056366f60a8a0
[ 2127.583729] RBP: 00007ffc0cc637c0 R08: 0000000000000000 R09: 0000000000000000
[ 2127.583735] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000
[ 2127.583740] R13: 0000000000000000 R14: 00007ffc0cc666a0 R15: 00007ffc0cc63cb0
[ 2127.584731] Kernel panic - not syncing: hung_task: blocked tasks
[ 2128.021134] CPU: 0 PID: 1568 Comm: khungtaskd Not tainted 4.19.194-syzkaller #0
[ 2128.028904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2128.038688] Call Trace:
[ 2128.041437]  dump_stack+0x1fc/0x2ef
[ 2128.045182]  panic+0x26a/0x50e
[ 2128.048482]  ? __warn_printk+0xf3/0xf3
[ 2128.052476]  ? lapic_can_unplug_cpu+0x80/0x80
[ 2128.057302]  ? ___preempt_schedule+0x16/0x18
[ 2128.061923]  ? watchdog+0x991/0xe60
[ 2128.065653]  ? nmi_trigger_cpumask_backtrace+0x15e/0x1f0
[ 2128.071319]  watchdog+0x9a2/0xe60
[ 2128.075376]  ? reset_hung_task_detector+0x30/0x30
[ 2128.080271]  kthread+0x33f/0x460
[ 2128.083994]  ? kthread_park+0x180/0x180
[ 2128.088172]  ret_from_fork+0x24/0x30
[ 2128.093032] Kernel Offset: disabled
[ 2128.096778] Rebooting in 86400 seconds..